FORMATIVE 3 Flashcards
(25 cards)
Which two tools could be used to gather DNS information passively? (Choose two.)
Recon-ng
Dig
Wireshark
Nmap
ExifTool
Recon-ng
Dig
When performing passive reconnaissance, which Linux command can be used to identify the technical and administrative contacts of a given domain?
netstat
dig
whois
nmap
whois
Which specification defines the format used by image and sound files to capture metadata?
Exchangeable Image File Format (Exif)
Extensible Image File Format (Exif)
Exchangeable File Format (EFF)
Interchangeable File Format (IFF)
Exchangeable Image File Format (Exif)
Why would a penetration tester perform a passive reconnaissance scan instead of an active one?
to collect information about a network without being detected
because the time to perform the scan is limited
because the root-level SSH credentials to a target have been compromised
to test whether specific services or protocols are available on the network
to collect information about a network without being detected
What type of server is a penetration tester enumerating when they enter the nmap -sU command?
DNS, SNMP, or DHCP server
HTTP or HTTPS server
POP3, IMAP, or SMTP server
FTP server
DNS, SNMP, or DHCP server
What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test?
Vulnerability of services running inside the target may not be detected.
The scanner will report the port as open whether or not the service on that network segment is listening or not.
Unauthenticated scans are more likely to provide a lower rate of false positives than authenticated scans.
Unauthenticated scans are a form of passive reconnaissance that return little useful information.
Vulnerability of services running inside the target may not be detected.
What is required for a penetration tester to conduct a comprehensive authenticated scan against a Linux host?
user credentials with root-level access to the target system
system user credentials
physical on-premises access to the target system
unauthenticated scans are a form of passive reconnaissance that return little useful information.
backdoor access to the target system
user credentials with root-level access to the target system
In which circumstance would a penetration tester perform an unauthenticated scan of a target?
when user credentials were not provided
when the number of false positive vulnerability reports is not required
when time is limited and faster scans are required
when only targets with UDP services are to be scanned
when user credentials were not provided
Why would a penetration tester use the nmap -sF command?
when a TCP SYN scan is detected by a network filter or firewall
when the tester wants to conclude the scan
when a TCP SYN scan reports more than one open port
when the tester needs to time stamp the scan
when a TCP SYN scan is detected by a network filter or firewall
What is the purpose of host enumeration when beginning a penetration test?
to identify all active IP addresses within the scope of the test
to count the total number of IP addresses within the scope of the test
to identify all vulnerable hosts within the scope of the test
to count the total number of vulnerable hosts within the scope of the test
to identify all active IP addresses within the scope of the test
What can be deduced when a tester enters the nmap -sF command to perform a TCP FIN scan and the target host port does not respond?
that the port is not responding to TCP traffic
that the port is listening for UDP traffic
that the port is open
that the port is not ready to close the TCP connection
that the port is open
What is the disadvantage of running a TCP Connect scan compared to running a TCP SYN scan during a penetration test?
Both open and closed ports are detected.
Indeterminate ICMP messages are generated.
Hosts and addresses outside the scope of the test may be scanned.
The extra packets required may trigger an IDS alarm.
The extra packets required may trigger an IDS alarm.
When a penetration test identifies a vulnerability, how should the vulnerability be further verified?
determine if the vulnerability is exploitable
prioritize the
vulnerability severity
assess the business risk associated with the vulnerability
mitigate the vulnerability
determine if the vulnerability is exploitable
Why is the Common Vulnerabilities and Exposures (CVE) resource useful when investigating vulnerabilities detected by a penetration test?
It is a high level list of software weaknesses.
It is an international consolidation of cybersecurity tools and databases.
It has three vulnerability score components.
It is a dictionary of known attacks.
It is an international consolidation of cybersecurity tools and databases
What is the purpose of applying the Common Vulnerability Scoring System (CVSS) to a vulnerability detected by a penetration test?
to determine the priority of the vulnerability
to determine the attack vector that applies to the vulnerability
to accurately record how the vulnerability was detected
to calculate the severity of the vulnerability
to calculate the severity of the vulnerability
A threat actor is looking at the IT and technical job postings of a target organization. What would be the most beneficial information to capture from these postings?
the type of hardware and software used
the salaries of the positions listed
the hours of work required by the roles listed
the employment benefits offered by the company
the type of hardware and software used
How is open-source intelligence (OSINT) gathering typically implemented during a penetration test?
by using public internet searches
by installing and running the OSINT API
by sending phishing emails
by using nmap for web page and web application enumerations
by using public internet searches
What initial information can be obtained when performing user enumeration in a penetration test?
the IP addresses of the target hosts
a valid list of users
the credentials of a specified user
access to the target internal network
a valid list of users
What useful information can be obtained by running a network share enumeration scan during a penetration test?
systems on a network that are sharing files, folders, and printers
the usernames and password credentials of users on the network
all vulnerable hosts on the network
lists of the attack vectors that can exploit the network
systems on a network that are sharing files, folders, and printers
A penetration tester must run a vulnerability scan against a target. What is the benefit of running an authenticated scan instead of an unauthenticated scan?
Authenticated scans can provide a more detailed picture of the target attack surface.
Authenticated scans are a form of passive reconnaissance that does not trigger target security alarms.
Authenticated scans are performed without user credentials.
Authenticated scans are less complex and are quicker than unauthenticated scans.
Authenticated scans can provide a more detailed picture of the target attack surface.
- What are three considerations when planning a vulnerability scan on a target production network during a penetration test? (Choose three.)
the timing of the scan
the trained personnel available to analyze the scan results
the available network bandwidth
the network topology
authenticated scans are less complex and are quicker than unauthenticated scans
the available scanning tools
the scan reporting requirement
the timing of the scan
the available network bandwidth
the network topology
When performing a vulnerability scan of a target, how can adverse impacts on traversed devices be minimized?
Unauthenticated vulnerability scans should be performed.
Only passive reconnaissance scans should be performed.
The scan should be performed as close to the target as possible.
Scanning policy options should include query throttling.
The scan should be performed as close to the target as possible
A company hires a cybersecurity consultant to conduct a penetration test to assess vulnerabilities in network systems. The consultant is preparing the final report to send to the company. What is an important feature of a final penetration test report?
It gives an accurate presentation of vulnerabilities.
It follows expected report presentation standards and style.
It is a summary of general information so non-technical managers can understand it.
It is made publicly available to all interested parties.
It gives an accurate presentation of vulnerabilities
What is the advantage of using the target Wi-Fi network for reconnaissance packet inspection?
The packet scan takes less time wirelessly compared to using the target wired network.
More information can be captured wirelessly compared to using the target wired network.
Fewer false positive vulnerabilities are detected.
Physical access to the building may not be required.
Physical access to the building may not be required.
