API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 22nd, 2019
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.79 KB | None | 0 0
raw download clone embed print report
  1. Take Test: Midterm Exam
  2.  
  3. Test Information
  4. Description
  5. Instructions
  6. Timed Test This test has a time limit of 2 hours.You will be notified when time expires, and you may continue or submit.
  7. Warnings appear when half the time, 5 minutes, 1 minute, and 30 seconds remain.
  8. Multiple Attempts Not allowed. This test can only be taken once.
  9. Force Completion This test can be saved and resumed later. The timer will continue to run if you leave the test.
  10.  
  11. Remaining Time: 1 hour, 59 minutes, 31 seconds.
  12. Expand Question Completion Status:
  13.  
  14. QUESTION 1
  15.  
  16. What is it called when you obtain administrative privileges from a normal user account?
  17. 1.
  18. Account migration
  19. 2.
  20. Privilege escalation
  21. 3.
  22. Privilege migration
  23. 4.
  24. Account escalation
  25. 1 points
  26. QUESTION 2
  27.  
  28. Match the T setting with appropriate term
  29.  
  30. T0
  31.  
  32. T1
  33.  
  34. T2
  35.  
  36. T3
  37.  
  38. T4
  39.  
  40. T5
  41. 1.
  42. Paranoid
  43. 2.
  44. Sneaky
  45. 3.
  46. Polite
  47. 4.
  48. Normal
  49. 5.
  50. Aggressive
  51. 6.
  52. Insane
  53. 6 points
  54. QUESTION 3
  55.  
  56. Match the DNS term to its definition
  57.  
  58. SOA
  59.  
  60. NS
  61.  
  62. A
  63.  
  64. AAAA
  65.  
  66. MX
  67.  
  68. PTR
  69.  
  70. CNAME
  71. 1.
  72. Start of authority
  73. 2.
  74. Mail exchanger
  75. 3.
  76. IPv4
  77. 4.
  78. Canonical name
  79. 5.
  80. Pointer record
  81. 6.
  82. Name server
  83. 7.
  84. IPv6
  85. 7 points
  86. QUESTION 4
  87.  
  88. Penetration testing that assesses technical and operational components to ensure payment and cardholders data systems security is called?
  89.  
  90.  
  91. 1.
  92. OSTMM
  93. 2.
  94. OWASP
  95. 3.
  96. PCI-DSS
  97. 4.
  98. FISMA
  99. 1 points
  100. QUESTION 5
  101.  
  102. What information could you get from running p0f?
  103. 1.
  104. Remote time
  105. 2.
  106. Local time
  107. 3.
  108. Absolute time
  109. 4.
  110. Uptime
  111. 1 points
  112. QUESTION 6
  113.  
  114. Put the Cyber Kill chain steps in order
  115.  
  116. Actions on Objectives
  117.  
  118.  
  119. Command and Control
  120.  
  121.  
  122. Installation
  123.  
  124.  
  125. Reconnaissance
  126.  
  127.  
  128. Weaponization
  129.  
  130.  
  131. Delivery
  132.  
  133.  
  134. Exploitation
  135.  
  136. 10 points
  137. QUESTION 7
  138.  
  139. You are working on a red-team engagement. Your team leader has asked you to use baiting as a way to get in. What are you being asked to do?
  140. 1.
  141. Make phone calls
  142. 2.
  143. Spoof an RFID ID
  144. 3.
  145. Clone a website
  146. 4.
  147. Leave USB sticks around
  148. 1 points
  149. QUESTION 8
  150.  
  151. Which of these may be considered worst practice when it comes to vulnerability scans?
  152. 1.
  153. Notifying operations staff ahead of time
  154. 2.
  155. Taking no action on results
  156. 3.
  157. Scanning production servers
  158. 4.
  159. Using limited scans in your scan reports
  160. 1 points
  161. QUESTION 9
  162.  
  163. Match Nmap port state to definition
  164.  
  165. Open
  166.  
  167. Closed
  168.  
