Fiankl

Question 1

What is the CIA triad?

Answer 1

Confidentiality (prevent unauthroized access to information or systems)

Integrity (prevent unauthroized modification of information or systems)

Availability (ensure use of information and systems is possible)

Question 2

What is the DAD triad?

Answer 2

Disclosure (gain unauthorized access)

Alteration (make unauthorized changes)

Denial (prevent legit use of systems and info)

Question 3

What are the four stages of the CompTIA Penetration
Test?

Answer 3

Planning and
Scoping

Information
Gathering and
Vulnerability
Scanning

Attacking and
Exploiting

Reporting and
Communicating
Results

Question 4

What are the steps in The Cyber Kill Chain?

Answer 4

Reconnaissance.
(
Weaponization.
(
Delivery.
(
Exploitation.
(
Installation.
(
Command and control.
(
Actions on Objectives.
(

Question 5

What is Reconnaissance in the cyber kill chain?

Answer 5

(Attackers gather open source intelligence and conduct initial scans of target environment

Question 6

What is Weaponization in the cyber kill chain?

Answer 6

Attackers develop a specific
attack tool designed to exploit the vulnerabilities identified during reconnaissance.

Question 7

What is Delivery in the cyber kill chain?

Answer 7

Attackers next must deliver that malware to the target. (Network vuln, social enginnering, infected USB, sending as email attachment,

Question 8

What is Exploitation in the cyber kill chain?

Answer 8

The malware gains access to the targeted system. Victim opens a malicious file or when the attacker exploits a vulnerability over the network or otherwise gains a foothold on the target

Question 9

What is Installation in the cyber kill chain?

Answer 9

The attacker uses the
initial access provided by the malware to establish permanent, or persistent, access to the
target system. (Making a backdoor

Question 10

What is Command and Control in the cyber kill chain?

Answer 10

After getting permanent access the attacker may use a remote shell or other means to control the system.

They can control it manually or may connect an automated command-and-control (C2C) network that provides it with instructions.

Question 10

Tom is running a penetration test in a web application and discovers a flaw that allows
him to shut down the web server remotely.

What goal of penetration testing has Tom most
directly achieved?
A. Disclosure
B. Integrity
C. Alteration
D. Denial

Answer 10

D. Denial

Question 10

What is Actions on Objectives in the cyber kill chain?

Answer 10

Attacker uses the system to advance the original objectives of their attack. (theft, use of resources, mine crypto, modification or deletion of information.

Question 11

Brian ran a penetration test against a school’s grading system and discovered a flaw that
would allow students to alter their grades by exploiting a SQL injection vulnerability.

What
type of control should he recommend to the school’s cybersecurity team to prevent students
from engaging in this type of activity?

A. Confidentiality
B. Integrity
C. Alteration
D. Availability

Answer 11

B. Integrity

Question 11

Assuming no significant changes in an organization’s cardholder data environment, how
often does PCI DSS require that a merchant accepting credit cards conduct penetration testing?
A. Monthly
B. Semiannually
C. Annually
D. Biannually

Answer 11

C. Annually
(or after any significant change in the cardholder data environment)

Question 11

Which one of the following is not a benefit of using an internal penetration testing team?
A. Contextual knowledge
B. Cost
C. Subject matter expertise
D. Independence

Answer 11

D. Independence

Question 11

Edward Snowden gathered a massive quantity of sensitive information from the National
Security Agency and released it to the media without permission.

What type of attack
did he wage?
A. Disclosure
B. Denial
C. Alteration
D. Availability

Answer 11

A. Disclosure

Question 12

Beth recently conducted a phishing attack against a penetration testing target in an attempt
to gather credentials that she might use in later attacks. What stage of the penetration testing
process is Beth in?

Answer 12

Attacking and Exploiting (she is conducting an
active social engineering attack.

Question 13

Rich recently got into trouble with a client for using an attack tool during a penetration
test that caused a system outage. During what stage of the penetration testing process
should Rich and his clients have agreed on the tools and techniques that he would use during the test?
A. Planning and Scoping
B. Information Gathering and Vulnerability Scanning
C. Attacking and Exploiting
D. Reporting and Communication Results

Answer 13

A. Planning and Scoping

Question 13

Which one of the following steps of the Cyber Kill Chain does not map to the Attacking and
Exploiting stage of the penetration testing process?
A. Weaponization
B. Reconnaissance
C. Installation
D. Actions on Objective

Answer 13

B. Reconnaissance

Question 14

Which one of the following security assessment tools is not commonly used during the
Information Gathering and Vulnerability Scanning phase of a penetration test?
A. Nmap
B. Nessus
C. Metasploit
D. Nslookup

Answer 14

C. Metasploit
(exploitation framework , suited for Attacking and Exploiting phase

Question 14

Which one of the following is not an open source intelligence gathering tool?
A. WHOIS
B. Nslookup
C. Nessus
D. FOCA

Answer 14

C. Nessus (commercial vulnerability scanner)

FOCA (harvests information from files)

Question 14

During what phase of the Cyber Kill Chain does an attacker steal information, use computing resources, or alter information without permission?

Answer 14

C. Actions on Objectives

Question 15

What does pwd do in Linux?

Answer 15

Shows the current directory you are working in

Question 15

What vulnerability scanner is specifically designed to test the security
of web applications against a wide variety of attacks?

Answer 15

Nikto

Question 15

Grace is investigating a security incident where the attackers left USB drives containing
infected files in the parking lot of an office building. What stage in the Cyber Kill Chain
describes this action?

Answer 15

C. Delivery

Question 16

What do these mean and what do they translate to in numbers

1. Rwx-rw-r 2. Rw–wx-r–

Answer 16

1. Rwx-rw-r

User can read write and execute
Group can read and write
Others can only read
761

2. Rw–wx-r–

User can read and write
Group can write and execute
USer can only read
634

r = 4
w =2
x =1

Question 16

Which one of the following tools is an exploitation framework commonly used by penetration testers?
A. Metasploit
B. Wireshark
C. Aircrack-ng
D. SET

Answer 16

A. Metasploit

Question 16

How would you run a network scan on the 192.168.68.1 IP?

Answer 16

nmap 192.168.68.1 Network

Question 17

What does ls and ls -l do in Linux?

Answer 17

Lists the contents of the folder you are working in. -l shows all files in those directories. and their permissions

Question 17

6. What is the name of the exploitation framework created by H.D. Moore?

Answer 17

Metaspolit

Question 18

What is the command used to change the password to the kali account?

Answer 18

passwd kali (enter current, enter new)

Question 18

What is the absolute path for the location of the wordlists collection in Kali Linux?

Answer 18

/usr/share/wordlists

Question 19

10. Where is the Windows version of Netcat stored in Kali Linux?

Answer 19

/usr/share/windows-binaries

Question 20

What is an Advanced Persistent Threat APT?

Answer 20

A threat actor that is sophisticated, well-resourced, and motivated.

Question 21

Which of the phases of the Cyber Kill Chain is the most difficult to detect by defenders

Answer 21

Reconaissance is the most difficult phase to detect by defenders, an adversary doing recon is usually not harmful or obvious to a defender. Identifying employees, emails, and internet servers likely won’t ping any safety alarms for a defending company.

Question 22

What is a “zero day” exploit?

Answer 22

A zero day exploit is an exploit or flaw in a system that is unknown to the defenders of that system

Question 23

At what percentage rate is the penetration testing industry growing annually?

Answer 23

23.7%

Question 24

What type of an attack would an email address and phone number be used for?

Answer 24

Phishing attack

Question 25

Who is the creator of Nmap and what is his hacker handle?

Answer 25

Gordon Lyon, Fyodor

Question 26

What is the command switch used to run a “ping sweep” in Nmap? What is a ping sweep?

Answer 26

-sP
A ping sweep is a network scanning technique to identify active devices on a network by pinging a range of IP addresses.

Question 27

What is the purpose of the -sL command switch in Nmap?

Answer 27

Does a DNS lookup for each IP “scanned” without doing any scanning.

Question 28

How many UDP & TCP ports are on a system running TCP/IP?

Answer 28

65,535

Question 29

11. What is one port you would scan a network for if you were trying to find Linux hosts specifically?

Answer 29

443

Question 30

Why would a port show as filtered in Nmap?

