Module 2: Threat Management & Cybersecurity Resources Q

Question 1

What is the primary goal of penetration testing?

Answer 1

Attempt to uncover deep vulnerabilities and then manually exploit them

The primary goal of penetration testing is to uncover deep vulnerabilities and then manually exploit them

Question 2

There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing?

Answer 2

Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them

This is the correct difference between vulnerability scanning and penetration testing

Question 3

Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats?

Answer 3

Purple team

The purple team provides real-time feedback between the red and blue teams to enhance the testing

Question 4

Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network?

Answer 4

Footprinting

Footprinting is the process of collecting as much information about the target system as possible to find ways to penetrate the system. Information such as IP address, whois records, DNS information, operating system, employee email id, phone numbers, etc., comes under this

Question 5

Which of the following tools can be used to scan 16 IP addresses for vulnerabilities?

Answer 5

Nessus Essentials

Nessus has a free version called Nessus Essentials that scans 16 IP addresses

Question 6

Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges?

Answer 6

Gray box

Gray box testers have limited knowledge of the network and some elevated privileges

Question 7

Which of the following is the most efficient means of discovering wireless signals?

Answer 7

War flying

War flying is the most efficient means of discovering a Wi-Fi signal. War flying uses drones, which are officially known as unmanned aerial vehicles. Because they can quickly cover a wider area, are not limited to streets and sidewalks, and can easily fly over security perimeters such as fences, drones are the preferred means of finding Wi-Fi signals

Question 8

Which of the following techniques is a method of passive reconnaissance?

Answer 8

Open Source Intelligence (OSINT)

OSINT is used to search online for publicly accessible information. It is a method of passive reconnaissance

Question 9

What is the primary difference between credentialed and non-credentialed scans?

Answer 9

Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials

Credentialed scans are the process where valid authentication credentials are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials. A non-credentialed scan provides no such authentication information

Question 10

Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed?

Answer 10

Look at the priority and the accuracy of the vulnerability

Looking at the priority and the accuracy of the vulnerability is the most appropriate approach for Alice

Question 11

Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test?

Answer 11

A vulnerability scan is usually automated

A vulnerability scan is automated, while a penetration test is performed manually

Question 12

A cyber analyst needs to quickly do a vulnerability scan on an enterprise network with many devices. Which approach should the analyst take?

Answer 12

Scan the most important devices for as long as it takes for each device

When there is limited time to scan a network and provide efficient and effective results, it’s best to scan the most important devices, like internet-facing web, app, and DB servers, for as long as it takes for each device

Question 13

A vulnerability assessment engineer performed vulnerability scanning on active directory servers and discovered that the active directory server is using a lower version of Kerberos. To alert management to the risk behind using a lower version of Kerberos, he needs to explain what an attacker can do to leverage the vulnerabilities in it. Which of the following actions can the attacker perform after exploiting vulnerabilities in Kerberos?

Answer 13

Use privilege escalation

After compromising a low-level user account, privilege escalation is the only possible way to gain access to a highly privileged user, such as a domain admin or enterprise admin, so that the red teamer can do more damage to the network

Question 14

Which of the following is NOT an automated vulnerability scanning tool?

Answer 14

ELK Stack

ELK Stack is a data monitoring tool used as an SIEM and threat hunting solution

Question 15

What are the primary features of a security information event management (SIEM) tool?

Answer 15

Aggregation, correlation, event deduplication, time synchronization, and alerting

Aggregation, correlation, event deduplication, time synchronization, and alerting are the important features of a SIEM tool

Question 16

What is the most accurate explanation of sentiment analysis, and what kind of a tool or product can be utilized to perform this operation?

Answer 16

Using text analysis techniques and IBM QRadar to interpret and classify emotions (positive, negative, and neutral) within text data

Sentiment analysis is the interpretation and classification of emotions (positive, negative, and neutral) within text data using text analysis techniques. Sentiment analysis has been used when tracking threat actor posts in discussion forums with other attackers to better determine threat actors’ behaviors and mindsets. SIEM tool is used to perform this analysis

Question 17

Which operation is carried out by proactively searching security logs for cyber threats that have thus far gone undetected?

Answer 17

Threat hunting

Threat hunting is proactively searching for cyber threats that have thus far gone undetected in a network. Threat hunting begins with a critical, central premise: threat actors have already infiltrated our network

Question 18

Which of the following technologies can be used together for data management in security infrastructure and collecting and analyzing data?

Answer 18

SIEM and SOAR

SIEM and SOAR together can be used for data management in security infrastructure and collecting and analyzing data

Question 19

Which of the following compliance standards was introduced to provide a minimum degree of security to organizations who handle customer information such as debit card and credit card details daily?

Answer 19

PCIDSS

PCIDSS was introduced to provide a minimum degree of security to organizations that handle customer information such as debit cards and credit card details daily

Question 20

Which of the following offensive tools can be used by penetration testers post-exploitation or successful compromise of a user account in a network that dumps passwords from memory and hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks?

Answer 20

Mimikatz and hashcat

Mimikatz and hashcat dump passwords from memory, as well as hashes, PINs, and Kerberos tickets, and thus are used for privilege escalation attacks

Question 21

Which of the following is the advantage of penetration testing over vulnerability scanning?

Answer 21

Penetration testing uncovers and exploits deep vulnerabilities, while vulnerability scanning only discovers surface vulnerabilities

Penetration testing attempts to uncover deep vulnerabilities and exploit them manually with the mindset of a threat actor, while vulnerability scanning is able to discover surface vulnerabilities

Question 22

Which of the following is a primary difference between a red team and a white team?

Answer 22

The red team scans for vulnerabilities and exploits them manually, whereas the white team defines the rules of the penetration testing

Red teams perform vulnerability scanning, and white teams set the rules for penetration testing

Question 23

Dillip is assigned the role of a SOC developer who must build different teams under the SOC. He must build a new team that will put security defenses in place to prevent another team from penetrating the network. Which team should he build to monitor the other team’s attacks and shore up security defenses as necessary?

Answer 23

Blue team

The blue team monitors for red team attacks and shores up defenses as necessary

Question 24

Robert is a black box penetration tester who conducted pen testing attacks on all of the network’s application servers. He was able to exploit a vulnerability and gain access to the system using a mimikatz tool. Which of the following activities did he perform using mimikatz, and which task should he perform next?

Answer 24

Robert used mimikatz for credential harvesting, and should perform privilege escalation using a high-privileged account next

Mimikatz is used for credential harvesting, which will dump all the credentials stored in the OS’s memory. If an account with higher privilege, such as a domain admin or an enterprise admin, is discovered, then privilege escalation is performed to gain access to the account with elevated privileges

Question 25

How can a configuration review reduce the impact of a vulnerability scan on the network’s overall performance?

Answer 25

It ensures the scan is designed to meet its intended goals by defining scope and sensitivity levels

A configuration review can reduce the impact of a vulnerability scan on the network’s overall performance in part because it defines a targeted group of devices to scan, ensures the scan is designed to meet its intended goals, determines the sensitivity level of the scan, and specifies the types of data that will be scanned

Question 26

Which penetration testing consultants are not given any knowledge of the network nor any elevated privileges?

Answer 26

Black box

The black box testers have no knowledge of the network and no special privileges

Question 27

Keily is a vulnerability assessment engineer. She is told to find surface vulnerabilities on all internet-facing web servers in the network. Which of the following are surface vulnerabilities that she should initially chase?

Answer 27

Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations

Missing patches, lack of OS hardening, network design flaw, lack of application hardening, weak passwords, and misconfigurations are the low hanging fruits (vulnerabilities, in context) that Keily should chase first

Question 28

What is the fastest-running vulnerability scan, and why does this type of scan run so fast?

Answer 28

Non-credentialed scans perform fundamental actions such as looking for open ports and finding software that will respond to requests

Non-credentialed scans run faster because they perform fundamental actions such as looking for open ports and finding software that will respond to requests

Question 29

Which standardized framework was developed by NIST to be used as a guidance document designed to help organizations assess and manage risks to their information and systems, and are also used as a comprehensive roadmap that organizations can use to seamlessly integrate their cybersecurity?

Answer 29

Risk management framework (RMF)

NIST’s risk management framework (RMF) is considered a guidance document designed to help organizations assess and manage risks to their information and systems. It is viewed as a comprehensive roadmap for organizations to seamlessly integrate their cybersecurity, privacy, and supply chain risk management processes

Question 30

Which of the following is considered an industry-specific cybersecurity regulation?

Answer 30

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains regulations protecting the privacy and security of certain personal health information (PHI)