  169. Filtered
  170.  
  171. Unfiltered
  172. 1.
  173. An application on the target is listening for connections/packets on the port.
  174. 2.
  175. Responsive to Nmap's probes, but Nmap cannot determine whether they are open or closed
  176. 3.
  177. No application is listening on the port
  178. 4.
  179. A firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed
  180. 4 points
  181. QUESTION 10
  182.  
  183. What is the SMB protocol used for?
  184. 1.
  185. Data transfers for email attachments
  186. 2.
  187. Data transfers for Windows Registry updates
  188. 3.
  189. Data transfers with NFS
  190. 4.
  191. Data transfers with Windows systems
  192. 1 points
  193. QUESTION 11
  194.  
  195. What two flags are used in a TCP three-way handshake?
  196. 1.
  197. SYN
  198. 2.
  199. FIN
  200. 3.
  201. ACK
  202. 4.
  203. PSH
  204. 2 points
  205. QUESTION 12
  206.  
  207. You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?
  208. 1.
  209. domain:example.com filetype:xls
  210. 2.
  211. site:excel files:xls
  212. 3.
  213. site:example.com filetype:xls
  214. 4.
  215. site:example.com files:pdf
  216. 1 points
  217. QUESTION 13
  218.  
  219. Put in order the steps in penetration testing execution
  220.  
  221. Reporting
  222.  
  223.  
  224. Post exploitation
  225.  
  226.  
  227. Exploitation
  228.  
  229.  
  230. Pre-engagement
  231.  
  232.  
  233. Intelligence gathering
  234.  
  235.  
  236. Threat modeling
  237.  
  238.  
  239. Vulnerability analysis
  240.  
  241. 7 points
  242. QUESTION 14
  243.  
  244. What is a viable approach to protecting against tailgaiting?
  245.  
  246. 1.
  247. Biometrics
  248. 2.
  249. Man traps
  250. 3.
  251. Phone verification
  252. 4.
  253. Badge Access
  254. 1 points
  255. QUESTION 15
  256.  
  257. Nmap default scan will check how many ports?
  258. 1.
  259. 512
  260. 2.
  261. 1000
  262. 3.
  263. 100
  264. 4.
  265. 1024
  266. 1 points
  267. QUESTION 16
  268.  
  269. The DNS server where records for a domain belonging to an organization or enterprise reside is called the _________ server.
  270. 1.
  271. Caching
  272. 2.
  273. Recursive
  274. 3.
  275. Authoritative
  276. 4.
  277. Local
  278. 1 points
  279. QUESTION 17
  280.  
  281.  
  282. What is one reason for using a scan like an ACK scan?
  283. 1.
  284. It may get through firewalls and IDS devices
  285. 2.
  286. It is better supported
  287. 3.
  288. The ACK scan is need for scripting support
  289. 4.
  290. The code in Nmap is more robust
  291. 1 points
  292. QUESTION 18
  293.  
  294. If you were looking for reliable exploits you could use against known vulnerabilities, what would you use?
  295. 1.
  296. Tor netwok
  297. 2.
  298. Meterpreter
  299. 3.
  300. Msfvenom
  301. 4.
  302. Exploit-DB
  303. 1 points
  304. QUESTION 19
  305.  
  306. You find after you get access to a system that you are the user www-data. What might you try to do very shortly after getting access to the system?
  307. 1.
  308. Wipe logs
  309. 2.
  310. Exploit the web browser
  311. 3.
  312. Elevate Privileges
  313. 4.
  314. Pivot to another network
  315. 1 points
  316. QUESTION 20
  317.  
  318. Remote vulnerability is a condition where the attacker has no prior access, but the vulnerability can still be exploited by triggering the malicious piece of code over the network.
  319. True
  320. False
  321. 1 points
  322. QUESTION 21
  323.  
  324. Which of these may be considered an evasive technique?
  325. 1.
  326. Scanning nonstandard ports
  327. 2.
  328. Encoding data
  329. 3.
