Section 7-8 Flashcards
An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following best represents the type of testing that is being used?
a.
White-box.
b.
Red-team.
c.
Bug bounty.
d.
Gray-box.
e.
Black-box.
c.
Bug bounty.Your Answer: Correct
A bug bounty program compensates external security researchers or firms for finding and reporting vulnerabilities, incentivizing thorough testing and discovery of security issues.
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?
a.
Bug bounty.
b.
White-box.
c.
Black-box.
d.
Gray-box.
b.
White-box.Your Answer: Correct
White-box testing involves providing the testers with complete information about the internal architecture and source code of the system, allowing for a thorough and comprehensive assessment.
At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?
a.
Active.
b.
Passive.
c.
Offensive.
d.
Defensive.
b.
Passive.Your Answer: Correct
Passive reconnaissance involves gathering information about a target without directly interacting with the target systems, typically using OSINT (Open-Source Intelligence) resources.
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
a.
Open-source intelligence.
b.
Bug bounty.
c.
Red team.
d.
Penetration testing.
b.
Bug bounty.Your Answer: Correct
A bug bounty program allows external researchers to discover and report vulnerabilities in exchange for compensation. This approach helps improve the security of the company’s applications by leveraging the knowledge of a broader community.
Which of the following teams combines both offensive and defensive testing techniques to protect an organization’s critical systems?
a.
Red.
b.
Blue.
c.
Purple.
c.
Purple.Your Answer: Correct
Purple teams combine the tactics of both red teams (offensive security) and blue teams (defensive security) to enhance an organization’s security posture by fostering collaboration and knowledge sharing between offensive and defensive strategies.
A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?
a.
SOW.
b.
BPA.
c.
SLA.
d.
NDA.
a.
SOW.Correct
Statement of Work (SOW) is a document that includes the scope and timeline for a project.
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?
a.
Defensive.
b.
Passive.
c.
Offensive.
d.
Physical.
d.
Physical.Your Answer: Correct
Attempting to gain unauthorized physical access using a badge is a type of physical security test.
Which of the following provides the details about the terms of a test with a third-party penetration tester?
a.
Rules of engagement.
b.
Supply chain analysis.
c.
Right to audit clause.
d.
Due diligence.
a.
Rules of engagement.Correct
The rules of engagement define the scope, boundaries, and procedures for a penetration test, ensuring that both the tester and the client understand and agree on the test’s objectives and limits.
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?
a.
White.
b.
Purple.
c.
Blue.
d.
Red.
d.
Red.Your Answer: Correct
The Red Team is responsible for offensive security assessments, including penetration testing and social engineering. They simulate attacks to identify and exploit vulnerabilities, providing valuable insights into the organization’s security posture and helping improve defenses.
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
a.
Active.Correct
b.
Passive.
c.
Defensive.
d.
Offensive.
a.
Active.Correct
Active reconnaissance involves directly interacting with the target system to gather information, such as performing port and service scans.
The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers. Which of the attacks has most likely occurred?
a.
Privilege escalation.
b.
Buffer overflow.
c.
Resource exhaustion.
d.
Cross-site scripting.
b.
Buffer overflow.Correct Answer
A buffer overflow attack occurs when an attacker inputs data that exceeds the allocated buffer size, potentially leading to the execution of malicious code or system crashes. In this scenario, the excessive input suggests a buffer overflow attempt.
Which of the following would be used to find the most common web-application vulnerabilities?
a.
OWASP.
b.
MITRE ATT&CK.
c.
Cyber Kill Chain.
d.
SDLC.
a.
OWASP.Correct
OWASP (Open Web Application Security Project) provides resources and tools to identify and mitigate the most common web application vulnerabilities, such as the OWASP Top Ten list.
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?
a.
VM escape.
b.
SQL injection.
c.
Buffer overflow.
d.
Race condition.
c.
Buffer overflow.Correct Answer
A buffer overflow vulnerability occurs when more data is written to a buffer than it can hold, allowing an attacker to overwrite adjacent memory, including control registers, with malicious addresses.
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
a.
Patch availability.
b.
Product software compatibility.
c.
Ease of recovery.
d.
Cost of replacement.
a.
Patch availability.Correct
End-of-life operating systems no longer receive security updates or patches, making them vulnerable to exploits. This is a significant security implication that needs to be addressed.
Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?
a.
Code scanning for vulnerabilities.
b.
Open-source component usage.
c.
Quality assurance testing.
d.
Peer review and approval.
d.
Peer review and approval.Correct Answer
Peer review and approval ensure that code is checked by others to detect and prevent malicious activity.
