Penetration Testing Mid Term

The goal of a(n) ______________ is to create a ranked list of weaknesses in a computer system along with potential remediation steps.

Vulnerability Assessment

What type of Vulnerability Assessment is performed with internal knowledge of the systems, such as source code of applications or naming conventions of networked systems?

White Box

It is legal for an Ethical Hacker to try and find and exploit vulnerabilities in a system without permission, as long as they provide the target with their findings afterwards.

False

Which of the 7 stages of penetration testing does OSINT fall under?

Information Gathering

Which of the 7 stages of penetration testing does port scanning fall under?

Information Gathering

Which of the following is the primary difference between a whitehat hacker and a blackhat hacker?

Consent from all participating parties/Legality

Which of the following is NOT a source that can be used during Open Source Intelligence Gathering?

Database of employee records on the targets network

Which of the following tools can be used to gather information about DNS for an organization or system. (Select all that apply)

zone transfers

nslookup

whois

Performing a network scan is considered a passive for of OSINT recon?

False

A Google _______ query is a search string that uses advanced search operators to find information that is not readily available on a website.

dork

Which of the follow tools can be used for port scanning?

nmap

netcat

Metasploit Framework

The OS that is running on a system can be determined through a port scan.

True

Which type of scan uses the complete TCP handshake when scanning for ports?

Connect Scan

Which type of port scan can be used to determine if a firewall is statefull or stateless?

ACK Scan

When running a SYN port scan using nmap, what state indicates there is a firewall in place?

Filtered

Running a port scan on a network to determine what services and versions are running based on network responses is known as _____________.

fingerprinting

Kali Linux is the only thing you need to perform a penetration test.

False

Kali Linux is based of which popular distribution of Linux?

Debian

The Metasploit Framework can only be used to exploit vulnerabilities.

False

A _____________ is a flaw or weakness in an asset that can leave it open to attack.

vulnerability

Something (or someone) within an organization that can be the target of an attack and may have vulnerabilities is known as an _________.

asset

Match the following assets with the potential vulnerabilities.

Data - No Encryption (Plain Text)

Hardware - Active USB Ports

Computer System - Outdated OS

Application - Bad Code

Network - Open Ports

Personnel - Password

Physical Objects - Unlocked Doors

The more complex a system is, the more likely it will have vulnerabilities.

True

A vulnerability assessment includes exploiting the results.

False

Low, Moderate, Critical, and Catastrophic are the only category levels vulnerabilities are ranked by.

False

Match each tool with the type of vulnerability assessment they would be used for.

Each type of assessment may have more than one tool.

nmap - Manual

netcat - Manual

nmap scripting engine (NSE) - semi manual

Metasploit scanner modules - semi manual

Nessus - Automatic

OpenVAS - Automatic

Nexpose - Automatic

A reference method for publicly known vulnerabilities is known as ____________?

Common Vulnerabilities and Exposures

The code or script that is designed to exploit a vulnerability is known as ___________?

Payload

The ___________ Framework contains pre-written exploits, but also has the tools to help a Penetration tester write there own.

metasploit

Logging into a system with default credentials that have not been changed in order to gain access is a simple example of a(n) ___________.

exploit

A default username and password not being changed on a system is a simple example of a(n)___________.

vulnerability

Which of the following are examples of unsecured services that can have data sniffed in plain text.

FTP

SMTP

SSH

Capturing encrypted data is of no use to a penetration tested because it cannot be read.

False

Passive sniffing is an effective method of packet capture on a switched network.

False

The active sniffing technique known as MAC flooding is only effective when the target switch is configured to fail-_____.

open

ARP poisoning is a type of Man-in-the-Middle attack where you spoof the IP address of your target.

False

For an ARP poisoning attack to be effective, what must you do to the packets after you capture them?

Forward the packet to the original destination

The main goal of a Denial of Service attack is to make the target system become unstable or unavailable.

True

A DDoS attack is carried out by many systems connected to what is commonly known as a(n) ___________

botnet

Botnets can be used for other purposes besides a DDoS attack.

True

A DNS poisoning attack requires the attacker to install malware on the DNS server.

False