Comparing Scanning and Testing Tools

Question 1

Fill in the two steps of the 4 high level vulnerability assessment steps
1) identify assets and capabilities
2)
3) Identify vulnerabilities and prioritize them
4)

Answer 1

1) identify assets and capabilities
2) Prioritize assets based on value
3) Identify vulnerabilities and prioritize them
4) Recommend controls to mitigate serious vulnerabilities.

Question 2

Network scanners can detect the operating system, services and protocols running on each host, true or false?

Answer 2

TRUE

Question 3

how is network mapping and network scanning different?

Answer 3

mapping focuses just on connectivity

network scanning identifies open ports, running services and OS details

Question 4

if a wireless scanner just LISTENS to the traffic across 2.4 and 5ghz frequencies, what type of scanner is it?

Answer 4

Passive

Question 5

Acrylic Wi-Fi professional is a what?

Answer 5

wireless scanner

Question 6

Netcat can be used for what scanning purpose?

Answer 6

Banner grabbing

Question 7

Which organization maintains a list of the publicly known vulnerabilities? What’s the list called?

Answer 7

The MITRE Corporation
It’s called the Common Vulnerabilities and Exposures
(CVE) list

Question 8

Some vulnerability scanners include data loss prevention techniques to detect sensitive data sent over the network, true or false?

Answer 8

TRUE

Question 9

How can vulnerability scans be made more accurate and reduce false positives?

Answer 9

By carrying out the scan using the credentials of a valid user account

Question 10

To get the most accurate results, configuration compliance scans should be run as..

Answer 10

credentialed-scan

Question 11

What document does a company use when they engage outside security professional to pen test the company?

Answer 11

They use a rules-of-engagement document that sets the boundaries of the pen test

Question 12

open source intelligence methods is associated with passive or active reconnaissance?

Answer 12

Passive reconnaissance

Question 13

Initial Exploitation involves escalating privileges, true or false?

Answer 13

FALSE. It involves exploiting the vulnerability to gain initial access to the system before any other malware is installed on the system

Question 14

What is the name given to when an exploited system is used to gather information about the network?

Answer 14

Pivoting

Question 15

Black box testers often use what to check for application vulnerabilities?

Answer 15

Fuzzing

Question 16

invasive/non-invasive testing broadly correlates with active/passive scanning tools, true or false

Answer 16

TRUE

Question 17

What ‘tool’ is used to store information about security vulnerabilities? What does it do?

Answer 17

an Exploitation Framework

It contains tools used to check for vulnerabilities and execute exploits on any discovered vulnerabilities

Question 18

BeEF and w3af are examples of what? Name them.

Answer 18

They’re examples of Exploitation Frameworks
BeEF = browser exploitation framework
w3af = web application attack and audit framework)

Question 19

Which type of pen testing starts with the testers having full knowledge of the environment?

Answer 19

White Box testing

Question 20

Which type of Pen testing involves the testers knowing some knowledge about the environment?

Answer 20

Grey Box testing

Question 21

What characterizes “intrusive” when applied to pen testing or vulnerability scanning?

Answer 21

when intrusive testing or scanning is carried out it is characterized by a degree of disruption of the target system

Question 22

what scanner verifies the configuration of systems?

What does it need to be run as?

Answer 22

configuration compliance scanner

run as a credentialed scan so they can accurately read the configuration of systems during the scan

Question 23

what should you do before you start vulnerability/pen testing?

Answer 23

obtain authorization