Pentest+ for Dummies Chapter 1 Prep Test Flashcards
Bob is using nmap to discover ports that are open on the system.
What form of information gathering is Bob performing?
A.Vulnerability identification
B.Active Information Gathering
C.Vulnerability Scanning
D.Passive information Gathering
B.Active Information Gathering
Explanation:
Bob is performing active reconnaissance, or active information gathering, when using a port scanner to discover ports that are open on a system
What type of penetration test involves the tester being given no information about the target environment? A.Black Box B.White Box C.Gray Box D.Red Box
A.Black Box
Explanation:
A black box test is when the pentester is given no knowledge of the environment being tester
What type of reconnaissance involves the tester querying the DNS to discover the DNS names and IP addresses used by the customer? A.Vulnerability Identification B.Active Information Gathering C.Vulnerability Scanning D.Passive Information Gathering
D.Passive Information Gathering
Explanation:
Passive reconnaissance, or passive information gathering is when the pentester uses public Internet resources to discover information about his or her target
Which of the following represents a reason to perform a penetration test annually? A.Cost B.Time C.Compliance D.Know-how
C.Compliance
Explanation:
Organizations may be governed by regulations that force a company to perform penetration tests on a regular basis in order to be compliant
Lisa performed a penetration test in your organization and is creating the report.
What should Lisa be sure to communicate within the report?
A.How good she is at hacking
B.Remediation Steps
C.Signed Authorization
D.Resources Used
B.Remediation Steps
Explanation:
The purpose of the penetration test is to better the security of the organization.
Therefore, it is critical the report contains remediation steps on how to improve the security of vulnerable systems
Which of the following is critical to perform during the planning and scoping phase of the penetration test? A.Port Scan B.Vulnerability Scan C.Summary of remediation steps D.Obtain Written Authorization
D.Obtain Written Authorization
Explanation:
It is imperative that you get written authorization to perform the pentest before doing any testing.
Also, be sure to get written authorization from an authorized party such as the business owner or an upper-level manager.
It is not enough to get authorization from a local manager
What type of penetration test involves giving the tester only the IP addresses of the servers that you wish to be tested? A.Black Box B.White Box C.Gray Box D.Red Box
C.Gray Box
Explanation:
A Gray box involves giving limited information to the tester so that the tester is more focused on specific targets during the pentest
What is the third phase of the CompTIA penetration testing process?
A.Attacks and Exploits
B.Reporting and Communication
C.Planning and Scoping
D.Information gathering and vulnerability identification
A.Attacks and Exploits
Explanation:
The third phase of the CompTIA pentest process is attacks and exploits
What threat actor has limited knowledge of the attacks being performed and just typically runs prebuilt tools to perform the attack? A.APT B.Script Kiddie C.Hacktivist D.Insider Threat
B.Script Kiddie
Explanation:
A script kiddie has limited technical knowledge of the details of the attack and simply runs the tools that are already created
You are part of the team within your organization that performs the attacks during the penetration test. What is the name for your team? A.Blue team B.Black team C.White team D.Red team
D.Red team
Explanation:
The red team is the name of the pentest team that simulates the attacks, while the blue team tries to detect and defend against those attacks
