CompTIA Pentest+ Guide To
Penetration Testing, 1st Edition by
Rob S. Wilson
Complete Chapter Solutions Manual
are included (Ch 1 to 14)
** Immediate Download
** Swift Response
** All Chapters included
** Practice Labs Answer File
,Table of Contents are given below
1. Introduction to Penetration Testing.
2. Setting Up a Penetration Testing Lab.
3. Planning and Scoping.
4. Information Gathering.
5. Performing Vulnerability Scanning.
6. Exploitation Methods and Tools.
7. Network Attacks and Attack Vectors.
8. Wireless and Specialized Systems Attack Vectors and
Attacks.
9. Application-Based Attack Vectors and Attacks.
10. Host Attack Vectors and Cloud Technologies Attacks.
11. Social Engineering and Physical Attacks.
12. Reporting and Communication.
13. Writing and Understanding Code.
14. The Final Penetration Testing Project.
,Solution and Answer Guide
WILSON, PENT EST+: GUIDE TO PENETRATION T ESTING 2024, 9780357950654; MODULE 01:
INTRODUCTION TO PENETRATION TESTING
TABLE OF CONTENTS
Review Questions ........................................................................................................................................ 1
Activities ...................................................................................................................................................... 5
Case Projects ............................................................................................................................................... 5
REVIEW QUESTIONS
1. What are two other terms for penetration testing?
a. Vulnerability testing
b. Pen testing
c. Ethical hacking
d. Blue teaming
Answer: b, c
Penetration testing is also known as pen testing or ethical hacking and is an authorized series of
security-related, non-malicious “attacks” on targets such as computing devices, applications, or an
organization’s physical resources and personnel.
2. The purpose of pen testing is to discover vulnerabilities in targets so that these vulnerabilities can be
eliminated or mitigated.
a. True
b. False
Answer: a
The purpose of pen testing is to discover vulnerabilities in targets so that the vulnerabilities can be
eliminated or mitigated before a threat actor with malicious intent exploits them to cause damage to
systems, data, and the organization that owns them.
3. Pen testing should be performed under which of the following circumstances? Choose all that apply.
a. A new computer system has been installed.
b. A new software system or an update to a software system has been installed.
c. Following a regular schedule to make sure no unknown changes have impacted security.
d. Performed as dictated by compliance standards such as PCI DSS.
Answer: a, b, c, d
Pen testing should be performed as a regular practice, to meet compliance standards, and after a major
change in a computing environment, such as the installation of a new computer system, application, or
update.
1
, 4. Which of the following are possible targets for penetration testing?
a. Web application.
b. Computer.
c. Staff.
d. All of these are correct.
Answer: d
Web applications and other software, computers and related systems, and staff or other personnel can
be targets for penetration testing.
5. The targets under test and the actions that a pen tester is allowed to perform need to be well-defined,
documented, and agreed upon by all parties before pen testing begins. True or false?
a. True
b. False
Answer: a
Because pen-testing activities are the same as illegal hacking activities, though with different goals, the
pen-testing targets and actions must be well-defined, documented, and agreed upon by all parties
before pen testing begins.
6. Use your favorite search engine to research bug bounties. Find three different bug bounties that were paid,
and in a one-page report, summarize these bounties. Make sure to include the vulnerability details, the
organization that paid the bounty, and how much they paid.
Answers will vary, but a good report will follow the instructions and have exactly three bug bounty
examples. It will also describe the vulnerability details, the organization that paid the bounty, and the
amount.
7. The CIA triad expresses how the cornerstones of confidentiality, integrity, and accessibility are linked
together to provide security for computer systems and their data.
a. True
b. False
Answer: a
In the CIA triad, confidentiality of information dictates that an object should only be accessible to
authorized entities. Integrity of information or systems ensures that an object has not been corrupted or
destroyed by unauthorized entities. Availability requires that objects and services must be accessible to
authorized entities when needed and should not be made unavailable by threat actors or system
failures.
8. Which triad is the antithesis of the CIA triad?
a. BAD
b. SAD
c. ADD
d. DAD
Answer: d
The DAD (disclosure, alteration, destruction) triad is the antithesis of the CIA triad because it
expresses the goals of disclosing confidential information, altering or corrupting the integrity of
information, and destroying or denying the availability of access to resources.
2
