Chap 1 Sybex

Question 1

Authorized legal attempts to defeat an organization’s security controls and perform unauthorized activities

Answer 1

Pen test

Question 2

CIA triad

Answer 2

Confidentiality: seek to prevent unauthorized access to info or systems
Integrity: prevent unauthorized modification of info or systems
Availability: seek to ensure that legitimate use of info and systems remains possible

Question 3

DAD triad

Answer 3

Disclosure: attacks seeks to gain unauthorized access to info or systems
Alternation: seek to make unauthorized changes to info or systems
Denial: attacks seek to prevent legitimate use of info and systems

Question 4

Using hacking tools and techniques in a code of ethics

Answer 4

Ethical hacking

Question 5

When to pentest you must adopt the ____ ____

Answer 5

Hacker mindset

Question 6

Benefits of pen testing

Answer 6

-provides knowledge that you can’t obtain elsewhere
-blueprint for remediation
-essential, focused information about specific targets

Question 7

Uses the attacker mindset to search the organization’s tech infrastructure for the artifacts of a successful attack on “presumption of compromise”

Answer 7

Threat hunter

Question 8

Incident response plan (NIST)

Answer 8

-preparation
-detection and analysis
-containment and eradication and recovery
-post incident activity

Question 9

4 pen test requirements of PCI DSS

Answer 9

-perform external pen test at least annually and after any significant infrastructure or application upgrade or modifications

-perform internal penetration testing at least annually and after any significant infrastructure or application upgrade or modification

-exploitable vulnerabilities found during pen test are corrected and testing is repeated

-if segmentation is used to isolate CDE (cardholder data environment) from other networks, perform pen test at least annually and after any changes to segmentation controls/methods to verify segmentation methods are operational and effective

Question 10

2 pros and 2 cons of using internal pen test team

Answer 10

Pros:
-they have contextual knowledge of the organization that can improve effectiveness of testing by providing enhanced subject matter expertise
-less expensive

Cons:
-using internal employees who designed and implement security controls. Can create bias
-more difficult for them to detect flaws

Question 11

Tests conducted by ____ team or to tests conducted from ____ network perspective

Answer 11

Both are Internal or external

Question 12

If possible, pen test meme era should be separate from cybersecurity team that designs and operates controls

Answer 12

Separation of duties

Question 13

3 reasons to do pen testing on periodic basis

Answer 13

-tech environment changes
-attack techniques evolve and updated tests should reflect changing attack techniques
-each team member brings unique set of skills, and talents. Can discover different vulnerabilities

Question 14

CompTIA pen test stages

Answer 14

Planning and scoping
Information gathering and vulnerability scanning
Attacking and exploiting
Reporting and communication results

Question 15

What stage of pen test:
Outline clear rules of engagement, decide what systems, data, processes and activities are within the authorized scope of the test

Answer 15

Planning and scoping

Question 16

What stage of pentest:
Gather information about target, vulnerability scans

Answer 16

Information gathering and vulnerability scanning

Question 17

What stage of pentest:
Exploit vulnerabilities

Answer 17

Attacks and exploits

Question 18

Phase of pentest:
Actionable recommendations

Answer 18

Reporting and communication

Question 19

Cyber kill chain by Lookheed Martin (7 items)

Answer 19

-reconnaissance
-weaponization
-delivery
-exploitation
-installation
-command and control (C2C)
-actions on objectives

Question 20

What stage is this in the cyber kill chain:
Information gathering (OSINT) and vulnerability scanning

Answer 20

Reconnaissance

Question 21

What stage of the kill chain is this:
Attackers develop specific tool to exploit vulnerabilities

Answer 21

Weaponization

Question 22

What stage of the kill chain is this:
Could be exploiting a network or application vulnerability, conducting a social engineering attack, distributing malware on a USB or sending an email

Answer 22

Delivery

Question 23

What stage of the kill chain is this:
Attacker or victim takes some action that triggers the malware payload

Answer 23

Exploitation

Question 24

What stage of the kill chain is this:
The attacker uses the initial access provided by the malware to establish permanent or persistent access to the target system. Example: back door

Answer 24

Installation

Question 25

What stage of the kill chain is this:
Attacker can use a remote shell or other means to remotely control the compromised system

Answer 25

Command and control (C2C)

Question 26

What stage of the kill chain is this:
Theft of sensitive info, the unauthorized use of computing resources to engage in DoS attacks or to mine cryptocurrency or the unauthorized modification or deletion of information

Answer 26

Actions on objectives

Question 27

What type of tools are these:
WHOIS
Nslookup
TheHarvester
Recon-ng
Censys
FOCA (fingerprinting organizations with collected archives)
Shodan
Maltego

Answer 27

Reconnaissance

Question 28

What type of tools are these:
Nessus
OpenVAS
Sqlmap
Nikto, Wapiti, W3AF
Security content automation protocol (SCAP)

Answer 28

Vulnerability scanners

Question 29

What type of tools are these:
SET (____ ____ toolkit)
BeEF (browser exploration framework)

Answer 29

Social engineering

Question 30

What type of tools are these:

Hashcat, John the Ripper, Hydra, Medusa, Patator, Cain
CeWL
Mimikatz
DirBuster

Answer 30

Credential testing tools

Question 31

What type of tools:

Immunity debugger
GDB
OllyDbg
WinDbg
IDA
Brakeman
Covenant
TruffleHog

Answer 31

Debuggers and software testing tools

Question 32

What type of tools:
Wireshark
Hping
Aircrack-ng, WiFite, mdk4, Fern, and Kismet
Rogue wireless access points
EAPHammer
Reaver
Spooftooph
WiGLE (wireless geographic logging engine)
Online SSL checkers

Answer 32

Network testing

Question 33

What type of tools:

SSH
Ncat and Netcat
Proxychains

Answer 33

Remote access

Question 34

What type of tools:
Metasploit
SearchSploit
PowerSploit and Empire
Responder
Impacket
Mitm6
CrackMapExec

Answer 34

Exploitation

Question 35

What type of tools are these:
Open Steg and Steghide
Coagula and Sonic Visualiser
Snow
TinEye
Metagoofil

Answer 35

Steganography

Question 36

What type of tool:
ScoutSuite
CloudBrute
Pacu
Cloud Custodian

Answer 36

Cloud tools

Question 37

This tool gathers information from public records about domain ownership
What type of tool?

Answer 37

WHOIS
Reconnaissance

Question 38

This tool helps identify the IP addresses associated with an organization

What type of tool?

Answer 38

Nslookup
Reconnaissance

Question 39

Scours search engines and other resources to find email addresses, employee names, and infrastructure details about an org

What type of tool?

Answer 39

TheHarvester
Recon.

Question 40

Modular web reconnaissance framework that organizes and manages OSINT work

Answer 40

Recon-ng

Question 41

Web based tool that probe IP addresses across the internet and then provides pen testers with info through a search engine

What type of tool?

Answer 41

Censys

Recon.

Question 42

OSINT tool used to find metadata within Office documents, PDFs and other common file formats

Answer 42

FOCA (fingerprint organizations with collected archives)

Question 43

Specialized search engine to provide discovery of vulnerable internet of things devices from public sources

Answer 43

Shodan
Recon.

Question 44

Commercial product that assists with the visualization of data gathered from OSINT

Answer 44

Maltego