Penetration Testing

Question 1

Tom is running a penetration test in a web application and discovers a flaw that allows him to shut down the web server remotely. What goal of penetration testing has Tom most directly achieved?

A. Disclosure

B. Integrity

C. Alteration

D. Denial

Answer 1

Answer:

D. Tom’s attack achieved the goal of denial by shutting down the web server and preventing legitimate users from accessing it.

Question 2

Brian ran a penetration test against a school’s grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school’s cybersecurity team to prevent students from engaging in this type of activity?

A. Confidentiality

B. Integrity

C. Alteration

D. Availability

Answer 2

Answer:

B. By allowing students to change their own grades, this vulnerability provides a pathway to unauthorized alteration of information. Brian should recommend that the school deploy integrity controls that prevent unauthorized modifications.

Question 3

Edward Snowden gathered a massive quantity of sensitive information from the National Security Agency and released it to the media without permission. What type of attack did he wage?

A. Disclosure

B. Denial

C. Alteration

D. Availability

Answer 3

Answer:

A. Snowden released sensitive information to individuals and groups who were not authorized to access that information. That is an example of a disclosure attack.

Question 4

Assuming no significant changes in an organization’s cardholder data environment, how often does PCI DSS require that a merchant accepting credit cards conduct penetration testing?

A. Monthly

B. Semiannually

C. Annually

D. Biannually

Answer 4

Answer:

C. PCI DSS requires that organizations conduct both internal and external penetration tests on at least an annual basis. Organizations must also conduct testing after any significant change in the cardholder data environment.

Question 5

Which one of the following is NOT a benefit of using an internal penetration testing team?

A. Contextual knowledge

B. Cost

C. Subject matter expertise

D. Independence

Answer 5

Answer:

D. The use of internal testing teams may introduce conscious or unconscious bias into the penetration testing process. This lack of independence is one reason organizations may choose to use an external testing team.

Question 6

Which one of the following is NOT a reason to conduct periodic penetration tests of systems and applications?

A. Changes in the environment

B. Cost

C. Evolving threats

D. New team members

Answer 6

Answer:

B. Repeating penetration tests periodically does not provide cost benefits to the organization. In fact, it incurs costs. However, penetration tests should be repeated because they can detect issues that arise due to changes in the tested environment and the evolving threat landscape. The use of new team members also increases the independence and value of subsequent tests.

Question 7

Rich recently got into trouble with a client for using an attack tool during a penetration test that caused a system outage. During what stage of the penetration testing process should Rich and his clients have agreed on the tools and techniques that he would use during the test?

A. Planning and Scoping

B. Information Gathering and Vulnerability Scanning

C. Attacking and Exploiting

D. Reporting and Communication Results

Answer 7

Answer:

A. During the Planning and Scoping phase, penetration testers and their clients should agree on the rules of engagement for the test. This should result in a written statement of work that clearly outlines the activities authorized during the penetration test.

Question 8

Which one of the following steps of the Cyber Kill Chain does NOT map to the Attacking and Exploiting stage of the penetration testing process?

A. Weaponization

B. Reconnaissance

C, Installation

D. Actions on Objectives

Answer 8

Answer:

B. The Reconnaissance stage of the Cyber Kill Chain maps to the Information Gathering and Vulnerability Scanning step of the penetration testing process. The remaining six steps of the Cyber Kill Chain all map to the Attacking and Exploiting phase of the penetration testing process.

Question 9

Beth recently conducted a phishing attack against a penetration testing target in an attempt to gather credentials that she might use in later attacks. What stage of the penetration testing process is Beth in?

A. Planning and Scoping

B. Attacking and Exploiting

C. Information Gathering and Vulnerability Scanning

D. Reporting and Communication

Answer 9

Answer:

B. While Beth is indeed gathering information during a phishing attack, she is conducting an active social engineering attack. This moves beyond the activities of Information Gathering and Vulnerability Scanning and moves into the realm of Attacking and Exploiting.

Question 10

Which one of the following security assessment tools is NOT commonly used during the Information Gathering and Vulnerability Scanning phase of a penetration test?

