CompTIA Pentest+ Chapter 11 Questions Flashcards
\_\_\_\_\_\_\_ is a type of social engineering technique that can be used to exploit physical access controls in order to gain unauthorized access to a restricted area when an authorized individual consented to the entry. A. Tailgating B. Piggybacking C. Lock bumping D. Bypassing
B. Piggybacking
Explanation:
Piggybacking is the correct answer, as the person opening the door consented to allow the intruder to enter. Tailgating is a technique similar to piggybacking, but the intruder is unauthorized and the authorized individual who opened the door did not consent to the entry and likely has no idea the intruder followed after them. Lock bumping is an attack used against pin tumbler locks, and bypassing is a general action used to go around something. In this case, the intruder is following behind the authorized individual, not trying to go around the individual.
2.The Physical and Environmental Security domain from NIST SP 800-53 (rev 4) provides 20 different access controls that can be applied at different impact levels. All controls applicable to an organization’s physical security scheme need to be assessed; however, when would a control require a technical assessment? A.When you need to ensure the implementation of the control is effective
B.Controls do not require a technical assessment, as all controls can be assessed by reviewing the organizational policy
C.The results of the penetration test will determine which controls require a technical assessment
D.After technically assessing the controls in a policy
A.When you need to ensure the implementation of the control is effective
Explanation:
The Physical and Environment Security controls found in NIST SP 800-53 (rev 4) offer supplemental guidance on how a control can be assessed. In some cases, the control can be assessed by reviewing a policy control document. If the policy provides substantial evidence that the control is implemented, the control is satisfied. However, some controls can be assessed from a technical perspective, where the assessment is done against the security control mechanism to determine its effectiveness and identify any implementation weaknesses that may need to be mitigated.
3.Which type of lock requires a proper sequence of letters, numbers, or symbols before the lock can open and can have either a single dialpad or a multiple dialpads? A.Cipher lock B.Wafer lock C.Combination lock D.Tumbler lock
C.Combination lock
Explanation:
The combination lock can have a single dialpad or multiple dialpads and requires the proper sequence of letters, numbers, or symbols before the lock can open.
A warded lock (or ward lock) is a mechanical lock design that has been around for a long time. Today, a typical example of a warded lock would be a(an)? A.Padlock B.Combination lock C.Lever lock D.Automobile lock
A.Padlock
Explanation:
The padlock is a typical warded lock design. The combination and lever locks are other types of locking mechanisms, and an automobile lock is a type of wafer lock.
5.Single pin picking (SPP) is a method that requires great skill, technique, and patience to master. Which type of lock is SPP used against? A.Wafer lock B.Pin tumbler C.Lever lock D.Padlock
B.Pin tumbler
Explanation:
B. The SPP is a technique used to feel out the key pins in a pin tumbler lock. This type of lock picking requires a great deal of skill and patience and can take a while to successfully master.
\_\_\_\_\_\_\_\_\_\_\_ positioned at the top of doors and windows offer a relatively cost-effective solution to monitor physical entry. When the door/window opens, the circuit will break and an alarm is triggered. A.Motion detector B.Magnetic switches C.Egress sensor D.Microwave sensor
B.Magnetic switches
Explanation:
B. The magnetic switches are positioned at the top of doors and windows and offer a relatively cost-effective solution to monitor physical entry. A motion detector, egress sensor, and microwave sensor are used to detect the movement of a foreign object in a room or isolated area.
The cold boot attack can be used to receive encryption keys from RAM, even when the power to the computer has been turned off. What happens to the encryption keys in memory when a computer or laptop goes into hibernate mode?
A.The keys are written to memory.
B.The memory contents are written to disk.
C.The memory is lost because in hibernate mode the system loses power. D.The data in memory is present while the rest of the computer is shut down.
B.The memory contents are written to disk.
Explanation:
The data is written to disk, and when the computer is woken up, the contents from disk are read back into memory again.
8.The pick gun emulates which type of lock picking motion? A.Raking B.SPP C.Jiggling D.Scrubbing
C.Jiggling
Explanation:
Pulling the lock pick gun simulates the jiggling technique. When the trigger is pulled, the head of the pick gun slams against the key pins, forcing them up. Then when the trigger is released, the head comes down, allowing gravity and the springs in the pin chamber to push the pins back into place, and almost instantly the head of the gun slams back against the pins, all while proper pressure is applied to the tension wrench. Raking (or scrubbing) is a forward and backward motion in the keyway, and SPP is a pin testing technique that requires much skill and patience.
Styrofoam is a type of insulator that is good at defeating which type of sensor? A.Ultrasonic B.Magnetic C.Infrared D.Microwave
C.Infrared
Explanation:
Styrofoam is a good insulator and can be used during a physical pentesting engagement to shield your body temperature from being exposed to a passive infrared heat sensor.
Certain types of cipher locks can be defeated using which type of bypass tool that requires little to no effort to execute and is forensically sound? A.Magnet B.Screwdriver C.Hammer D.Brute force
A.Magnet
Explanation:
A. Certain types of cipher locks can be defeated using a high-powered magnet. This method is less destructive, requires little effort, and is forensically sound. A hammer is a valid option; however, it requires a forceful entry and can make a real mess of the door. A screwdriver can do very little in this scenario, and brute force can be a forensically forensically sound method but could take a great deal of time to execute successfully.