Michael Solomon CompTIA Pentest+ Quiz 2 Flashcards

1
Q
Which nmap option fingerprints a target (or attempts to determine a target’s operating system)? 
A.-sO
B.-O
C.-sF
D.-F
A

B.-O

The -O option fingerprints, or attempts to determine the operating system of, a target. None of the other options listed perform fingerprinting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which primary nmap option attempts to avoid intrusion detection? 
A.-sS
B.-si
C.sQ
D.-sO
A

A.-sS

The nmap -sS option is also called the nmap stealth scan because it only begins the TCP handshake process and thereby reduces interaction with potential targets. The other options listed are invalid nmap options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
The command “nmap -sV -p 443 –script sslv2 target” helps identify systems running SSLv2, a protocol that is not allowed in PCIDSS. What type of scan is this? 
A.Credentialed Scan
B.Discovery scan
C.Compliance scan
D.Regulatory scan
A

C.Compliance scan

A scan that specifically looks for gaps in compliance with any standard, regulation, or other requirement is called a compliance scan. A credentialed scan is a scan that uses valid access credentials, a discover scan is a general scan to discover targets and services, and there is no scan specifically called a regulatory scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which framework is a collection of open source services and tools that provides comprehensive vulnerability scanning and vulnerability management? 
A.Nikto
B.OpenVAS
C.Nessus
D.nmap
A

B.OpenVAS

The OpenVAS is a comprehensive collection of services and tools that provide vulnerability scanning and management. OpenVAS originated from a fork of the commercial Nessus product. Nikto and nmap are powerful tools for scanning, but are not comprehensive frameworks for vulnerability scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
What term describes the situation in which a scan reports that a vulnerability exists when it actually is not present on a target? 
A.False positive
B.Null hypothesis
C.False Negative
D.Crossover error
A

A.False positive

A false positive is a situation when a scanner reports a condition when it actually does not exist. A false negative exists when the condition is present but the scanner fails to detect it. A null hypothesis is a statistics term which is a statement that there is no relationship between two conditions. Crossover error is the point at which the false positive and false negative error rates coincide, generally indicating a well-balanced scanner configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the following command do? “nmap 10.10.1.0/24 -T1 -O”
A.Scans IP addresses 10.10.1.24, writing output to a file while attempting to avoid IDS
B.Scans IP addresses 10.10.1.255, writing output to a file while attempting to avoid IDS
C.Scans IP addresses 10.10.1.0-10.10.1.24 to fingerprint targets with a very fast scan
D.Scans IP addresses 10.10.1.0-10.10.1.255 to fingerprint targets while attempting to avoid IDS

A

D.Scans IP addresses 10.10.1.0-10.10.1.255 to fingerprint targets while attempting to avoid IDS

The 10.10.1.0/24 Class C network designation refers to IP addresses 10.10.1.0 to 10.10.1.255. Th e-O option detects operating system (fingerprinting), and the -T1 timing option (sneaky) slows down query frequency to avoid IDS detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
What input file type contains previously hashed passwords used to speed up credential attacks? 
A.Hash table
B.Elliptic curve hash
C.Rainbow table
D.Dictionary hash
A

C.Rainbow table

A rainbow table is a precomputed table of hashed passwords, which is used to dramatically reduce the time required to crack passwords. A hash table is a generic table of hashed values, and there is no specific data structure called an elliptic curve hash or dictionary hash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
What type of vulnerabilities are most commonly found in SCADA systems? 
A.Unpatched operating system/software
B.Weak passwords
C.Lack of encryption
D.Unvalidated input
A

A.Unpatched operating system/software

SCADA systems are built to be single entities that include the operating system, device drivers, communication stacks, and application software. This design makes it difficult to keep each layer patched with the latest security fixes. Because of the difficulty patching all layers, it is common to find unpatched vulnerabilities in SCADA systems. All other listed vulnerabilities do not occur at a higher rate in SCADA systems than any other general purpose system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Why are IoT devices often more vulnerable than computers or traditional network devices? 
A.Default configuration
B.Low power use
C.Easy to install
D.Wireless connection
A

A.Default configuration

I-T devices are generally easy to install, use lower power than traditional network devices, and often connect to the Internet using wireless connections. But these characteristics are not inherently insecure. As a result of being easy to install, many non-technical users of IoT devices leave the default configuration settings in place after installation. These commonly known settings for IP address, admin userid and password, and other values make accessing IoT devices easier for hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly