Topic 22, Penetration Testing Methodologies
In which of the following should be performed first in any penetration test?
A.
System identification
B.
Intrusion Detection System testing
C.
Passive information gathering
D.
Firewall testing
Passive information gathering
What sequence of packets is sent during the initial TCP three-way handshake?
A.
SYN, URG, ACK
B.
FIN, FIN-ACK, ACK
C.
SYN, ACK, SYN-ACK
D.
SYN, SYN-ACK, ACK
SYN, SYN-ACK, ACK
Explanation: This is referred to as a "three way handshake." The "SYN" flags are requests
by the TCP stack at one end of a socket to synchronize themselves to the sequence
numbering for this new sessions. The ACK flags acknowlege earlier packets in this
session. Obviously only the initial packet has no ACK flag, since there are no previous
packets to acknowlege. Only the second packet (the first response from a server to a
client) has both the SYN and the ACK bits set.
Why would you consider sending an email to an address that you know does not
exist within the company you are performing a Penetration Test for?
A.
To determine who is the holder of the root account
B.
To perform a DoS
C.
To create needless SPAM
D.
To illicit a response back that will reveal information about email servers and how they
treat undeliverable mail
E.
To test for virus protection
To illicit a response back that will reveal information about email servers and how they
treat undeliverable mail
Explanation: Sending a bogus email is one way to find out more about internal servers.
Also, to gather additional IP addresses and learn how they treat mail.
Jim was having no luck performing a penetration test on his company’s network. He
was running the test from home and had downloaded every security scanner he
could lay his hands on. Despite knowing the IP range of all of the systems and the
exact network configuration, Jim was unable to get any useful results. Why is Jim
having these problems?
A.
Security scanners can’t perform vulnerability linkage
B.
Security Scanners are not designed to do testing through a firewall
C.
Security Scanners are only as smart as their database and can’t find unpublished
vulnerabilities
D.
All of the above
All of the above
Explanation: Security scanners are designed to find vulnerabilities but not to use them,
also they will only find well known vulnerabilities that and no zero day exploits. Therefore
you cant use a security scanner for penetration testing but need a more powerful program.
You just purchased the latest DELL computer, which comes pre-installed with
Windows XP, McAfee antivirus software and a host of other applications. You want
to connect Ethernet wire to your cable modem and start using the computer
immediately.
Windows is dangerously insecure when unpacked from the box, and there are a few
things that you must do before you use it.
A.
New Installation of Windows Should be patched by installation the latest service packs
and hotfixes
B.
Enable “guest” account
C.
Install a personal firewall and lock down unused ports from connecting to your computer
D.
Install the latest signatures for Antivirus software
E.
Configure “Windows Update” to automatic
F.
Create a non-admin user with a complex password and login to this account
New Installation of Windows Should be patched by installation the latest service packs
and hotfixes
Install a personal firewall and lock down unused ports from connecting to your computer
Install the latest signatures for Antivirus software
Configure “Windows Update” to automatic
Create a non-admin user with a complex password and login to this account
Explanation: The guest account is a possible vulnerability to your system so you should
not enable it unless needed. Otherwise you should perform all other actions mentioned in
order to have a secure system.
Exhibit:
What type of attack is shown in the above diagram?
A.
SSL Spoofing Attack
B.
Identity Stealing Attack
C.
Session Hijacking Attack
D.
Man-in-the-Middle (MiTM) Attack
Man-in-the-Middle (MiTM) Attack
Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able
to read, insert and modify at will, messages between two parties without either party
knowing that the link between them has been compromised.
Which type of attack is port scanning?
A.
Web server attack
B.
Information gathering
C.
Unauthorized access
D.
Denial of service attack
Information gathering
What is a NULL scan?
A.
A scan in which all flags are turned off
B.
A scan in which certain flags are off
C.
A scan in which all flags are on
D.
A scan in which the packet size is set to zero
E.
A scan with a illegal packet size
A scan in which all flags are turned off
Explanation: A null scan has all flags turned off.
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a
private investigative agency to go through garbage, recycled paper, and other
rubbish at Scamsters office site in order to find relevant information. What would
you call this kind of activity?
A.
Garbage Scooping
B.
Dumpster Diving
C.
Scanning
D.
CI Gathering
Dumpster Diving
Explanation: Dumpster diving is the colloquial name for going through somebodys
garbage - which will usually be in dumpsters for large organizations. This is a powerful
tactic because it is protected by social taboos. Trash is bad, and once it goes into the trash,
something is best forgotten. The reality is that most company trash is fairly clean, and
provides a gold mine of information.
Vulnerability mapping occurs after which phase of a penetration test?
A.
Host scanning
B.
Passive information gathering
C.
Analysis of host scanning
D.
Network level discovery
Analysis of host scanning
Explanation:
The order should be Passive information gathering, Network level discovery, Host scanning
and Analysis of host scanning
Bob is acknowledged as a hacker of repute and is popular among visitors of
“underground” sites. Bob is willing to share his knowledge with those who are
willing to learn, and many have expressed their interest in learning from him.
However, this knowledge has a risk associated with it, as it can be used for
malevolent attacks as well.
In this context, what would be the most affective method to bridge the knowledge
gap between the “black” hats or crackers and the “white” hats or computer security
professionals? (Choose the test answer)
A.
Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards.
B.
Hire more computer security monitoring personnel to monitor computer systems and
networks.
C.
Make obtaining either a computer security certification or accreditation easier to achieve
so more individuals feel that they are a part of something larger than life.
D.
Train more National Guard and reservist in the art of computer security to help out in
times of emergency or crises.
Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards.
Explanation:
Bridging the gap would consist of educating the white hats and the black hats equally so
that their knowledge is relatively the same. Using books, articles, the internet, and
professional training seminars is a way of completing this goal.
You have the SOA presented below in your Zone. Your secondary servers have not
been able to contact your primary server to synchronize information. How long will
the secondary servers attempt to contact the primary server before it considers that
zone is dead and stops responding to queries?
collegae.edu.SOA,cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A.
One day
B.
One hour
C.
One week
D.
One month
One week
Explanation: The numbers represents the following values:
200302028; se = serial number
3600; ref = refresh = 1h
3600; ret = update retry = 1h
604800; ex = expiry = 1w
3600; min = minimum TTL = 1h
| Page 23 out of 64 Pages |
| Previous |