Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Take Test: Midterm Exam
- Test Information
- Description
- Instructions
- Timed Test This test has a time limit of 2 hours.You will be notified when time expires, and you may continue or submit.
- Warnings appear when half the time, 5 minutes, 1 minute, and 30 seconds remain.
- Multiple Attempts Not allowed. This test can only be taken once.
- Force Completion This test can be saved and resumed later. The timer will continue to run if you leave the test.
- Remaining Time: 1 hour, 59 minutes, 31 seconds.
- Expand Question Completion Status:
- QUESTION 1
- What is it called when you obtain administrative privileges from a normal user account?
- 1.
- Account migration
- 2.
- Privilege escalation
- 3.
- Privilege migration
- 4.
- Account escalation
- 1 points
- QUESTION 2
- Match the T setting with appropriate term
- T0
- T1
- T2
- T3
- T4
- T5
- 1.
- Paranoid
- 2.
- Sneaky
- 3.
- Polite
- 4.
- Normal
- 5.
- Aggressive
- 6.
- Insane
- 6 points
- QUESTION 3
- Match the DNS term to its definition
- SOA
- NS
- A
- AAAA
- MX
- PTR
- CNAME
- 1.
- Start of authority
- 2.
- Mail exchanger
- 3.
- IPv4
- 4.
- Canonical name
- 5.
- Pointer record
- 6.
- Name server
- 7.
- IPv6
- 7 points
- QUESTION 4
- Penetration testing that assesses technical and operational components to ensure payment and cardholders data systems security is called?
- 1.
- OSTMM
- 2.
- OWASP
- 3.
- PCI-DSS
- 4.
- FISMA
- 1 points
- QUESTION 5
- What information could you get from running p0f?
- 1.
- Remote time
- 2.
- Local time
- 3.
- Absolute time
- 4.
- Uptime
- 1 points
- QUESTION 6
- Put the Cyber Kill chain steps in order
- Actions on Objectives
- Command and Control
- Installation
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- 10 points
- QUESTION 7
- You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do?
- 1.
- Make phone calls
- 2.
- Spoof an RFID ID
- 3.
- Clone a website
- 4.
- Leave USB sticks around
- 1 points
- QUESTION 8
- Which of these may be considered worst practice when it comes to vulnerability scans?
- 1.
- Notifying operations staff ahead of time
- 2.
- Taking no action on results
- 3.
- Scanning production servers
- 4.
- Using limited scans in your scan reports
- 1 points
- QUESTION 9
- Match Nmap port state to definition
- Open
- Closed
- Filtered
- Unfiltered
- 1.
- An application on the target is listening for connections/packets on the port.
- 2.
- Responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed
- 3.
- No application is listening on the port
- 4.
- A firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed
- 4 points
- QUESTION 10
- What is the SMB protocol used for?
- 1.
- Data transfers for email attachments
- 2.
- Data transfers for Windows Registry updates
- 3.
- Data transfers with NFS
- 4.
- Data transfers with Windows systems
- 1 points
- QUESTION 11
- What two flags are used in a TCP three-way handshake?
- 1.
- SYN
- 2.
- FIN
- 3.
- ACK
- 4.
- PSH
- 2 points
- QUESTION 12
- You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?
- 1.
- domain:example.com filetype:xls
- 2.
- site:excel files:xls
- 3.
- site:example.com filetype:xls
- 4.
- site:example.com files:pdf
- 1 points
- QUESTION 13
- Put in order the steps in penetration testing execution
- Reporting
- Post exploitation
- Exploitation
- Pre-engagement
- Intelligence gathering
- Threat modeling
- Vulnerability analysis
- 7 points
- QUESTION 14
- What is a viable approach to protecting against tailgaiting?
- 1.
- Biometrics
- 2.
- Man traps
- 3.
- Phone verification
- 4.
- Badge Access
- 1 points
- QUESTION 15
- Nmap default scan will check how many ports?
- 1.
- 512
- 2.
- 1000
- 3.
- 100
- 4.
- 1024
- 1 points
- QUESTION 16
- The DNS server where records for a domain belonging to an organization or enterprise reside is called the _________ server.
- 1.
- Caching
- 2.
- Recursive
- 3.
- Authoritative
- 4.
- Local
- 1 points
- QUESTION 17
- What is one reason for using a scan like an ACK scan?
- 1.
- It may get through firewalls and IDS devices
- 2.
- It is better supported
- 3.
- The ACK scan is need for scripting support
- 4.
- The code in Nmap is more robust
- 1 points
- QUESTION 18
- If you were looking for reliable exploits you could use against known vulnerabilities, what would you use?
- 1.
- Tor netwok
- 2.
- Meterpreter
- 3.
- Msfvenom
- 4.
- Exploit-DB
- 1 points
- QUESTION 19
- You find after you get access to a system that you are the user www-data. What might you try to do very shortly after getting access to the system?
- 1.
- Wipe logs
- 2.
- Exploit the web browser
- 3.
- Elevate Privileges
- 4.
- Pivot to another network
- 1 points
- QUESTION 20
- Remote vulnerability is a condition where the attacker has no prior access, but the vulnerability can still be exploited by triggering the malicious piece of code over the network.
- True
- False
- 1 points
- QUESTION 21
- Which of these may be considered an evasive technique?
- 1.
- Scanning nonstandard ports
- 2.
- Encoding data
- 3.
- Using Nmap in blind mode
- 4.
- Using a proxy server
- 1 points
- QUESTION 22
- What would you be trying to enumerate if you were to use enum4linux?
- 1.
- Shares and/or users
- 2.
- Linux based services
- 3.
