|
Which of the following identifies an operating system or network service based upon it response to ICMP messages? |
Fingerprinting |
|
Which of the following uses hacking techniques to proactively discover internal vulnerabilities? |
Penetration testing |
|
You have decided to perform a double blind penetration test. Which of the following actions would you perform first? |
Inform senior management |
|
Which of the following activities are typically associated with penetration testing? (select two) |
Running a port scanner Attempting social engineering |
|
What is the main difference between vulnerability scanning and penetration testing? |
Vulnerability scanning is performed within the security perimeter; penetration testing is performed outside of the security perimeter. |
|
What is the primary purpose of penetration testing? |
Test the effectiveness of your security perimeter |
|
Which of the following types of penetration test teams will provide you information that is most revealing of a real-world hacker attack? |
Zero knowledge team |
|
A security administrator is conducting a penetration test on a network. She connects a notebook system running Linux to the wireless network and then uses NMAP to probe various network hosts to see which operating system they are running. Which process did the administrator use in the penetration test in this scenario? |
Active fingerprinting |
|
A security administrator is conducting a penetration test on a network. She connects a notebook system to a mirror port on a network switch. She then uses a packet sniffer to monitor network traffic to try to determine which operating system are running on networks hosts. Which process did the administrator use in the penetration test in this scenario? |
Passive fingerprinting |
|
Which of the following are included in an operations penetration test? (Select two.) |
Looking through discarded paper or media for sensitive information Eavesdropping or obtaining sensitive information from items that are not properly stored. |
|
Which phase or step of a security assessment is a passive activity? |
Reconnaissance |
|
Drag each penetration test characteristic on the left to the appropriate penetration test name on the right. White box test Grey box test Black box test Single blind test Double blind test |
The tester has detailed information about the target system prior to starting the test. The tester has the same amount of information that would be available to a typical insider in the organization. The tester has no prior knowledge of the target system. Either the attacker has prior knowledge about the target system, or the administrator knows that the test is being performed. The tester does not have prior information about the system and the administrator has no knowledge that the test is being performed. |
Share This
Flashcard
