100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Pentest All Possible Questions and Answers 2023/2024 $11.49   Add to cart

Exam (elaborations)

Pentest All Possible Questions and Answers 2023/2024

 5 views  0 purchase
  • Course
  • Institution

Pentest All Possible Questions and Answers 2023/2024 Passive methods are those that do not actively engage the target organization's systems, technology, defenses, people, or locations. True The information gathered through passive methods is referred to as OSINT. What does OSINT stand for? o...

[Show more]

Preview 3 out of 18  pages

  • October 23, 2023
  • 18
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
Pentest All Possible Questions and Answers 2023/2024
Passive methods are those that do not actively engage the target organization's
systems, technology, defenses, people, or locations.
True
The information gathered through passive methods is referred to as OSINT. What
does OSINT stand for?
open source intelligence
Select the statements about footprinting and enumeration that are true:
osint includes data from publicy available sources, An organization's footprint is a listing
of all the system,s network, and other technology that an organization has, White box
testers may be given OSINT before the test starts
CERT
Can be used as a generic term to describe various organizations. Each one serves as
an organizational hub for cybersecurity information.
NIST
Provides standards, networks, and guides for cybersecurity: SP 800-115, provided by
this organization, is of particular interest to penetration testers.
MITRE
Federally funded not-for-profit organization that performs federally funded research and
development.
Full Disclosure
Online discussion board for security practicioners
ISC
Source for dairies, podcasts, and other information. This is run by SANS.
The Common Attack Pattern Enumeration and Classification (CAPEC) list is
published by NIST, and is designed to help identify and document attacks and
attack patterns.
false
The Common Vulnerabilities and Exposures (CVE) list identifies vulnerabilities by
name, number, and description.
true
Penetration tests never require onsite visits - all aspects of them can be done
remotely.
false
ExifTool is designed to help you recover data from which type of document?
-electronic text documents
Financial data - such as tax information or financial disclosures - does not
provide useful information to penetration testers as a general rule.
false
Social engineering techniques that are used on employees of a company that is
being tested can generally provide useful information, but is understood to be
out-of-bounds for penetration testers, and not something they would consider
doing.
false

,External footprinting is considered to be the most passive type of
reconnaissance: pick the option considered to be least passive:
-gathering info about ip ranges and routes
Domain names are managed by domain name registrars.
true
The central authority for domain name registrars is known as the IANA, which
provides a service that allows you to search for information about an
organization or individual based on their registration information. This service is
called:
whois
DNS converts IP addresses to domain names and domain names to IP addresses.
true
Select all the statements about zone transfers that are true:
-one way of getting dns information via zone transfer is to use the program dig
-the data in a dns zone transfer contains useful info
-a dns zone transfer is designed to be used to replicate dns databases between dns
servers
After sufficient OSINIT has been gathered, it's typical to move onto active
reconnaissance.
true
There are many techniques for active reconnaissance, so it's important to be
familiar with multiple methods.
ture
Port scanners are the only way to identify hosts on a network.
false
One of the most common tasks that a penetration will perform while conducting
active reconnaissance is service identification.
true
SSH
22
HTTPS
443
HTTP
80
Telnet
22
The ability to identify an operating system on the network traffic that it sends is
known as operating system handprinting.
false
NMAP allows you to specify which of the following? Pick all that are correct:
-os detection
-range of ports
-service detection
-how output is formated
The GUI front end to nmap is called MapGUI.
false

, Understanding the topology of a network is not generally necessary or helpful for
a penetration tester.
false
Tools like kismet or wireshark can be used to capture traffic from wireless
networks.
true
SNMP ping sweeps are typically done from outside the network, and do not
require internal access to the network you're attempting to penetrate.
false
Enumeration is defined as a process which establishes an active connection to
the target hosts to discover potential attack vectors in the system, and the this
data can be used for further exploitation of the system.
Enumeration is used to gather:
Username and Group names
Hostnames
Network shares and services
IP tables and routing tables
Service settings and Audit configurations
Application and banners SNMP and DNS Details
True
Decompilers are designed to pull apart compiled binaries and generate usable
code.
true
One of the ways you can defend against active reconnaissance is to limit external
exposure of services to those that absolutely need to be exposed.
true
There is nothing that organizations can do to make it more difficult for
penetration testers to gather passive information about them.
false
Penetration testing only considers the creativity and skill of an attacker, and
takes no notice of what tools that the attacker may be using.
False
Penetration tests are always authorized and legal attempts to defeat security
controls and perform activities that would, under other circumstances, be
unauthorized.
true
Penetration tests can be automated, and as a result, are not generally time-
consuming.
false
Which of the following is not a concept that is characteristic of the CIA triad?
alteration
select all of the concepts are part of the DAD triad
-disclosure
-denial
-alteration

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $11.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$11.49
  • (0)
  Add to cart