  330. Using Nmap in blind mode
  331. 4.
  332. Using a proxy server
  333. 1 points
  334. QUESTION 22
  335.  
  336. What would you be trying to enumerate if you were to use enum4linux?
  337. 1.
  338. Shares and/or users
  339. 2.
  340. Linux based services
  341. 3.
  342. Procedures
  343. 4.
  344. Memory utilization
  345. 1 points
  346. QUESTION 23
  347.  
  348. If you receive a RST packet back from a target host, what do you know about your target?
  349. 1.
  350. The source port in the RST message is closed.
  351. 2.
  352. The target expects the PSH flag to be set.
  353. 3.
  354. The target is using UDP rather than TCP.
  355. 4.
  356. The destination port is open on the target host.
  357. 1 points
  358. QUESTION 24
  359.  
  360. What is the difference between a false positive and a false negative?
  361.  
  362. A false positive indicates a finding that doesn’t exist, while a false negative doesn’t indicate a finding that does exist.
  363.  
  364. A false positive indicates a finding that does exist, while a false negative doesn’t indicate a finding that doesn’t exist.
  365.  
  366. A false positive doesn’t indicate a finding that does exist, while a false negative does indicate a finding that doesn’t exist.
  367.  
  368. A false negative does indicate a finding that doesn’t exist, while a false positive doesn’t indicate a finding that does exist.
  369. 1 points
  370. QUESTION 25
  371.  
  372. What tool will perform on line brute force password attacks against a target services?
  373. 1.
  374. Mimikatz
  375. 2.
  376. LC5
  377. 3.
  378. John
  379. 4.
  380. Hydra
  381. 1 points
  382. QUESTION 26
  383.  
  384. Where are Linux /Unix passwords stored?
  385. 1.
  386. etc/shadow
  387. 2.
  388. etc/config
  389. 3.
  390. etc/passwds
  391. 4.
  392. /etc/pam.d
  393. 1 points
  394. QUESTION 27
  395.  
  396. What is nmap looking at when it conducts a version scan?
  397. 1.
  398. TCP and IP headers
  399. 2.
  400. Application banners
  401. 3.
  402. Operating system kernel
  403. 4.
  404. IP ID and TCP sequence number fields
  405. 1 points
  406. QUESTION 28
  407.  
  408. What is the difference between a SYN scan and a full connect scan?
  409. 1.
  410. A SYN scan and a full connect scan are the same.
  411. 2.
  412. A full connect scan sends an ACK message first.
  413. 3.
  414. A SYN scan uses the PSH flag with the SYN flag.
  415. 4.
  416. The SYN scan doesn’t complete the three-way handshake.
  417. 1 points
  418. QUESTION 29
  419.  
  420. What are the three types of penetration testing?
  421. 1.
  422. Red box
  423. 2.
  424. Gray box
  425. 3.
  426. Black box
  427. 4.
  428. Green box
  429. 5.
  430. White box
  431. 3 points
  432. QUESTION 30
  433.  
  434.  
  435. If you were to see the following command run, what would you assume? hping -S -p 25 192.168.1.154
  436. 1.
  437. It is a ping probe
  438. 2.
  439. Someone was trying to probe the email port of the target
  440. 3.
  441. Someone was trying to probe the web port of the target
  442. 4.
  443. Someone was trying to determine if SNMP was supported
  444. 1 points
  445. QUESTION 31
  446.  
  447. What Nmap scan is being performed?
  448.  
  449.  
  450. nmap -O
  451.  
  452. nmap -sC
  453.  
  454. nmap -F
  455.  
  456. nmap -sS
  457. 1 points
  458. QUESTION 32
  459.  
  460. What does John the Ripper’s single crack mode, the default mode, do?
  461. 1.
  462. Uses wordlist and mangling rules
  463. 2.
  464. Checks every possible password
  465. 3.
  466. Uses a built-in wordlist
  467. 4.