Answer 30

A firewall blocked the connection

Question 31

If a TCP port shows as closed in Nmap, what packet response did Nmap receive from the scanned target?

Answer 31

The service is not running

Question 32

What is the command switch you would use to scan for UDP ports in nmap?

Answer 32

-sU

Question 33

What would the Nmap command be if you wanted to scan the 10.10.0.0/16 range for the presence of FTP servers and only show open ports?

Answer 33

10.10.0.0/16 –open

Question 34

What is the command switch to run a Nmap service scan? What is a service scan?

Answer 34

-sV

It conducts more tests against open ports to determine what kind of service is running along with it.

Question 35

What does the RCE acronym stand for? What does it mean?

Answer 35

Remote Code Execution, a hacker can execute whatever commands they want on a victim’s machine.

Question 36

Which notorious malware worm added the exploit for MS08-67 to its collection of methods for spreading to different systems? How else did it spread?

Answer 36

Conficker

USB drive infections, scanning file shares, and dictionary attacks

Question 37

What exploit code was stolen by Shadow Brokers from the NSA?

Answer 37

EternalBlue

Question 38

What is the name of the significant worm that used the NSA exploit stolen by the Shadow Brokers

Answer 38

WannaCry

Question 39

What does the curl command do?

Answer 39

It forces a browser to display the page and all of its details.

Question 40

What term describes a document created to define project-specific activities, deliverables, and
timelines based on an existing contract?

Answer 40

SOW ( Statement of work)

Question 41

What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?

Answer 41

An NDA

Question 42

Elaine wants to ensure that the limitations of her red-team penetration test are fully
explained. Which of the following are valid disclaimers for her agreement? (Choose two.)
A. Risk tolerance
B. Point-in-time
C. Comprehensiveness
D. Impact tolerance

Answer 42

B. Point-in-time
C. Comprehensiveness

Question 43

Jen wants to conduct a penetration test and includes mobile application testing. Which standard or methodology is most likely to be useful for her efforts?

Answer 43

B. OWASP (Open Worldwide Application Security Project)

Question 44

What type of assessment most closely simulates an actual attacker’s efforts?

A. A red-team assessment with a zero knowledge strategy
B. A goals-based assessment with a full knowledge strategy
C. A red-team assessment with a full knowledge strategy
D. A compliance-based assessment with a zero knowledge strategy

Answer 44

A. A red-team assessment with a zero knowledge strategy

Question 45

What is nmap scan -sT?

Answer 45

TCP connect “full connect”
(Used when an underprivileged account is the tester’s only option)

Question 46

What provides information about a domain’s registrar and
physical location?

Answer 46

WHOIS

Question 47

Mike recovers a binary executable file that he
wants to quickly analyze for useful information. What will quickly give him
a view of potentially useful information in the binary?

Answer 47

strings
(parses a file for strings of text and outputs them)

Question 48

What does a result of * * * mean during a traceroute?

Answer 48

There is no response to the query, perhaps a timeout, but traffic is going through.

Question 49

What is nmap scan -sS?

Answer 49

TCP SYN scan, fast scan that tends to work through most firewalls

Question 50

What is nmap scan -p

Answer 50

Specifies a port range 1-65535

Question 51

What is nmap scan -sA and what does it do?

Answer 51

TCP ACK scan

used to identify ports or hosts that may be filtered and resistant to any other form of scanning

Question 52

What is Mimikatz?

Answer 52

A program for extracting passwords, hashes, PINs, from Windows memory.

Question 53

Wireshark?

Answer 53

Packet sniffer and analysis tool

Question 54

Nessus?

Answer 54

Vulnerability scanner

Question 55

Hydra?

Answer 55

Login cracker, used for brute-force password attacks

Question 56

Netcat?

Answer 56

Used for reading from and writing to network connections using TCP OR UDP

Question 57

Telnet?

Answer 57

An application network protocol that enables user communication with a remote computer via a text-based interface

Question 58

John the Ripper

Answer 58

Password cracking tool

Question 59

What tool can white-box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?

Answer 59

Asset inventory

Question 60

Sarah is conducting a penetration test and discovers a critical vulnerability in an application.
What should she do next?

Answer 60

Consult the SOW (Statement of Work)