Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PenTest+ > Pentest+ For Dummies Pre-Assessment > Flashcards

Pentest+ For Dummies Pre-Assessment Flashcards

1
Q

You are performing a penetration test for a large customer.
You are using Nmap to determine the ports that are open on the target systems.
What phase of the penetration testing process are you currently on?
A.Reporting and Communication
B.Attacks and Exploits
C.Planning and Scoping
D.Information gathering and vulnerability identification

A

D.Information gathering and vulnerability identification

Explanation:
The information gathering and vulnerability identification phase uses tools to discover systems, services running on those systems and vulnerabilities that exist on those systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You are preparing to perform a penetration test for a customer.
What type of document does the customer typically have the penetration tester sign before the penetration test begins?

A.Authorization letter
B.Service Level Agreement
C.Non-disclosure agreement
D.Master Service Agreement

A

C.Non-disclosure agreement

Explanation:
Customers should have penetration testers sign a NDA agreement before starting the pentest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which of the following penetration tools are considered OSINT tools? (Choose two)
A.Nmap
B.Recon-ng
C.Hydra
D.Metasploit
E.Maltego
A

B.Recon-ng
E.Maltego

Recon-ng and Maltego are examples of OSINT tools used to discover public information about a customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are in the discover phase of a penetration test and would like to do a port scan on the network but not perform a ping operation with the port scan.
What Nmap command switch would you use to disable pings with the port scan?
A.-Pn
B.-p
C.-sP
D.-sT

A

A.-Pn

Explanation:
You can use the -Pn parameter on Nmap to disable ping operations when performing a port scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are looking to discover vulnerabilities on a group of systems that are target systems for your penetration test.
What tools would you use to identify vulnerabilities in the system? (Choose two)
A.OpenVAS
B.Nessus
C.Hydra
D.Metasploit
E.Nmap

A

A.OpenVAS
B.Nessus

Explanation:
OpenVAS and Nessus are examples of vulnerability scanners that can be used to discover vulnerabilities on a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

During a penetration test you are looking to perform a MiTM attack.
Which of the following tools would you use to perform the attack?
A.Hydra
B.Metasploit
C.arpspoof
D.John

A

C.arpspoof

Explanation:
arpspoof is an example of a tool that can be used during a MiTM attack.

arpspoof is used to poison the ARP cache of systems so that the attacker can place themselves in the middle of the commuinication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You are performing a penetration test on a wireless network.
You would like to de authenticate the clients from the access point.
What tools would you use?
A.aircrack-ng
B.aireplay-ng
C.Airodump -ng
D.Deauth-ng

A

B.aireplay-ng

Explanation:
airplay-ng is a tool used to generate different types of wireless traffic, including a de authentication packet that is used to instruct clients to disconnect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

While performing a penetration test on a wireless network, you decide to try to brute force the WPS pin on the wireless access point.
What command would you use in Kali Linux?
A.aircrack-ng
B.mimikatz
C.Reaver
D.wpscrack-ng

A

C.Reaver

Explanation:
Reaver is a command-line tool in Kali Linux that allows you perform a brute force attack on the WPS pin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are assess the secvurity of a web application running on a web server within the DMZ.
Which of the following represents an example of a command injection?
A http:// site/ showData.php? id = 1; phpinfo()
B http:// site/ purchase.aspx? redirect = confirmation.aspx
C. http:// site/ prodt.php? id = 5; update% 20products% 20set% 20price =. 50
D. http:// site/ showData.php? dir =% 3Bcat% 20/ etc/ passwd

A

D. http:// site/ showData.php? dir =% 3Bcat% 20/ etc/ passwd

Explanation:
When looking at the URL that is used in the attack, you want to identify what is being injected.
Choice D is injecting the cat command from the operating system so it is considered a command-injection attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are performing a penetration test for a customer and have exploited a system and gained a meterpreter session.
What post-exploitation command was used to obtain the following output?

Admin: 500: b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648c Guest: 501: b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648c testUser: 1024: b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648c

A.hashdump
B.hydra
C.kill av
D.truncate

A

A.hashdump

Explanation:
The hashdump command is used during post-exploitation to retrieve a list of password hashes that can then be used in other attacks such as password cracking or a pass-the-hash attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are assessing the security of a web application.
What tool would you use to identify vulnerabilities on a website?
A.SQLdict
B.nmap
C.Nikto
D.Hydra

A

C.Nikto

Explanation:
Nikto is an example of a web application vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You have obtained the password hash for the administrator account on a system.
What tool would you use to crack the password hash?
A.Hashdump
B.Nmapo
C.Aircrack-ng
D.Hashcat

A

D.Hashcat

Explanation:
Hashcat is a command line tool in Kali Linux that can be used to crack the password hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

During an authorized penetration test, you have used Nmap to locate systems on the network running RDP.
What command would you use to perform password cracking using RDP traffic on the system?
A.mimikatz
B.hashcat
C.hydra
D.hashdump

A

C.hydra

Explanation:
Hydra is a tool used to crack passwords and can be used to crack passwords of a remote system using protocols such as RDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What language was used to write the following code?

startTime = datetime.now() try: for port in range( 1,1024): sock = socket.socket( socket.AF_INET, socket.SOCK_STREAM) result = sock.connect_ex(( remoteSystemIP, port)) if result = = 0: print “Port {}: Open”. format( port) sock.close()

A.PowerShell
B.Python
C.Ruby
D.Bash

A

B.Python

Explanation:
You can tell that the script was created in Python because of the comparion operator being used (==).

powershell and Bash use -eq as the comparison operator.

Also notice the user of the print statement (instead of echo) and the fact variadles do not use $ in front of them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

While performing a penetration test for a customer, you notice there is evidence of a previous security compromise on the web server.
What should you do?
A.Make note of it and continue the pentest
B.Continue the pentest and add evidence to the report
C.Patch the system and continue the pentest
D.Halt the pentest and discuss the findings with the stakeholder

A

D.Halt the pentest and discuss the findings with the stakeholder

Explanation:
If you notice evidence that a system has been hacked into already, you should halt the penetration test and discuss the findings with the stakeholders right away

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

PenTest+ (80 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions