Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PenTest+ > CompTIA Pentest+ for Dummies Chapter 4 Prep Test > Flashcards

CompTIA Pentest+ for Dummies Chapter 4 Prep Test Flashcards

1
Q 
You would like to perform a complete vulnerability scan of a Windows server.
What tool would you use?
A.Nikto
B.Nessus
C.SQLMap
D.Nmap
A

B.Nessus

Explanation:
Nessus is an example of a vulnerability scanner and can perform a complete scan of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have performed a vulnerability scan of a Windows system, but do not see the level of detail you were expecting in the scan results.
What should you do?
A.Perform a Web Application Vulnerability Scan
B.Perform an anonymous scan
C.Perform a port scan
D.Perform a credentialed scan

A

D.Perform a credentialed scan

Explanation:
When performing a scan of a Windows system, you should configure the administrator credentials on the scan so that the scanner can retrieve as much configuration information as possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You would like to assess the security of a web application running on an intranet server.
What tool would you use to perform the vulnerability scan?
A.Nikto
B.Hydra
C.theHarvester
D.Nmap

A

A.Nikto

Explanation:
Nikto is an example of a web application vulnerability scanner.
It will check for common security issues with web applications such as misconfigurations or missing prevention techniques known attacks against web servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are performing a vulnerability assessment of a web application that is connected to a database.
What tool would you use to assess vulnerability with the web application?
A.Nmap
B.Hydra
C.theHarvester
D.SQLMap

A

D.SQLMap

Explanation:
Because the web application is connected to a database, you should test for SQL injection vulnerabilities, which is what SQLMap does

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are creating a report that identifies the priority for remediation of the vulnerabilities found on systems.
What two conditions could be used to determine the priority of the vulnerability? (Choose Two)
A. The port number
B.Criticality of system
C.Windows over Linux
D.WAF Score
E.CVSS Base Score

A

B.Criticality of system
E.CVSS Base Score

Explanation:
There are a number of conditions we use to prioritize the remediation of vulnerabilities, such as how critical the system or data is that is affected by vulnerability, the CVSS base score (critical vulnerabilities get priority over medium or low)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have performed a vulnerability scan of a critical system.
Which of the following vulnerabilities reported present the highest risk to the system?
A.Password in HTML code
B.One administrator account
C.Certificate is invalid
D.Missing one week of patches

A

C.Certificate is invalid

Explanation:
Because the system is a critical system and appears to need encryption because a certificate was applied to the system, having an expired cert would have a large impact on confidentiality; therefore the certificate being invalid has the highest risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
What type of analysis tool is used to monitor the behavior of the software while it is running?
A.Static Analysis
B.Port Analysis
C.SQL analysis
D.Dynamic analysis
A

D.Dynamic analysis

Explanation:
Dynamic analysis tools are used to monitor the behavior of software while the software is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have performed a vulnerability scan of a system which has identified the system is vulnerable to SQL injection attacks and XSS attacks.
Which vulnerability presents the higher risk?
A.SQL Injection
B.XSS

A

A.SQL Injection

Explanation:
The SQL injection attack can be used to access sensitive info in a database (violation of confidentiality), it can be used to make unauthorized changes to the underlining data in the database (violation of integrity) or it could be used to delete critical data to the business (violation of availability) so it is considered higher risk vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Looking at the following CVSS base vector, what metric has the largest impact if the vulnerability is exploited?
CVSS2# AV:N/ AC:L/ Au:N/ C:N/ I:C/ A:N
A.Availability 
B.Access Vector
C.Integrity
D.Confidentiality
A

C.Integrity

Explanation:
Looking at the CVSS base vector, the last three elements of /C:N/ I:C/ A:N are showing the values of impacts on CIA meaning confidentiality is none (no impact), I:C means complete impact (all data is impacted)
A:N means availability no impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Looking at the following CVSS base vector, what level of access does the attacker need to the system in order to exploit the vulnerability?
CVSS2# AV:L/ AC:L/ Au:N/ C:N/ I:C/ A:N
A.Access to the LAN
B.Access from a remote network
C.No Access
D.Local Access to the system
A

D.Local Access to the system

Explanation:
The AV:L at the beginning of the CVSS base vector indicates the access vector of local, meaning the attacker would need physical access to the system to exploit the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

PenTest+ (80 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions