Vulnerability Scanning and Penetration Testing Flashcards
You’ve been asked to perform an assessment of a new software application. Your client wants you to perform the assessment without providing you any information about how the software was developed or how data is processed by the application. This is an example of what type of testing?
White box testing
Passive testing
Black box testing
Black box testing
Black box testing is performed with no knowledge of the internal workings of the software being tested. The application is treated as a “black box”—the tester cannot see what’s inside the box
While examining log files on a compromised Linux system, you notice an unprivileged user account was compromised, followed by several processes crashing and restarting, and finally the shadow file was accessed and modified. Which of the following techniques might the attacker have used?
Active scanning
Escalation of privilege
Credentialed attack
Escalation of privilege
Escalation of privilege is the movement to an account that enables root-level activity. Typically, the attacker uses a normal user account to exploit a vulnerability on a process that is operating at root, enabling the attacker to assume the privileges of the exploited process—at root level. With root-level access, the attacker was able to access and modify the shadow file
While running a vulnerability scanner against a Windows 2016 server, the tool reports the server may be affected by an offset2lib patch vulnerability. You find this odd because the offset2lib patch vulnerability only applies to Linux-based systems. Your vulnerability scanner has most likely reported which of the following?
Overflow finding
Actual negative
False positive
False positive
A false positive is the erroneous reporting of an issue when none really exists. In this case the scanner incorrectly identified the presence of a Linux-specific vulnerability on a Windows system
While responding to a security incident, your team examines network traffic logs. You see incoming connections to a web server in the DMZ. Several hours later in the same traffic logs you see connections from the web server to other systems in the DMZ as well as internal systems. This is an example of what type of technique?
Buffer overflow
SQL injection
Pivoting
Pivoting
This is an example of pivoting. Pivoting occurs when an attacker gains access to a system and then uses that system to scan/attack other systems on the same network
You’ve been asked to examine network traffic for evidence of compromise. You have 1TB of tcpdump logs to review. Which of the following tools would you use to examine these logs?
Zenmap
Wireshark
Nessus
Wireshark
Wireshark is a network protocol analyzer used for capturing and examining network traffic. Nmap and Zenmap are port scanners. Nessus is a vulnerability scanner
A colleague calls you to ask for assistance. He is having trouble keeping an attacker out of his network. He tells you no matter what he tries, he can’t seem to keep the attacker out of his network and he has no idea how the attacker keeps getting in. This is an example of what kind of attack?
Whack-a-mole attack
Advanced persistent threat
Privilege escalation
Advanced persistent threat
This is most likely persistence efforts from an advanced persistent threat (APT). APTs typically try to avoid detection and employ methods that provide them with continued access to compromised systems
Your network traffic logs show a large spike in traffic to your DNS server. Looking at the logs, you see a large number of TCP connection attempts from a single IP address. The destination port of the TCP connections seems to increment by one with each new connection attempt. This is most likely an example of what activity?
Active reconnaissance
Passive reconnaissance
Buffer overflow
Active reconnaissance
This is most likely an example of active reconnaissance. This particular traffic would be indicative of a TCP port scanning attempt where the attacker is probing the system for any open TCP ports
You’ve been asked to examine a custom web application your company is developing. You will have access to design documents, data structure descriptions, data flow diagrams, and any other details about the application you think would be useful. This is an example of what type of testing?
Active testing
White box testing
Gray box testing
White box testing
This is an example of white box testing. In white box testing, the tester has access to detailed knowledge of the things they are examining, whether it’s an application, host, or network
You are attempting to perform an external vulnerability assessment for a client, but your source IP addresses keep getting blocked every time you attempt to run a vulnerability scan. The client confirms this is “as expected” behavior. You aren’t able to scan for vulnerabilities, but you have been able to do which of the following?
Identify vulnerability controls
Passively test security controls
All of the above
Passively test security controls
If your source IP addresses are blocked every time you attempt a vulnerability scan, you’ve successfully done a passive test of the client’s security controls. Your goal was to test for vulnerabilities, but the side effect of your testing validated the client’s security controls were working as intended
What is the main difference between a credentialed and non-credentialed vulnerability scan?
A credentialed scan is performed by a certified professional.
A credentialed scan is performed with a valid userid/password.
A non-credentialed scan uses passive techniques.
A credentialed scan is performed with a valid userid/password.
A credentialed scan is performed with a valid set of user credentials. Credentialed scans are performed with “valid user” access and have the potential to identify vulnerabilities inside an application or environment
While validating a vulnerability, your colleague changes the password of the administrator account on the Windows Server she is examining (as proof of success). This is an example of what type of testing?
Intrusive testing
Credentialed testing
Passive testing
Intrusive testing
This is an example of intrusive testing. Intrusive testing to validate a vulnerability involves exploiting the vulnerability and then making changes to the tested item to prove the vulnerability is present and exploitable. In this case, changing the administrator password proves your colleague could exploit the vulnerability she found
A colleague shows you a scanning report indicating your web server is not vulnerable to the Heartbleed bug. You know this isn’t true as you’ve personally verified that web server is vulnerable. You believe the scanner used to examine your web server is reporting which of the following?
Common misconfiguration
False positive
False negative
False negative
A false negative is when the scanner fails to report a vulnerability that actually does exist—the scanner simply missed the problem or didn’t report it as a problem
Which of the following would be an example of initial exploitation?
Scanning a network using Nmap
Using a SQL injection attack to successfully bypass a login prompt
Using cracked credentials to delete customer data
Using a SQL injection attack to successfully bypass a login prompt
Using a SQL injection attack to successfully bypass a login prompt is an example of initial exploitation. The vulnerability was identified and exploited, but no further action was taken. This proves the existence of the vulnerability and demonstrates the risk associated with the vulnerability
Which of the following is a passive tool?
Tripwire
Zenmap
Nessus
Tripwire
Tripwire is the only passive tool listed. Tripwire detects changes to files based on hash values. Nmap and Zenmap are active tools that generate and send packets to systems being examined. Nessus is a vulnerability scanning tool
What is the primary difference between penetration tests and vulnerability scans?
Penetration tests use active tools.
Vulnerability scans are performed from internal and external perspectives.
Penetration tests exploit discovered vulnerabilities.
Penetration tests exploit discovered vulnerabilities.
Penetration testing is the examination of a system for vulnerabilities that can be exploited. The key is exploitation. There may be vulnerabilities in a system, in fact, one of the early steps in penetration testing is the examination for vulnerabilities, but the differentiation comes in the follow-on steps—the examination of the system in terms of exploitability. Discovered vulnerabilities are exploited during penetration testing
