2.1.3 Practice Questions

Question 1

Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?

answer

Blue teaming

Red teaming

Ethical hacking

Network scanning

Answer 1

Ethical hacking

Question 2

Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?

answer

Gain access

Scanning and enumeration

Maintain access

Reconnaissance

Answer 2

Scanning and enumeration

Question 3

Which of the following is the third step in the ethical hacking methodology?

answer

Reconnaissance

Gain access

Scanning and enumeration

Clear your tracks

Answer 3

Gain access

Question 4

Miguel is performing a penetration test on his client’s web-based application. Which penetration test frameworks should Miguel utilize?

answer

ISO/IEC 27001

OWASP

NIST SP 800-115

OSSTMM

Answer 4

OWASP

Question 5

The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?

answer

Maintain access

Reporting

Gain access

Reconnaissance

Answer 5

Reporting

Question 6

You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?

answer

White hat

Black box

Black hat

White box

Answer 6

Black box

Question 7

Which of the following best describes a gray box penetration test?

answer

The ethical hacker is given full knowledge of the target or network.

The ethical hacker is given strict guidelines about what can be targeted.

The ethical hacker has no information regarding the target or network.

The ethical hacker has partial information about the target or network.

Answer 7

The ethical hacker has partial information about the target or network.

Question 8

Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?

answer

Acts as a pipeline between teams and can work on any side.

Performs offensive security tasks to test the network’s security.

Is responsible for establishing and implementing policies.

Is a team of specialists that focus on the organization’s defensive security.

Answer 8

Performs offensive security tasks to test the network’s security.