Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA PenTest+ > Domain 2: Information Gathering and Vulnerability Scanning > Flashcards

Domain 2: Information Gathering and Vulnerability Scanning Flashcards

Information Gathering and Vulnerability Scanning

1
Q

What is Reconnaissance?

A

Learning abiut an organization in a systematic attmept to locate, gather, identify and record information about the target

aka Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is passive reconaissance?

A

Investigating the target without activly engaging with the target organizations systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Open-Source Intelligence?

A

The collection and analysis of data gathered from publicly available sources to produce actionable inteliligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What should you do with reconaissance findings?

A

Gather and catalog all findings for others to review and use

Useful for when workign as a team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Examples of Open Source Inteligence

A
  • Blogs
  • Publications\
  • Adverts
  • Job Listings
  • Metadata
  • Website Information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Good key details to understand abouut the target organization?

A
  • Roles of different employees
  • Different teams and departments
  • Contact Information
  • Technical Aptitud\e and Security Training
  • Employee and Managerial Mindset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A linux-based tool that can search the metadata associated with public documents located on a targets website

Security Tool

Obj 2.1

A

Metagoofil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Metadata?

A

The data about the data in the file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Used to find metadata and hidden information in collected documents from an organization.

Secuirty Tool

Obj 2.1

A

Fingerprint Organizations with Collected Archives (FOCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A program for gathering emails, subdomains, hosts, employee names, email addresses, PGP Key Entires, open ports ans service banner from servers.

Secuirty Tool

Obj 2.1

A

The Harvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Uses a system of modules to add additional features and functions for your use

Security Tool

Obj 2.1

A

Recon-NG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A website search engine used for finding hosts and networks across the Internet with data abouit their configurations

Secuirty Tool

Obj 2.1

A

Censys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A piece of commercial software used for conducting open-source inteligence that visually helps connect those relationships

Security Tool

Obj 2.1

A

Maltego

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A website search engine for web cameras, routers, servers and other devices that are considered part of the internet of things

Secuirty Tool

Obj 2.1

A

Shodan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the system that helps network clients find a website using human-readable hostnames instead of numeric IP addresses?

Obj 2.1

A

Domain Name System (DNS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Links a hostname to an IPv4 address

DNS Record

Obj 2.1

A

Address (A) Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Links a hostname to a IPv6 address

DNS Record

Obj 2.1

A

AAAA Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Points a domain to another domain or subdomain

DNS Record

Obj 2.1

A

Canonical Name (CNAME) Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Directs mail to a mail server

DNS Record

Obj 2.1

A

Mail Exchange (MX) Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Stores important information about the domain or zone

DNS Record

Obj 2.1

A

Start of Authority (SOA) Record

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Correlates an IP Address with a Domain Name

DNS Record

Obj 2.1

A

Pointer (PTR) Record

22
Q

Adds text into the DNS Record

DNS Record

Obj 2.1

A

Text (TXT) Record

23
Q

Specifies a host and port for a specific service

DNS Record

Obj 2.1

A

Service (SVR) Record

24
Q

Indicates which DNS nameserver has the authority

DNS Record

Obj 2.1

A

Nameserver (NS) Record

25
Q

Which DNS records should a penetration tester focus on durign the recon phase?

A

MX, TXT and SRV to check for email and third-party SAAS solutions.

26
Q

What is a cross-platform tool used to query the DNS to provide mapping between domain names and IP addresses or other DNS Records?

DNS Tool

Obj 2.1

A

Name Server Lookup (NSLookup)

27
Q

WHat is a command-line tool on Linux which is also a website that is a query and response protocol for Internet resources?

DNS Tool

Obj 2.1

A

Whois

28
Q

What websites allow developers to work together in an agile way to create software very quickly?

OBJ 2.1

A

Public Source Code Repositories

Gitlab etc

29
Q

What type of files can be mistakenly classified as public for anyone to find?

OBJ 2.1

A

Private Files

30
Q

What have developers been known to put in public source code repositories?

OBJ 2.1

A

Hard coded credentials & API Keys

31
Q

Where can deleted website data still be know to exist on the internet?

OBJ 2.1

A

Website Archives and Website Caches

32
Q

What open source intelligence techniques use Google Search operators to locate vulnerable web servers and applications?

A

Google Hacking

33
Q

Which grammar do you use to specify an exact phase to make a search more precise?

A

Quotes

34
Q

Which Search Engine command uses a minus symbol tin front of a word or quoted phrase to exclude results?

A

NOT

35
Q

Which logical operators require both search terms?

A

AND / OR

36
Q

What are different keywords that can be used to select the search such as site, filetype, related, allintitle, allinurl and allinanchor?

A

Scope

37
Q

What modifiers can be added to the results page to affect the results, such as &pws=0, &filter=0 etc

A

URL Modifier

38
Q

What activity is performed to identify whether a link is already flagged on an existing reputation list or has a malicious script encoded in it?

A

URL Analysis

39
Q

What is a set of request methods to indicate the desired action to be performed for a given resource?

A

HTTP Method

40
Q

Which HTTP method is used to retrieve a resource?

A

GET

41
Q

Which HTTP method is used to send data to the server for processing by the requested resource?

A

POST

42
Q

Which HTTP method is used to create or replace the requested resource?

A

PUT

43
Q

Which HTTP method is used to remove the requested resource?

A

DELETE

44
Q

Which HTTP method retrieves the headers for a resource only and ignores the body?

A

HEAD

45
Q

Which character delimits data that is submitted?

A

?

46
Q

What are usually formatted as one or more name=value pair with & delimitating each pair?

A

&

47
Q

What mechanism is used to encode 8-bit characters that have specific meaning in the context or URL’s also known as URL encoding?

A

Percent Encoding

48
Q

What checks the validity of certificates or potential vulnerabilities to exploit within the target servers?

A

Cryptographic Inspection

49
Q

What defines the algorithm supported by the client and server when requesting to use encryption and hashing?

A

Cipher Suite

50
Q

What can be used to trick the target organizations users?

A

Falsified digital certificates

51
Q
A

CompTIA PenTest+ (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions