0 of 50 Questions completed
Questions:
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
0 of 50 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Azra believes that one of her users may be taking malicious action on the systems she has access to. When she walks past her user’s desktop, she sees the following command on the screen:
user12@workstation:/home/user12# ./john -wordfile:/home/user12/mylist.txt -format:lm hash.txt
What is the user attempting to do?
If Marta runs a scan from location B that targets the servers on the datacenter network and then runs a scan from location C, what differences is she most likely to see between the scans?
While tracking a potential APT on her network, Cynthia discovers a network flow for her company’s central file server. What does this flow entry most likely show if 10.2.2.3 is not a system on her network?
Date flow start Duration Proto Src IP Addr:Port Dst IP
Addr:Port Packets Bytes Flows
2017-07-11 13:06:46.343 21601804 TCP 10.1.1.1:1151-
>10.2.2.3:443 9473640 9.1 G 1
2017-07-11 13:06:46.551 21601804 TCP 10.2.2.3:443-
>10.1.1.1:1151 8345101 514 M 1
nmap provides a standardized way to name hardware and software that it detects. What is this called?
Marta wants to perform regular scans of the entire organizational network but only has a budget that supports buying hardware for a single scanner. Where should she place her scanner to have the most visibility and impact?
Part of Tracy’s penetration testing assignment is to evaluate the WPA2 Enterprise protected wireless networks of her target organization. What major differences exist between reconnaissance’s of a wired network versus a wireless network?
Lakshman wants to detect port scans using syslog so that he can collect and report on the information using his SIEM. If he is using a default CentOS system, what should he do?
Andrea needs to add a firewall rule that will prevent external attackers from conducting topology gathering reconnaissance on her network. Where should she add a rule intended to block this type of traffic?
Ian’s company has an internal policy requiring that they perform regular port scans of all of their servers. Ian has been part of a recent effort to move his organization’s servers to an infrastructure as a service (IaaS) provider. What change will Ian most likely need to make to his scanning efforts?
Greg is concerned about the use of DDoS attack tools against his organization, so he purchased a mitigation service from his ISP. What portion of the threat model did Greg reduce?
Brandon wants to perform a WHOIS query for a system he believes is located in Europe. Which NIC should he select to have the greatest likelihood of success for his query?
During a regularly scheduled PCI compliance scan, Fred has discovered port 3389 open on one of the point-of-sale terminals that he is responsible for managing. What service should he expect to find enabled on the system?
Lucas believes that an attacker has successfully compromised his web server. Using the following output of ps, identify the process ID he should focus on.
root 507 0.0 0.1 258268 3288 ? Ssl 15:52 0:00 /usr/sbin/
rsyslogd -n
message+ 508 0.0 0.2 44176 5160 ? Ss 15:52 0:00 /usr/bin/ dbusdaemon --system - address=systemd: --nofork --nopidfile --systemd-activa
root 523 0.0 0.3 281092 6312 ? Ssl 15:52 0:00 /usr/lib/
accountsservice/accounts-daemon
root 524 0.0 0.7 389760 15956 ? Ssl 15:52 0:00 /usr/sbin/ NetworkManager - no-daemon
root 527 0.0 0.1 28432 2992 ? Ss 15:52 0:00 /lib/systemd/ systemd-logind
apache 714 0.0 0.1 27416 2748 ? Ss 15:52 0:00 /www/temp/ webmin
root 617 0.0 0.1 19312 2056 ? Ss 15:52 0:00 /usr/sbin/ irqbalance --pid=/var/run/irqbalance.pid root 644 0.0 0.1 245472 2444 ? Sl 15:52 0:01 /usr/sbin/ VBoxService
root 653 0.0 0.0 12828 1848 tty1 Ss+ 15:52 0:00 /sbin/agetty --noclear tty1 linux
root 661 0.0 0.3 285428 8088 ? Ssl 15:52 0:00 /usr/lib/ policykit-1/polkitd --no-debug
root 663 0.0 0.3 364752 7600 ? Ssl 15:52 0:00 /usr/sbin/gdm3
root 846 0.0 0.5 285816 10884 ? Ssl 15:53 0:00 /usr/lib/ upower/upowerd root 867 0.0 0.3 235180 7272 ? Sl 15:53 0:00 gdm-sessionworker [pam/gdm-launch-environment]
Debian-+ 877 0.0 0.2 46892 4816 ? Ss 15:53 0:00 /lib/systemd/ systemd --user
Debian-+ 878 0.0 0.0 62672 1596 ? S 15:53 0:00 (sd-pam)
While reviewing Apache logs, Janet sees the following entries as well as hundreds of others from the same source IP. What should Janet report has occurred? [ 21/Jul/2020:02:18:33 -0500] – – 10.0.1.1 “GET /scripts/sample.php”
“-” 302 336 0 [ 21/Jul/2020:02:18:35 -0500] – – 10.0.1.1 “GET /scripts/test.php” “-” 302
336 0
[ 21/Jul/2020:02:18:37 -0500] – – 10.0.1.1 “GET /scripts/manage.php” “-“
302 336 0
[ 21/Jul/2020:02:18:38 -0500] – – 10.0.1.1 “GET /scripts/download.php” “-“
302 336 0
[ 21/Jul/2020:02:18:40 -0500] – – 10.0.1.1 “GET /scripts/update.php” “-“
302 336 0
[ 21/Jul/2020:02:18:42 -0500] – – 10.0.1.1 “GET /scripts/new.php”
“-” 302 336 0
Saanvi knows that the organization she is scanning runs services on alternate ports to attempt to reduce scans of default ports. As part of her intelligence-gathering process, she discovers services running on ports 8080 and 8443. What services are most likely running on these ports?
Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services, including telnet, FTP, and web servers. What is his best option to secure these systems?
Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will most easily provide the most useful information if they are all possible to conduct on the network he is targeting?
Lauren wants to identify all the printers on the subnets she is scanning with nmap. Which of the following nmap commands will not provide her with a list of likely printers?
While conducting reconnaissance of his own organization, Ian discovers that multiple certificates are self-signed. What issue should he report to his management?
Geoff wants to perform passive reconnaissance as part of an evaluation of his organization’s security controls. Which of the following techniques is a valid technique to perform as part of a passive DNS assessment?
Chris knows that systems have connected to a remote host on TCP ports 1433 and 1434. If he has no other data, what should his best guess be about what the host is?
During the reconnaissance stage of a penetration test, Fred calls a number of staff at the target organization. Using a script he prepared, Fred introduces himself as part of the support team for their recently installed software and asks for information about the software and its configuration. What is this technique called?
Mike’s penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?
What services will the following nmap scan test for? nmap -sV -p 22,25,53,389 192.168.2.50/27
Carrie needs to lock down a Windows workstation that has recently been scanned using nmap with the results shown here. She knows that the workstation needs to access websites and that the system is part of a Windows domain. What ports should she allow through the system’s firewall for externally initiated connections?
While gathering DNS information about an organization, Ryan discovered multiple AAAA records. What type of reconnaissance does this mean Ryan may want to consider?
While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?
Adam’s port scan returns results on six TCP ports: 22, 80, 443, 515, 631, and 9100. If Adam needs to guess what type of device this is based on these ports, what is his best guess?
After Carlos completes a topology discovery scan of his local network, he sees the Zenmap topology shown here. What can Carlos determine from the Zenmap topology view?
Kwame is reviewing his team’s work as part of a reconnaissance effort and is checking Wireshark packet captures. His team reported no open ports on 10.0.2.15. What issue should he identify with their scan based on the capture shown here?
In his role as the SOC operator, Manish regularly scans a variety of servers in his organization. After two months of reporting multiple vulnerabilities on a Windows file server, Manish recently escalated the issue to the server administrator’s manager. At the next weekly scan window, Manish noticed that all the vulnerabilities were no longer active; however, ports 137, 139, and 445 were still showing as open. What most likely happened?
Scott is part of the white team who is overseeing his organization’s internal red and blue teams during an exercise that requires each team to only perform actions appropriate to the penetration test phase they are in. During the reconnaissance phase, he notes the following behavior as part of a Wireshark capture. What should he report?
Allan’s nmap scan includes a line that starts with cpe:/o. What type of information should he expect to gather from the entry?
While conducting reconnaissance, Piper discovers what she believes is an SMTP service running on an alternate port. What technique should she use to manually validate her guess?
Jennifer analyzes a Wireshark packet capture from a network that she is unfamiliar with. She discovers that a host with IP address 10.11.140.13 is running services on TCP ports 636 and 443. What services is that system most likely running?
While scanning a network, Frank discovers a host running a service on TCP ports 1812 and 1813. What type of server has Frank most likely discovered?
What two pieces of information does nmap need to estimate network path distance?
Kai has identified a privilege escalation flaw on the system she targeted in the first phase of her penetration test and is now ready to take the next step. According to the NIST 800-115 standard, what is step C that Kai needs to take, as shown in this diagram?
Nihar wants to conduct an nmap scan of a firewalled subnet. Which of the following is not an nmap firewall evasion technique he could use?
Abdul is conducting a security audit of a multicloud computing environment that incorporates resources from AWS and Microsoft Azure. Which one of the following tools will be most useful to him?
Helen is using the Lockheed Martin Cyber Kill Chain to analyze an attack that took place against her organization. During the attack, the perpetrator attached a malicious tool to an email message that was sent to the victim. What phase of the Cyber Kill Chain includes this type of activity?
When Scott performs an nmap scan with the -T flag set to 5, what variable is he changing?
Which of the following commands will provide Ben with the most information about a host?
Jake is performing a vulnerability assessment and comes across a CAN bus specification. What type of environment is most likely to include a CAN bus?
During an on-site penetration test of a small business, Ramesh scans outward to a known host to determine the outbound network topology. What information can he gather from the results provided by Zenmap?
While conducting a port scan of a remote system, Henry discovers TCP port 1433 open. What service can he typically expect to run on this port?
Fred’s reconnaissance of an organization includes a search of the Censys network search engine. There, he discovers multiple certificates with validity dates as shown here: Validity
2018-07-07 00:00:00 to 2019-08-11 23:59:59 (400 days, 23:59:59)
2017-07-08 00:00:00 to 2019-08-12 23:59:59 (400 days, 23:59:59)
2018-07-11 00:00:00 to 2019-08-15 23:59:59 (400 days, 23:59:59)
What should Fred record in his reconnaissance notes?
Darcy is conducting a test of a wireless network using the Reaver tool. What technology does Reaver specifically target?
Marta is a security analyst who has been tasked with performing nmap scans of her organization’s network. She is a new hire and has been given this logical diagram of the organization’s network but has not been provided with any additional detail. Marta wants to determine what IP addresses to scan from location A. How can she find this information?
While application vulnerability scanning one of her target organizations web servers, Andrea notices that the server’s hostname is resolving to a cloudflare.com host. What does Andrea know about her scan?