A. Nmap

B. Nessus

C. Metasploit

D. Nslookup

Answer 10

Answer:

C. Metasploit is an exploitation framework used to execute and attack and would be better suited for the Attacking and Exploiting phase of a penetration test. Nmap is a port scanning tool used to enumerate open network ports on a system. Nessus is a vulnerability scanner designed to detect security issues on a system. Nslookup is a DNS information‐gathering utility. All three of these tools (Nmap, Nessus and Nslookup) may be used to gather information and detect vulnerabilities.

Question 11

During what phase of the Cyber Kill Chain does an attacker steal information, use computing resources, or alter information without permission?

A. Weaponization

B. Installation

C. Actions on Objectives

D. Command and Control

Answer 11

Answer:

C. The attacker carries out their original intentions to violate the confidentiality, integrity, and/or availability of information or systems during the Actions on Objectives stage of the Cyber Kill Chain.

Question 12

Grace is investigating a security incident where the attackers left USB drives containing infected files in the parking lot of an office building. What stage in the Cyber Kill Chain describes this action?

A. Weaponization

B. Installation

C. Delivery

D. Command and Control

Answer 12

Answer:

C. Distributing infected media (or leaving it in a location where it is likely to be found) is an example of the Delivery phase of the Cyber Kill Chain. The process moves from Delivery into Installation if a user executes the malware on the device.

Question 13

Which one of the following is NOT an open source intelligence gathering tool?

A. WHOIS

B. Nslookup

C. Nessus

D. FOCA

Answer 13

Answer:

C. Nessus is a commercial vulnerability scanner. Whois and Nslookup are tools used to gather information about domains and IP addresses. FOCA is used to harvest information from files. All three of those tools are OSINT tools.

Question 14

Which one of the following tools is an exploitation framework commonly used by penetration testers?

A. Metasploit

B. Wireshark

C. Aircrack‐ng

D. SET

Answer 14

Answer:

A. Metasploit is the most popular exploitation framework used by penetration testers. Wireshark is a protocol analyzer. Aircrack‐ng is a wireless network security testing tool. The Social Engineer Toolkit (SET) is a framework for conducting social engineering attacks.

Question 15

Which one of the following tools is NOT a password‐cracking utility?

A. OWASP ZAP

B. Cain and Abel

C. Hashcat

D. Jack the Ripper

Answer 15

Answer:

A. OWASP ZAP is a web proxy tool. Cain and Abel, Hashcat, and Jack the Ripper are all password‐cracking utilities.

Question 16

Which one of the following vulnerability scanners is specifically designed to test the security of web applications against a wide variety of attacks?

A. OpenVAS

B. Nessus

C. SQLmap

D. Nikto

Answer 16

Answer:

D. Nikto is an open source web application security assessment tool. SQLmap does test web applications, but it only tests for SQL injection vulnerabilities. OpenVAS and Nessus are general‐purpose vulnerability scanners. Although they can detect web application security issues, they are not specifically designed for that purpose.

Question 17

Which one of the following debugging tools does NOT support Windows systems?

A. GDB

B. OllyDbg

C. WinDbg

D. IDA

Answer 17

Answer:

A. GDB is a Linux‐specific debugging tool. OLLYDBG, WinDBG, and IDA are all debugging tools that support Windows environments.

Question 18

What is the final stage of the Cyber Kill Chain?

A. Weaponization

B. Installation

C. Actions on Objectives

D. Command and Control

Answer 18

Answer:

C. During the Actions on Objectives stage, the attacker carries out the activities that were the purpose of the attack. As such, it is the final stage in the chain.

Question 19

Which one of the following activities assumes that an organization has already been compromised?

A. Penetration testing

B. Threat hunting

C. Vulnerability scanning

D. Software testing

Answer 19

Answer:

B. Threat hunting assumes that an organization has already been compromised and searches for signs of successful attacks.

Question 20

Alan is creating a list of recommendations that his organization can follow to remediate issues identified during a penetration test. In what phase of the testing process is Alan participating?

A. Planning and Scoping

B. Reporting and Communication

C. Attacking and Exploiting

D. Information Gathering and Vulnerability Scanning

Answer 20

Answer:

B. During the final stage of a penetration test, Reporting and Communication, the testers provide mitigation strategies for issues identified during the test.