Comparing Scanning and Testing Tools Flashcards

1
Q

Fill in the two steps of the 4 high level vulnerability assessment steps
1) identify assets and capabilities
2)
3) Identify vulnerabilities and prioritize them
4)

A

1) identify assets and capabilities
2) Prioritize assets based on value
3) Identify vulnerabilities and prioritize them
4) Recommend controls to mitigate serious vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network scanners can detect the operating system, services and protocols running on each host, true or false?

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

how is network mapping and network scanning different?

A

mapping focuses just on connectivity

network scanning identifies open ports, running services and OS details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

if a wireless scanner just LISTENS to the traffic across 2.4 and 5ghz frequencies, what type of scanner is it?

A

Passive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Acrylic Wi-Fi professional is a what?

A

wireless scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Netcat can be used for what scanning purpose?

A

Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which organization maintains a list of the publicly known vulnerabilities? What’s the list called?

A

The MITRE Corporation
It’s called the Common Vulnerabilities and Exposures
(CVE) list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Some vulnerability scanners include data loss prevention techniques to detect sensitive data sent over the network, true or false?

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can vulnerability scans be made more accurate and reduce false positives?

A

By carrying out the scan using the credentials of a valid user account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To get the most accurate results, configuration compliance scans should be run as..

A

credentialed-scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What document does a company use when they engage outside security professional to pen test the company?

A

They use a rules-of-engagement document that sets the boundaries of the pen test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

open source intelligence methods is associated with passive or active reconnaissance?

A

Passive reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Initial Exploitation involves escalating privileges, true or false?

A

FALSE. It involves exploiting the vulnerability to gain initial access to the system before any other malware is installed on the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the name given to when an exploited system is used to gather information about the network?

A

Pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Black box testers often use what to check for application vulnerabilities?

A

Fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

invasive/non-invasive testing broadly correlates with active/passive scanning tools, true or false

A

TRUE

17
Q

What ‘tool’ is used to store information about security vulnerabilities? What does it do?

A

an Exploitation Framework

It contains tools used to check for vulnerabilities and execute exploits on any discovered vulnerabilities

18
Q

BeEF and w3af are examples of what? Name them.

A

They’re examples of Exploitation Frameworks
BeEF = browser exploitation framework
w3af = web application attack and audit framework)

19
Q

Which type of pen testing starts with the testers having full knowledge of the environment?

A

White Box testing

20
Q

Which type of Pen testing involves the testers knowing some knowledge about the environment?

A

Grey Box testing

21
Q

What characterizes “intrusive” when applied to pen testing or vulnerability scanning?

A

when intrusive testing or scanning is carried out it is characterized by a degree of disruption of the target system

22
Q

what scanner verifies the configuration of systems?

What does it need to be run as?

A

configuration compliance scanner

run as a credentialed scan so they can accurately read the configuration of systems during the scan

23
Q

what should you do before you start vulnerability/pen testing?

A

obtain authorization