Unit Tests

Question 1

Which of the following tools are commonly used in penetration testing to identify and exploit network and application vulnerabilities? Select all that apply.

Answer 1

Metasploit Framework,
Nikto

Question 2

What is DNS enumeration primarily used for in penetration testing?

Answer 2

To gather information about DNS names and their corresponding IP addresses

Question 3

What does the nslookup tool do?

Answer 3

Provides information about DNS records for a specific domain

Question 4

In DNS enumeration, what is a ‘Zone Transfer’?

Answer 4

An unauthorized attempt to copy all the DNS records from a server

Question 5

What is the primary use of Gobuster during a penetration test?

Answer 5

To scan for hidden directories and files on a web server

Question 6

Which tool would you use to browse the internet from the command line, useful for information gathering?

Answer 6

Lynx

Question 7

Which of the following tools are not useful for enumerating shared directories and Samba systems?

Answer 7

SambaScan,
nikto

Question 8

OSINT

Answer 8

Open Source Intelligence - used for gathering publicly available information

Question 9

What is the purpose of using the Exif tool?

Answer 9

To extract metadata from files, which can include geolocation, camera details, and software used.

Question 10

What type of information can Google dorking directly provide?

Answer 10

Server vulnerabilities

Sensitive directories or vulnerable access points on a web server

Specific file types and their locations

Question 11

What command would you use to extract Exif data from an image named ‘photo.jpg’ using the Exif tool?

Answer 11

exiftool photo.jpg

Question 12

What is the primary purpose of Lynx in the context of OSINT?

Answer 12

To serve as a text-based web browser for accessing information on websites without graphical content

Question 13

Identify the correct syntax to use Gobuster for directory enumeration on a website (loan.atlas.local) using the common wordlist.

Answer 13

gobuster -u http://loan.atlas.local -w wordlist.txt

Question 14

In the context of penetration testing, what is the significance of a DNS zone transfer?

Answer 14

It can expose all the records of a domain, providing detailed information about the internal network

Question 15

Which of the following tools is useful for scanning/indexing directories of a web server?

Answer 15

lynx

Gobuster

dirb

Question 16

What will be the output of the command below?
echo -e ‘www\nftp\nmail\nsoc\nicg\nicp’ | wc -l

Answer 16

6 I don’t really know

Question 17

Which of the following is NOT typically a feature of a vulnerability scanner?

Answer 17

Cracking passwords of network devices