Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 46

1. Bob is using nmap to discover ports that are open on the systems. What form of information gathering is Bob performing?

(A) Vulnerability identification

(B) Active information gathering

(C) Vulnerability scanning

(D) Passive information gathering

2. What type of penetration test involves the tester being given no information about the target environment?

(A) Unknown-environment test

(B) Known-environment test

(C) Partially known-environment test

(D) All knowledge test

3. What type of reconnaissance involves the tester querying the DNS to discover the DNS names and IP addresses used by the customer?

(A) Vulnerability identification

(B) Active information gathering

(C) Vulnerability scanning

(D) Passive information gathering

4. Which of the following represents a reason to perform a penetration test annually?

(A) Cost

(B) Time

(C) Compliance

(D) Know-how

5. Lisa performed a penetration test on your organization and is creating the report. What should Lisa be sure to communicate within the report?

(A) How good Lisa is at hacking

(B) Remediation steps

(C) Signed authorization

(D) Resources used

6. Which of the following is critical to perform during the planning and scoping phase of the penetration test?

(A) Port scan

(B) Vulnerability scan

(C) Summary of remediation steps

(D) Obtain written authorization

7. What type of penetration test involves giving the tester only the IP addresses of the servers that you wish to be tested?

(A) Unknown-environment test

(B) Known-environment test

(C) Partially known-environment test

(D) All knowledge test

8. What is the third phase of the CompTIA penetration testing process?

(A) Attacks and exploits

(B) Reporting and communication

(C) Planning and scoping

(D) Information gathering and vulnerability identification

9. What threat actor has limited knowledge of the attacks being performed and typically just runs prebuilt tools to perform the attack?

(A) APT

(B) Script kiddie

(C) Hacktivist

(D) Insider threat

10. You are part of the team within your organization that performs the attacks during the penetration test. What is the name for your team?

(A) Blue team

(B) Black team

(C) White team

(D) Red team

11. What OWASP Top 10 security flaw is a result of an application not employing encryption technology to protect data in storage or data at rest?

(A) Injection

(B) Sensitive Data Exposure

(C) Broken Authentication

(D) Broken Access Control