CompTIA Pentest+ for Dummies Chapter 5 Prep Test Flashcards
You are performing a penetration test for a customer and would like to use Metasploit to exploit the target system.
What command would you use to start Metasploit?
A.msfadmin
B.msfconsole
C.msf
D.meta
B.msfconsole
Explanation:
To start Metasploit on Kali Linux, you use the msfconsole command.
Once Metasploit is loaded, you will use Metasploit commands to search, configure and run exploits.
After selecting the exploit you wish to use in Metasploit, what command would you use to check to see if any settings need to be configured before running the exploit? A.Use settings B.msfconsole C.Settings D.show options
D.show options
Explanation:
After selecting the exploit with the ‘use’ command, you will then need to configure any required settings to get the exploit to work.
To view a list of configurable settings, you use the ‘show options’ command in Metasploit
What type of social engineering attack targets the CEO of a business? A.Spear phishing B.Voice phishing C.Whaling D.SET
C.Whaling
Explanation:
Whaling is the phishing attack method that targets the CEO of a company.
Think of this as catching the big fisk
What form pf physical security attack involves the attacker waiting for the employee to unlock and open a door when the attacker slips in the door after the employee without the employee noticing? A.Mantrap B.Piggybacking C.Spear Phishing D.Tailgating
D.Tailgating
Explanation:
Tailgating is when the attacker enters the facility behind an employee after the person has unlocked the door, without the employees consent.
Piggybacking is when the same happens, but the employee notices and allows it to happen
You are performing a penetration test for a customer and would like to attempt to crack the passwords on the users account.
What type of password attack involves the pentester using a program that reads the passwords from a text file?
A.Piggybacking
B.Dictionary attack
C.Rainbow Tables
D.Brute Force attack
B.Dictionary attack
Explanation:
A dictionary attack is when the password cracking tool uses a wordlist file, known as a dictionary file, and simply reads through the file attempting each word as a password
You are performing a pentest and would like to perform a MiTM attack allowing you to monitor INternet traggic by performing an ARP poisoning attack.
What address would you typically spoof during the ARP poisoning attack?
A.The switch
B.The DHCP Server
C.The Router
D.The DNS Server
C.The Router
Explanation:
When performing a MiTM attack using ARP poisoning, also known as ARP spoofing, you typically spoof the address of the router (default gateway_ because that is the device all clients use to get to the internet
What is the term for the code that is executed on the target system by an exploit to perform a specific action? A.Vulnerability B.Payload C.Exploit D.Virus
B.Payload
Explanation:
Payload is the term for the code to execute on the target system once the system is exploited.
The payload is delivered by the exploit
Which of the following tools can be used to perform a social engineering attack during a pentest in order to log usernames and passwords of the victims? A.Msfvenom B.Metasploit C.Tailgating D.SET
D.SET
Explanation:
The Social Engineer Toolkit (SET) can be used to clone a site such as Gmail or Facebook and then trick the users to the cloned site so that you can receive a copy of the users logon credentials when he or she logs on, thinking the site is the real site
Which of the following is a common type of sandbox escape exploit that allows the hacker access to resources outside of the contained area? A.SET B.Shell upgrade C.Payload D.BeEF
B.Shell upgrade
Explanation:
A shell upgrade exploit is a form of sandbox escape that could give the attacker elevated permissions within a command shell.
Other types of sandbox escape exploits are VM and container sandbox escape
Which of the following is an exploitation framework that is focused on running malicious code in the browser in order to exploit the system? A.BeEF B.SET C.Metasploit D.nmap
A.BeEF
Explanation:
The Browser Exploitation Framework (BeEF) is used to run malicious code when the user visits the malicious site and thene xploits the system allowing the attacker full access without the users knowledge