CompTIA PenTest+ Practice Test Chapter 4 Penetration Testing Tools (Sybex: Panek, Crystal, Tracy) Flashcards
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to run a SYN port scan of this host. Which command should you use to do this?
A.nmap 192.168.1.1 -sS
B.nmap 192.168.1.1 -sT
C.nmap 192.168.1.1 -sU
D.nmap 192.168.1.1 -sA
A.nmap 192.168.1.1 -sS
Explanation:
The –sS option causes the nmap utility to conduct a SYN port scan of the specified target system.
You are conducting a white box penetration test for a client. You need to use the nmap utility on your laptop to run a scan of every host on the 192.168.1.0 subnet (which uses a subnet mask of 255.255.255.0). Which commands could you use to do this? (Choose two.)
A.nmap 192.168.1.0 B.nmap 192.168.1.0-255 C.nmap 192.168.1.0 –m:255.255.255.0 D.nmap 192.168.1.0/24 E.nmap 192.168.1.1-254
D.nmap 192.168.1.0/24
E.nmap 192.168.1.1-254
Explanation:
The nmap 192.168.1.0/24 command causes the nmap utility to scan every system on the subnet, from .1 to .254.
Likewise, the nmap 192.168.1.1-254 command causes the nmap utility to scan every system on the subnet, from .1 to .254.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to run a SYN port scan of this host. Which commands could you use to do this? (Choose two.)
A.nmap 192.168.1.1 –sS B.nmap 192.168.1.1 C.nmap 192.168.1.1 -sV D.nmap 192.168.1.1 -O E.nmap 192.168.1.1 –T0
A.nmap 192.168.1.1 –sS
B.nmap 192.168.1.1
Explanation:
The nmap 192.168.1.1 -sS command causes the nmap utility to conduct a SYN port scan of the specified target system. Likewise, the nmap 192.168.1.1 command also causes the nmap utility to conduct a SYN port scan of the specified target system because a SYN scan is the default used if no other scan type is specified.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to determine the operating system running on this host. Which command should you use to do this?
A.nmap 192.168.1.1 –sS
B.nmap 192.168.1.1 –sL
C.nmap 192.168.1.1 -sV
D.nmap 192.168.1.1 -O
D.nmap 192.168.1.1 -O
Explanation:
The nmap 192.168.1.1 -O command causes the nmap utility to use TCP/IP stack fingerprinting to determine the operating system installed on the remote host.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to determine the operating system running on this host. Which command could you use to do this?
A.nmap 192.168.1.1 –A
B.nmap 192.168.1.1 –T1
C.nmap 192.168.1.1 -sT
D.nmap 192.168.1.1 -f
A.nmap 192.168.1.1 –A
Explanation:
The nmap 192.168.1.1 -A command enables OS detection, service version detection, script scanning, and traceroute to the remote host.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to run a TCP connect scan of this host.
Which command should you use to do this?
A.nmap 192.168.1.1 –sL
B.nmap 192.168.1.1 –T1
C.nmap 192.168.1.1 -sT
D.nmap 192.168.1.1 -f
C.nmap 192.168.1.1 -sT
Explanation:
The nmap 192.168.1.1 -sT command causes the nmap utility to conduct a TCP connect scan of the specified target system.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to run a UDP port scan of this host. Which command should you use to do this?
A.nmap 192.168.1.1 –sL
B.nmap 192.168.1.1 –U
C.nmap 192.168.1.1 -sT
D.nmap 192.168.1.1 -sU
D.nmap 192.168.1.1 -sU
Explanation:
The nmap 192.168.1.1 -sU command causes the nmap utility to conduct a UDP port scan of the specified target system.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to discover all the hosts on the 192.168.1.0 subnet (which uses a subnet mask of 255.255.255.0) without actually scanning those hosts. Which command should you use to do this?
A.nmap 192.168.1.0/24 –sL
B.nmap 192.168.1.0/24 –list
C.nmap 192.168.1.1-254 -sW
D.nmap 192.168.1.1-254 -sM
A.nmap 192.168.1.0/24 –sL
Explanation:
The nmap 192.168.1.0/24 -sL command causes the nmap utility to scan the specified range of IP addresses for hosts. It simply lists targets to scan.
You are conducting a gray box penetration test for a client. You have identified an internal host with an IP address of 192.168.1.1 as a potential target. You need to use the nmap utility on your laptop to run a TCP ACK scan of this host. Which command should you use to do this?
