Domain 6

Question 1

__ attack starts with a dictionary attack and then adds characters e.g. camel1, camel2.. Camel99, etc.

Answer 1

Incremental attack

Question 2

__ box testing is a software testing method that uses internal algorithms and information to conduct the test e.g. source code review.

Answer 2

white box

Question 3

__ fingerprinting is read-only, inspecting packets passively on the wire or via a pcap file.

Answer 3

Passive e.g. uses TTLs, IPIDs, sequence numbers or even layer 7 packet data to determine system details e.g. p0f -s capture.pcap

Question 4

__ fingerprinting sends network traffic to determine OS and service version. __ is one of the best fingerprinting tools.

Answer 4

Active, Nmap e.g. nmap -A 10.20.30.2

Question 5

__ involve intentionally sending end users suspicious, yet harmless, emails with the primary goal of increasing the organization’s security posture rather than shaming or punishing end users.

Answer 5

Phishing campaigns

Question 6

__ involves overtly looking for potential security weaknesses. In other words you are validating and trying to find faults or break systems, what is this called?

Answer 6

security testing

Question 7

__ testing begins with no inside knowledge of the application e.g. can be used against compiled code with no access to the source.

Answer 7

black box

Question 8

A __ analyzes the entire network from the inside and tries to find weaknesses and gives a complete list of risks against critical assets.

Answer 8

security assessment

Question 9

A __ attack is initiated by the attacker against a listening service. For example in a TCP __ attack the initial SYN is sent by the attacker.

Answer 9

server-side attack aka service-side attack

Question 10

A __ intercepts web data in real time and is the primary tool in performing dynamic web application penetration testing. This tool can be removed once testing is complete.

Answer 10

HTTP interception proxy

Question 11

A full knowledge test is a __ test.

Answer 11

white box

Question 12

A partial knowledge test is a __ test.

Answer 12

gray box

Question 13

A __ says ‘IIS 7.5 running on port 80’. A __ gives more specific details about libraries, configurations and vulnerabilities that exist on the system eg ‘has XYZ libraries installed which are out-of-date and vulnerable to a buffer overflow attack. It is like a port scanner on steroids.

Answer 13

port scanner, vulnerability scanner

Question 14

A zero knowledge test is a __ test.

Answer 14

black box

Question 15

Describe the steps of the Server-side Exploitation Process aka ‘attack or kill chain’

Answer 15

“1 reconnaissance, 2 host discovery, 3 port scan, 4 OS & service fingerprinting, 5 vulnerability scan, 6 exploitation
‘Refer to ‘Server-side Exploitation Process - D6 pg 16’”

Question 16

Fuzzing sends unexpected output to computer programs and is usually used in __ testing.

Answer 16

black box

Question 17

How many total ports are there for TCP? For UDP?

Answer 17

same for each, 0-65535 so 65536 total for TCP and 65536 total for UDP

Question 18

If a penetration tester is performing host enumeration from the same Layer 2 network, what is the most efficient way to discover hosts on that network?

Answer 18

ARP. Would normally use ICMP for host discovery but since it says layer 2 and most efficient, use ARP.

Question 19

Name 3 examples of attacking tools and frameworks

Answer 19

Metasploit Framework (metasploit.com), Core Impact (coresecurity.com), Immunity Canvas (imunitysec.com)

Question 20

Password cracking is __ box testing where you have access to the password hashes and can run through them without being locked out.

Answer 20

white box testing

Question 21

Password guessing is __ box testing where it is easy to get to the login interface to guess a password but lockouts or delays are usually triggered.

Answer 21

black box testing

Question 22

Static analysis can be considered what type of testing?

Answer 22

white box

Question 23

The __ specifically calls out a number of security processes that need to be assessed: account mgmt processes, backup/recovery verification, log review process, security training and awareness, disaster recovery and business continuity

Answer 23

CIB (CISSP Information Bulletin)

Question 24

This can also be referred to as ethical hacking or red team testing.

Answer 24

Pen Test (Penetration Test)

Question 25

This is a well-known open source port scanner.

Answer 25

Nmap

Question 26

This is a white box testing approach that attempts to discover security vulnerabilities by inspecting the source code of a target application.

Answer 26

source code review. Typically safer/quicker/cheaper than black box test like fuzzing which is more expensive/higher risk/not as comprehensive

Question 27

This type of attack is where the victim initiates traffic often by clicking on a link in email or on the web.

Answer 27

client-side attack

Question 28

When someone is analyzing your configuration files, interviewing you about your security, asking what the risks are this is __.

Answer 28

security assessment

Question 29

With access to the source code what type of testing can be performed?

Answer 29

Static analysis