5 - Security Assessment and Testing

Question 1

Which one of the following security assessment techniques assumes that an org has already been compromised and searches for evidence of that compromise?

Answer 1

Threat Hunting

Question 2

Renee is configuring her vulnerability management solution to perform credential scans of servers on her network. What type of account should she provide to the scanner?

Answer 2

Read-Only

Question 3

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scans?

Answer 3

Run the scan in a test environment

Question 4

What value for the CVSS attack complexity metric would indicate that a specific attack is simplest to exploit?

Answer 4

Low

Question 5

Tara recently analyzed the result of a vulnerability scan and saw that a finding per the scanner did not actually exist because the system was patched as specified. What type of error occurred?

Answer 5

False Positive

Question 6

Brian ran a penetration test against a school’s grading systems and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type on control should he recommend to the school to prevent this?

Answer 6

Integrity

Question 7

What security assessment tools are used during the reconnaissance phase of a penetration test?

Answer 7

Nmap, Nessus, and Nslookup

Question 8

During a vulnerability test Brian discovered that a system on his network was open to text-based attacks, and his SIEM recommended updating the system’s drivers. What security control, if deployed, would likely have addressed this issue?

Answer 8

Patch Management

Question 9

What tool is MOST likely to detect an XSS vulnerability?

Answer 9

Web Application Vulnerability Scanner

Question 10

Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?

Answer 10

Lateral Movement

Question 11

Kevin is participating in an exercise for his org. His role in the exercise is to use hacking techniques to gain access to his org’s systems. What role is Kevin playing during this exercise?

Answer 11

Red Team

Question 12

What assessment technique is designed to solicit participation from external security experts, and rewards them for discovering vulnerabilities?

Answer 12

Bug Bounty (Bug Hunting)

Question 13

After gaining access to an org’s database server, Kevin installs a backdoor on the server to grant himself access in the future. What terms best describe this action?

Answer 13

Persistence

Question 14

What type of technique are WHOIS Lookups considered?

Answer 14

Passive Reconnaissance

Question 15

Which element of the SCAP Framework can be used to consistently describe vulnerabilities?

Answer 15

Common Vulnerabilities and Exposures (CVE)

Question 16

Bruce is conducting a penetration test for his client. The client provided him with details of their system in advanced. What type of testing is Bruce conducting?

Answer 16

White-Box Testing

Question 17

Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as a part of the test. What document should she consult to find this info?

Answer 17

The Rules of Engagement (RoE)

Question 18

Grace would like to determine the operating system running on a system that she is targeting in a test. What technique would most directly provide her with this information?

Answer 18

Footprinting

Question 19

Kevin recently identified a new security vulnerability and computed its CSS base score as 6.5. Which risk category would this vulnerability fall into?

Answer 19

Medium (between 4.0 and 6.9)

Question 20

Which of the CVSS metrics would contain info about the type of account access that an attacker must have to execute an attack?

Answer 20

The Privileges Required (PR) Metric