- Procedures
- 4.
- Memory utilization
- 1 points
- QUESTION 23
- If you receive a RST packet back from a target host, what do you know about your target?
- 1.
- The source port in the RST message is closed.
- 2.
- The target expects the PSH flag to be set.
- 3.
- The target is using UDP rather than TCP.
- 4.
- The destination port is open on the target host.
- 1 points
- QUESTION 24
- What is the difference between a false positive and a false negative?
- A false positive indicates a finding that doesn’t exist, while a false negative doesn’t indicate a finding that does exist.
- A false positive indicates a finding that does exist, while a false negative doesn’t indicate a finding that doesn’t exist.
- A false positive doesn’t indicate a finding that does exist, while a false negative does indicate a finding that doesn’t exist.
- A false negative does indicate a finding that doesn’t exist, while a false positive doesn’t indicate a finding that does exist.
- 1 points
- QUESTION 25
- What tool will perform on line brute force password attacks against a target services?
- 1.
- Mimikatz
- 2.
- LC5
- 3.
- John
- 4.
- Hydra
- 1 points
- QUESTION 26
- Where are Linux /Unix passwords stored?
- 1.
- etc/shadow
- 2.
- etc/config
- 3.
- etc/passwds
- 4.
- /etc/pam.d
- 1 points
- QUESTION 27
- What is nmap looking at when it conducts a version scan?
- 1.
- TCP and IP headers
- 2.
- Application banners
- 3.
- Operating system kernel
- 4.
- IP ID and TCP sequence number fields
- 1 points
- QUESTION 28
- What is the difference between a SYN scan and a full connect scan?
- 1.
- A SYN scan and a full connect scan are the same.
- 2.
- A full connect scan sends an ACK message first.
- 3.
- A SYN scan uses the PSH flag with the SYN flag.
- 4.
- The SYN scan doesn’t complete the three-way handshake.
- 1 points
- QUESTION 29
- What are the three types of penetration testing?
- 1.
- Red box
- 2.
- Gray box
- 3.
- Black box
- 4.
- Green box
- 5.
- White box
- 3 points
- QUESTION 30
- If you were to see the following command run, what would you assume? hping -S -p 25 192.168.1.154
- 1.
- It is a ping probe
- 2.
- Someone was trying to probe the email port of the target
- 3.
- Someone was trying to probe the web port of the target
- 4.
- Someone was trying to determine if SNMP was supported
- 1 points
- QUESTION 31
- What Nmap scan is being performed?
- nmap -O
- nmap -sC
- nmap -F
- nmap -sS
- 1 points
- QUESTION 32
- What does John the Ripper’s single crack mode, the default mode, do?
- 1.
- Uses wordlist and mangling rules
- 2.
- Checks every possible password
- 3.
- Uses a built-in wordlist
- 4.
- Uses known information and mangling rules
- 1 points
- QUESTION 33
- A local condition where the attacker requires access in order to trigger the vulnerability by executing a piece of code is known as a local exploit.
- True
- False
- 1 points
- QUESTION 34
- What social engineering vector would you use if you wanted to gain access to a building?
- 1.
- Smishing
- 2.
- Impersonation
- 3.
- Vishing
- 4.
- Scarcity
- 1 points
- QUESTION 35
- What protocol is used to take a destination IP address and get a packet to a destination on the local network?
- 1.
- ARP
- 2.
- RARP
- 3.
- DNS
- 4.
- DHCP
- 1 points
- QUESTION 36
- NTLM passwords use salting
- True
- False
- 1 points
- QUESTION 37
- Which of these would be an example of pretexting?
- Web page asking for credentials
- A cloned badge
- An email from former co-worker
- Rogue wireless access point
- 1 points
- QUESTION 38
- What would you use credentials for in a vulnerability scanner?
- 1.
- Authenticating through VPNs for scanning
- 2.
- Better reliability in network findings
- 3.
- Scanning for local vulnerabilities
- 4.
- Running an active directory scan
- 1 points
- QUESTION 39
- What tool would you use to compromise a system and then perform post-exploitation actions?
- 1.
- Nmap
- 2.
- John the ripper
- 3.
- Searchsploit
- 4.
- Metasploit
- 1 points
- QUESTION 40
- What tool could be used to gather email addresses from PGP servers: Bing, Google, or LinkedIn?
- 1.
- dig
- 2.
- theHarvester
- 3.
- whois
- 4.
- netstat
- 1 points
- QUESTION 41
- Netcat can be used to do banner grabbing?
- True
- False
- 1 points
- QUESTION 42
- What is the IPC$ share used for?
- 1.
- Remote process management
- 2.
- Process piping
- 3.
- Interprocess construction
- 4.
- Interprocess communication
- 1 points
- QUESTION 43
- If you were to see that someone was using OpenVAS, followed by Nessus, what might you assume?
- 1.
- They were trying to break into a system.
- 2.
- They didn’t know how to use Nessus.
- 3.
- They didn’t know how to use OpenVAS.
- 4.
- They were trying to reduce false positives.
- 1 points
- QUESTION 44
- Match the ports to the service
- 21
- 23
- 123
- 110
- 143
- 2049
- 1099
- 513
- 139
- 3306
- A.
- FTP
- B.
- netbios
- C.
- IMAP
- D.
- rlogin
- E.
- MySQL
- F.
- NTP
- G.
- Telnet
- H.
- rmiregistry
- I.
- POP3
- J.
- NFS
- 10 points
- QUESTION 45
- Which of the following created this output?
- 1.
- netstat
- 2.
- nslookup
- 3.
- host
- 4.
- ping
- 1 points
- Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement