Chapter 5 Security Assessment & Testing

Question 1

Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise?

A. Vulnerability scanning
B. Penetration testing
C. Threat hunting
D. War driving

Answer 1

C. Threat Hunting

Question 2

Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

A. Domain administrator
B. Local administrator
C. Root
D. Read-only

Answer 2

D. Read-only

Question 3

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?

A. Run the scan against production systems to achieve the most realistic results possible.
B. Run the scan during business hours
C. Run the scan in a test environment
D. Do not run the scan to avoid disrupting the business.

Answer 3

C. Run the scan in a test environment

Question 4

Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?

A. High
B. Medium
C. Low
D. Severe

Answer 4

C. Low

Question 5

Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?

A. False positive
B. False negative
C. True positive
D. True positive

Answer 5

A. False positive

Question 6

Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging in this typeof activity?

A. Confidentiality
B. Integrity
C. Alteration
D. Availability

Answer 6

B. Integrity

Question 7

Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test?

A. Nmap
B. Nessus
C. Metasploit
D. Nslookup

Answer 7

C. Metasploit

Question 8

During a vulnerability scan, Brian discovered that a system on his network contained this vulnerability:

Solution: customers are advised to refer to Microsoft Advisory MS17-010 for more details patch

What security control, if deployed, would likely have addressed this issue?

A. Patch management
B. File integrity monitoring
C. Intrusion detection
D. Threat hunting

Answer 8

A. Patch management

Question 9

Which one of the following tools is most likely to detect an XSS vulnerability?

A. Static application test
B. Web application vulnerability scanner
C. Intrusion detection system
D. Network vulnerability scanner

Answer 9

B. Web application vulnerability scanner

Question 10

During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to another systems on the same network. What term best describes this activity?

A. Lateral movement
B. Privilege escalation
C. Footprinting
D. OSINT

Answer 10

A. Lateral movement

Question 11

Kevin is participating in a security exercise for his organization. His role in the exercise is to use hacking techniques to attempt to gain access to the organization’s systems. What role is Kevin playing in this exercise?

A. Red Team
B. Blue Team
C. Purple Team
D. White Team

Answer 11

A. Red Team

Question 12

Which one of the following assignment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities?

A. Threat hunting
B. Penetration testing
C. Bug Bounty
D. Vulnerability scanning

Answer 12

C. Bug bounty

Question 13

Kyle is conducting a penetration test. After gaining access to an organization’s database server, he installs a backdoor on the server to grant himself access in future. What term best describes this action?

A. Privilege escalation
B. Lateral movement
C. Maneuver
D. Persistance

Answer 13

D. Persistance

Question 14

Which one of the following techniques would be considered passive reconnaissance ?

A. Port scans
B. Vulnerability scans
C. WHOIS lookups
D. Footprinting

Answer 14

C. WHOIS lookups

Question 15

Which element of the SCAP framework can be used to consistently describe vulnerabilities?

A. CPE
B. CVE
C. CVSS
D. CCE

Answer 15

B. CVE

Question 16

Bruce is conducting a penetration test for a client. The client provided him with details of their systems in advance. What type of test is Bruce conducting?

A. Gray-box test
B. Blue-box-test
C. White-box-test
D. Black-box test

Answer 16

C. White-box-test

Question 17

Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?

A. Contract
B. Statement of work
C. Rules of engagement
D. Lessons learned report

Answer 17

C. Rules of engagement

Question 18

Grace would like to determine the operating system running on a system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?

A. Port scanning
B. Footprinting
C. Vulnerability scanning
D. Packet capture

Answer 18

A. Port scanning

Question 19

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?

A. Low
B. Medium
C. High
D. Critical

Answer 19

B. Medium

Question 20

Which one of the CVSS metrics would contain Information about the type of account access that an attacker must have to execute an attack?

A. AV
B. C
C. PR
D. AC

Answer 20

C. PR