Scripting for Penetration Testing

Question 1

Which of the following operating systems support PowerShell interpreters?

a. Linux
b. Mac
c. Windows
d. All of the above

Answer 1

d. PowerShell interpreters are available on all major platforms, including Windows, macOS, and many popular Linux variants.

Question 2

Examine the following line of code. In what programming language might it be written? print (“The system contains several serious vulnerabilities.”);

a. Ruby
b. PowerShell
c. Bash
d. Perl

Answer 2

d. As you prepare for the exam, you should be able to identify the programming language used in code snippets. The print command is used to generate output in Python and Perl. Of these, only Perl is listed as a possible answer choice.

Question 3

Examine the following line of code. In what programming language is it written? Write-Host “The system contains several serious vulnerabilities.”

a. Perl
b. PowerShell
c. Javascript
d. Python

Answer 3

b. As you prepare for the exam, you should be able to identify the programming language used in code snippets. The Write-Host command is used to generate output in PowerShell.

Question 4

Which one of the following statements does not correctly describe the Ruby programming language?

a. It is a general-purpose programming language
b. It is an interpreted language
c. It uses scripts
d. It is a compiled language

Answer 4

d. Ruby is a general purpose programming language. It is an interpreted language that uses scripts, rather than a compiled language that uses source code to generate executable files.

Question 5

Which one of the following commands will allow the file owner to execute a Bash script?

a. chmod o+e script.sh
b. chmod o+x script.sh
c. chmod u+e script.sh
d. chmod u+x script.sh

Answer 5

d. You must set the user (owner) bit to execute (x) to allow the execution of a Bash script. The chmod u+x command performs this task.

Question 6

Which one of the following PowerShell execution policies allows the execution of any PowerShell script that you write on the local machine but requires that scripts downloaded from the Internet be signed by a trusted publisher?

a. Bypass
b. Unrestricted
c. RemoteSigned
d. AllSigned

Answer 6

c. The RemoteSigned policy allows the execution of any PowerShell script that you write on the local machine but requires that scripts downloaded from the Internet be signed by a trusted publisher.

Question 7

Which one of the following lines of code would create an array in a PoweShell script?

a. $ports = 22, 25, 80, 443
b. ports = (22,25,80,443)
c. ports = [22,25,80,443]
d. $ports = [22,25,80,443]

Answer 7

a. PowerShell requires the use of the $ before an array name in an assignment operation. The elements of the array are then provided as a comma-separated list. Option b would work in Bash, and option c would work in Ruby or Python.

Question 8

What comparison operator tests for equality in Ruby?

a. -eq
b. -ne
c. ==
d. !=

Answer 8

c. The == operator tests for equality in Ruby, Python, JavaScript, and for numeric comparisons in Perl. The != operator tests for inequality in those languages. The -eq operator tests for equality in Bash and PowerShell, and the -ne operator tests for inequality in those languages.

Question 9

What value would be used to encode a space in a URL string?

a. %20
b. %21
c. %22
d. %23

Answer 9

a. The %20 value is used to URL encode spaces using the percent encoding scheme.

Question 10

Examine this code snippet. In what language is this code written?

begin
system ‘nmap ‘ + ip
rescue
puts ‘An error occurred.’
end

a. Python
b. PowerShell
c. Ruby
d. Bash

Answer 10

c. Among other characteristics, the rescue keyword for error handling is unique to Ruby.

Question 11

Which of the following pairs of languages allow the direct concatenation of a string and an integer?

a. Python and Bash
b. Bash and PowerShell
c. Python and Ruby
d. Ruby and PowerShell

Answer 11

b. Bash and PowerShell allow the direct concatenation of strings and numeric values. Ruby and Python require the explicit conversion of numeric values to strings prior to concatenation/

Question 12

What is the limit to the number of elsif clauses in a Ruby script?

a. 1
b. 2
c. 10
d. No limit

Answer 12

d. There is no limit to the number of elsif clauses that may be included in a Ruby script.

Question 13

Consider the following Python code:

if 1 == 1:
print(“hello”)
elif 3 == 3:
print(“hello”)
else:
print(“hello”)

How many times will this code print the word “hello”?

a. 0
b. 1
c. 2
d. 3

Answer 13

b. When using conditional execution, only one clause is executed. In this case, the code following the if clause will execute, making it impossible for the elif or else clause to execute.

Question 14

Analyze the following segment of code:

Do {
$test=’mike’ + $i
$cracked = Test-Password $test
$i++
}
While ($cracked -e1 0)

In what language is this code written?

a. Ruby
b. PowerShell
c. Python
d. Bash

Answer 14

b. Use the flowchart in Figure 12.6 to answer this question. The code contains a Do statement, so it is written in PowerShell.

Question 15

Analyze the following segment of code:

if [ $weekday==1 ]
then
/usr/local/bin/nmap 192.168.1.1

elif [ $weekday==3 ]
then
/usr/local/bin/nmap 192.168.1.2

else
/usr/local/bin/nmap 192.168.1.0/24
fi

In what language is this code written?

a. Ruby
b. PowerShell
c. Python
d. Bash

Answer 15

d. Use the flowchart in Figure 12.4 to answer this question. The code contains an fi statement, so it is written in Bash.

Question 16

Analyze the following segment of code:
for hst in range(0,256):
ip= net + str(hst)
print(ip, ‘: ‘, socket.gethostbyaddr(ip), ‘\n’)

In what language is this code written?

a. Ruby
b. PowerShell
c. Python
d. Bash

Answer 16

c. Use the flowchart in Figure 12.5 to answer this question. The code contains colons, so it is written in Python.

Question 17

What Unix command can you use to listen for input on a network port?

a. grep
b. sed
c. awk
d. nc

Answer 17

d. The nc command allows you to open a network port for listening and then direct the input received on that port to a file or executable.

Question 18

Which one of the following programming languages does not offer a built-in robust error-handling capability?

a. PowerShell
b. Python
c. Ruby
d. Bash

Answer 18

d. PowerShell, Python, and Ruby all support variants of the try..catch clause. Bash does not provide a built-in error-handling capability.

Question 19

What value would be used to encode an ampersand in a URL string?

a. %24
b. %25
c. %26
d. %27

Answer 19

c. The %26 value is used to URL-encode ampersands using the percent encoding scheme.

Question 20

What comparison operator tests to see if one number is greater than or equal to another number in Bash?

a. -gt
b. -ge
c. >
d. >=

Answer 20

b. The -ge operator tests whether one value is greater than or equal to another value in Bash and PowerShell, whereas the -gt operator tests whether one value is strictly greater than the other. The >= and > operators are used in Ruby, Perl, and Python for the same purposes.