A.nmap 192.168.1.1 –sA
B.nmap 192.168.1.1 –T1
C.nmap 192.168.1.1 -sT
D.nmap 192.168.1.1 -ACK
A.nmap 192.168.1.1 –sA
Explanation:
The nmap 192.168.1.1 -sA command causes the nmap utility to conduct a TCP ACK scan of the specified target system.
You are conducting a white box penetration test for a client. You need to use the nmap utility on your laptop to run a scan of every host on the 192.168.1.0 subnet (which uses a subnet mask of 255.255.255.0), but without scanning the host with an IP address of 192.168.1.250 (which you suspect is a honeypot host). Which command should you use to do this?
A.nmap 192.168.1.1-254
B.nmap 192.168.1.0/24 –noscan 192.168.1.250
C.nmap 192.168.1.0/24 –exclude 192.168.1.250
D.nmap 192.168.1.1-254 –skip 192.168.1.250
C.nmap 192.168.1.0/24 –exclude 192.168.1.250
Explanation:
The nmap 192.168.1.0/24 –exclude 192.168.1.250 command causes the nmap utility to scan every system on the subnet from .1 to .254 but skips the host with an IP address of 192.168.1.250.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to run a TCP ACK scan of hosts on the network with IP addresses of 192.168.1.10, 192.168.1.11, and 192.168.1.13. Which command should you use to do this?
A.nmap 192.168.1.10-13 –sA
B.nmap 192.168.1.0/24 –sA
C.nmap 192.168.1.10/24 -sA
D.nmap 192.168.1.10-13 –sT
A.nmap 192.168.1.10-13 –sA
Explanation:
The nmap 192.168.1.10-13 -sA command causes the nmap utility to conduct a TCP ACK scan of the target systems with IP addresses of 192.168.1.10, 192.168.1.11, and 192.168.1.13.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to run a UDP scan of hosts on the network with IP addresses of 192.168.1.10, 192.168.1.11, 192.168.1.13, and 192.168.1.15. Which command should you use to do this?
A.nmap 192.168.1.10-15 –sU
B.nmap 192.168.1.0/24 –sU
C.nmap 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.15 -sU
D.nmap 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.15 –U
C.nmap 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.15 -sU
Explanation:
Because the hosts to be scanned do not have contiguous IP addresses, you must specify each host individually. In this case, the nmap 192.168.1.10 192.168.1.11 192.168.1.12 192.168.1.13 192.168.1.15 -sU command causes the nmap utility to conduct a UDP port scan of each specified system.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to discover all of the hosts on the 192.168.1.0 subnet (which uses a subnet mask of 255.255.255.0) without actually scanning any ports on those hosts. Which command should you use to do this?
A.nmap 192.168.1.0/16 –sL
B.nmap 192.168.1.1-254 -sn
C.nmap 192.168.1.1-254 -sW
D.nmap 192.168.1.0/16 -sM
B.nmap 192.168.1.1-254 -sn
Explanation:
The nmap 192.168.1.1-254 -sn command causes the nmap utility to scan the specified range of IP addresses for hosts. It lists all the hosts found without actually scanning any of their ports.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to discover all of the hosts on the 192.168.1.0 subnet (which uses a subnet mask of 255.255.255.0) that have the Telnet port open.
Which command should you use to do this?
A.nmap 192.168.1.0/24 –s 23
B.nmap 192.168.1.0/24 –p 21
C.nmap 192.168.1.1-254 –p 21
D.nmap 192.168.1.1-254 –p 23
D.nmap 192.168.1.1-254 –p 23
Explanation:
The nmap 192.168.1.1-254 –p 23 command causes the nmap utility to scan the specified range of IP addresses for hosts with Telnet port 23 open.
You are conducting a gray box penetration test for a client. You need to use the nmap utility on your laptop to scan all of the ports on a network host with an IP address of 192.168.1.2. Which command should you use to do this?
A.nmap 192.168.1.2 -p-
B.nmap 192.168.1.2 –p all
C.nmap 192.168.1.2 –s all
D.nmap 192.168.1.2 –p 1-1024
A.nmap 192.168.1.2 -p-
Explanation:
The nmap 192.168.1.2 -p- command causes the nmap utility to scan all ports on the specified host. Be aware that the scan will take some time to complete because of the number of ports involved.
You are conducting a gray box penetration test for a client. You use the nmap utility to see whether the Telnet service is running on a Linux server you discovered. The output of the command indicates that the Telnet port state is Filtered. What does this likely mean?
A.The Telnet service is installed but not running.
B.The Telnet service is not installed.
C.The Telnet service is not installed, and a different service is using its default port.
D.The Telnet service is installed and running, but a host firewall is blocking it.
D.The Telnet service is installed and running, but a host firewall is blocking it.
Explanation:
When nmap indicates a port is filtered, it usually means the associated service is installed and running, but a host firewall is blocking the port.
You are conducting a gray box penetration test for a client. You use the nmap utility to see whether the Telnet service is running on a Linux server you discovered. The output of the command indicates that the Telnet port state is Open. What does this mean?
A.The Telnet service is installed but not running.
B.The Telnet service is installed, running, and accessible.
C.The Telnet service is not installed, and a different service is using its default port.
D.The Telnet service is not installed.
B.The Telnet service is installed, running, and accessible.
Explanation:
When nmap indicates a port is open, it usually means the associated service is installed, is running, and is accessible through the host firewall.
You are conducting a gray box penetration test for a client. You use the nmap utility to see whether the Telnet service is running on a Linux server you discovered. The output of the command indicates that the Telnet port state is Closed. What could this mean? (Choose two.)
A.The Telnet service is installed but not running.
B.The Telnet service is installed, running, and accessible.
C.The Telnet service is not installed, and a different service is using its default port.
D.The Telnet service is not installed.
E.The Telnet service is installed and running, but a host firewall is blocking it.
A.The Telnet service is installed but not running.
Explanation:
When nmap indicates a port is closed, it usually means either the associated service is not installed at all or it has been installed but currently isn’t running. Therefore, nothing is listening on its associated port.
A penetration tester uses the nmap utility to send a TCP SYN packet to a target host. The target host responds with a SYN ACK packet, but instead of finishing the connection, nmap sends a reset packet to the target host. Which option did the tester use with the nmap command?
A.-sS
B.-sT
C.-sU
D.-sL
A.-sS
Explanation:
The –sS option causes nmap to run a TCP SYN scan. In this scan, nmap sends a TCP SYN packet to a target host, and then the target host responds with a SYN ACK packet. However, instead of finishing the connection, nmap sends a reset packet to the target host.
Which command option causes nmap to detect services running on a target host and report the version number of any services found?
A.-sS
B.-sT
C.-sU
D.-sV
D.-sV
Explanation:
All of the options shown in this question will cause nmap to detect services running on the target host. However, only the –sV option can be used with nmap to detect the version number of those services.
Which command option will cause nmap to scan just UDP port 20 and TCP ports 21 and 22?
A.-p 20-22
B.–top-ports 1024
C.-p U:20,T:21,22
D.-p-
C.-p U:20,T:21,22
Explanation:
The -p U:20,T:21,22 command tells nmap to just scan UDP port 20 and TCP ports 21 and 22. The other options in this question will also scan these ports; however, they also scan many other unwanted ports.
As a penetration tester, you want to scan a Linux server with an IP address of 192.168.1.200 in the target network and see whether it has a web server installed and running. Which nmap commands will do this? (Choose two.)
A.nmap 192.168.1.200 –p http,https
B.nmap 192.168.1.200 –sn 80,443
C.nmap 192.168.1.200 –p 80,443
D.nmap 192.168.1.200 –T4 80,443
A.nmap 192.168.1.200 –p http,https
C.nmap 192.168.1.200 –p 80,443
Explanation:
Either the –p http,https option or the –p 80,443 option can be used with nmap to scan a host for a web server service.
As a penetration tester, you want to scan a Linux server with an IP address of 192.168.1.200 in the target network for the 1000 most popular network services to see whether they are installed and running. However, you already know this host is running the DNS service, so you want to skip this port in the scan. Which nmap command will do this?
A.nmap 192.168.1.200 –p 1-1000 –exclude-ports 53
B.nmap 192.168.1.200 –top-ports 1000 –exclude-ports 53
C.nmap 192.168.1.200 –well-known-ports –exclude-ports 53
D.nmap 192.168.1.200 –top-ports 1000
B.nmap 192.168.1.200 –top-ports 1000 –exclude-ports 53
Explanation:
The –top-ports 1000 option tells nmap to scan the default ports used by the 1,000 most popular network services. The –exclude-ports 53 option tells nmap to skip port 53 (the default port used by DNS servers) during the scan.
You have created a list of target hosts that you want to scan with nmap and saved it to a text file named /root/targets.txt. Which command should you use to run the scan using this file?
A.nmap -iR /root/targets.txt
B.nmap –file /root/targets.txt
C.nmap -iL /root/targets.txt
D.nmap -iF /root/targets.txt
C.nmap -iL /root/targets.txt
Explanation:
The -iL file_name option tells nmap to read the specified file and scan only those hosts listed in the file.