  468. Uses known information and mangling rules
  469. 1 points
  470. QUESTION 33
  471.  
  472. A local condition where the attacker requires access in order to trigger the vulnerability by executing a piece of code is known as a local exploit.
  473. True
  474. False
  475. 1 points
  476. QUESTION 34
  477.  
  478. What social engineering vector would you use if you wanted to gain access to a building?
  479. 1.
  480. Smishing
  481. 2.
  482. Impersonation
  483. 3.
  484. Vishing
  485. 4.
  486. Scarcity
  487. 1 points
  488. QUESTION 35
  489.  
  490. What protocol is used to take a destination IP address and get a packet to a destination on the local network?
  491. 1.
  492. ARP
  493. 2.
  494. RARP
  495. 3.
  496. DNS
  497. 4.
  498. DHCP
  499. 1 points
  500. QUESTION 36
  501.  
  502. NTLM passwords use salting
  503. True
  504. False
  505. 1 points
  506. QUESTION 37
  507.  
  508. Which of these would be an example of pretexting?
  509.  
  510. Web page asking for credentials
  511.  
  512. A cloned badge
  513.  
  514. An email from former co-worker
  515.  
  516. Rogue wireless access point
  517. 1 points
  518. QUESTION 38
  519.  
  520. What would you use credentials for in a vulnerability scanner?
  521. 1.
  522. Authenticating through VPNs for scanning
  523. 2.
  524. Better reliability in network findings
  525. 3.
  526. Scanning for local vulnerabilities
  527. 4.
  528. Running an active directory scan
  529. 1 points
  530. QUESTION 39
  531.  
  532. What tool would you use to compromise a system and then perform post-exploitation actions?
  533. 1.
  534. Nmap
  535. 2.
  536. John the ripper
  537. 3.
  538. Searchsploit
  539. 4.
  540. Metasploit
  541. 1 points
  542. QUESTION 40
  543.  
  544. What tool could be used to gather email addresses from PGP servers: Bing, Google, or LinkedIn?
  545. 1.
  546. dig
  547. 2.
  548. theHarvester
  549. 3.
  550. whois
  551. 4.
  552. netstat
  553. 1 points
  554. QUESTION 41
  555.  
  556. Netcat can be used to do banner grabbing?
  557. True
  558. False
  559. 1 points
  560. QUESTION 42
  561.  
  562. What is the IPC$ share used for?
  563. 1.
  564. Remote process management
  565. 2.
  566. Process piping
  567. 3.
  568. Interprocess construction
  569. 4.
  570. Interprocess communication
  571. 1 points
  572. QUESTION 43
  573.  
  574. If you were to see that someone was using OpenVAS, followed by Nessus, what might you assume?
  575. 1.
  576. They were trying to break into a system.
  577. 2.
  578. They didn’t know how to use Nessus.
  579. 3.
  580. They didn’t know how to use OpenVAS.
  581. 4.
  582. They were trying to reduce false positives.
  583. 1 points
  584. QUESTION 44
  585.  
  586. Match the ports to the service
  587.  
  588. 21
  589.  
  590. 23
  591.  
  592. 123
  593.  
  594. 110
  595.  
  596. 143
  597.  
  598. 2049
  599.  
  600. 1099
  601.  
  602. 513
  603.  
  604. 139
  605.  
  606. 3306
  607. A.
  608. FTP
  609. B.
  610. netbios
  611. C.
  612. IMAP
  613. D.
  614. rlogin
  615. E.
  616. MySQL
  617. F.
  618. NTP
  619. G.
  620. Telnet
  621. H.
  622. rmiregistry
  623. I.
  624. POP3
  625. J.
  626. NFS
  627. 10 points
  628. QUESTION 45
  629.  
  630. Which of the following created this output?
  631.  
  632. 1.
  633. netstat
  634. 2.
  635. nslookup
  636. 3.
  637. host
  638. 4.
  639. ping
  640. 1 points
  641. Click Save and Submit to save and submit. Click Save All Answers to save all answers.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!