Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PenTest+ > CompTIA Pentest+ for Dummies Chapter 5 Prep Test > Flashcards

CompTIA Pentest+ for Dummies Chapter 5 Prep Test Flashcards

1
Q

You are performing a penetration test for a customer and would like to use Metasploit to exploit the target system.
What command would you use to start Metasploit?
A.msfadmin
B.msfconsole
C.msf
D.meta

A

B.msfconsole

Explanation:
To start Metasploit on Kali Linux, you use the msfconsole command.
Once Metasploit is loaded, you will use Metasploit commands to search, configure and run exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
After selecting the exploit you wish to use in Metasploit, what command would you use to check to see if any settings need to be configured before running the exploit?
A.Use settings
B.msfconsole
C.Settings
D.show options
A

D.show options

Explanation:
After selecting the exploit with the ‘use’ command, you will then need to configure any required settings to get the exploit to work.
To view a list of configurable settings, you use the ‘show options’ command in Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
What type of social engineering attack targets the CEO of a business?
A.Spear phishing
B.Voice phishing
C.Whaling
D.SET
A

C.Whaling

Explanation:
Whaling is the phishing attack method that targets the CEO of a company.
Think of this as catching the big fisk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
What form pf physical security attack involves the attacker waiting for the employee to unlock and open a door when the attacker slips in the door after the employee without the employee noticing?
A.Mantrap
B.Piggybacking 
C.Spear Phishing
D.Tailgating
A

D.Tailgating

Explanation:
Tailgating is when the attacker enters the facility behind an employee after the person has unlocked the door, without the employees consent.
Piggybacking is when the same happens, but the employee notices and allows it to happen

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are performing a penetration test for a customer and would like to attempt to crack the passwords on the users account.
What type of password attack involves the pentester using a program that reads the passwords from a text file?
A.Piggybacking
B.Dictionary attack
C.Rainbow Tables
D.Brute Force attack

A

B.Dictionary attack

Explanation:
A dictionary attack is when the password cracking tool uses a wordlist file, known as a dictionary file, and simply reads through the file attempting each word as a password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You are performing a pentest and would like to perform a MiTM attack allowing you to monitor INternet traggic by performing an ARP poisoning attack.
What address would you typically spoof during the ARP poisoning attack?
A.The switch
B.The DHCP Server
C.The Router
D.The DNS Server

A

C.The Router

Explanation:
When performing a MiTM attack using ARP poisoning, also known as ARP spoofing, you typically spoof the address of the router (default gateway_ because that is the device all clients use to get to the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
What is the term for the code that is executed on the target system by an exploit to perform a specific action?
A.Vulnerability
B.Payload
C.Exploit
D.Virus
A

B.Payload

Explanation:
Payload is the term for the code to execute on the target system once the system is exploited.
The payload is delivered by the exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Which of the following tools can be used to perform a social engineering attack during a pentest in order to log usernames and passwords of the victims?
A.Msfvenom
B.Metasploit
C.Tailgating
D.SET
A

D.SET

Explanation:
The Social Engineer Toolkit (SET) can be used to clone a site such as Gmail or Facebook and then trick the users to the cloned site so that you can receive a copy of the users logon credentials when he or she logs on, thinking the site is the real site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Which of the following is a common type of sandbox escape exploit that allows the hacker access to resources outside of the contained area?
A.SET
B.Shell upgrade
C.Payload
D.BeEF
A

B.Shell upgrade

Explanation:
A shell upgrade exploit is a form of sandbox escape that could give the attacker elevated permissions within a command shell.
Other types of sandbox escape exploits are VM and container sandbox escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Which of the following is an exploitation framework that is focused on running malicious code in the browser in order to exploit the system?
A.BeEF
B.SET
C.Metasploit
D.nmap
A

A.BeEF

Explanation:
The Browser Exploitation Framework (BeEF) is used to run malicious code when the user visits the malicious site and thene xploits the system allowing the attacker full access without the users knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

PenTest+ (80 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions