Planning and Discovery Knowledge Check ( Practice Quiz )
Q1) What type of scan can be conducted to determine what possible exploits exist given the client’s environment ?
- Vulnerability Scan
Q2) What forms of discovery can be conducted offline ?
- Dumpster Diving
- Social Engineering
- Shoulder Surfing
Q3) Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery ?
- Active
Q4) True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.
- False
Attack and Reporting Knowledge Check ( Practice Quiz )
Q1) What level of access is ideal for a penetration tester to achieve in order to exploit a system ?
- Admin/Root
Q2) Which of the following is NOT a common type of vulnerability ?
- Phishing
Q3) Which portion of the pentest report gives a step by step account of how and why each exploit was conducted ?
- Technical Review
Penetration testing tools ( Practice Quiz )
Q1) Which tool lets you log network traffic and analyze it ?
- Wireshark
Q2) Which software serves as toolbox, providing access to hundreds of other tools and resources ?
- Kali Linux
Q3) Which tool is used primarily for password cracking ?
- John the Ripper
Penetration Test Graded Quiz ( Main Quiz )
Q1) Which of the following is NOT a phase of a penetration test ?
- Reviewing
Q2) In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities ?
- Reporting
Q3) Which portion of the pentest report gives a high level detail of how the test went and what goals were accomplished ?
- Executive Summary
Q4) Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system ?
- Discovery
Q5) What method of gathering information can be used to get information about a website that is not readily available ?
- Google Dorking
Q6) Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information ?
- Health Insurance Portability and Accountability Act (HIPPA)
- General Data Protection Regulation (GDPR)
Q7) Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system ?
- Brute Force
Q8) What document would protect the privacy of your client and their customers ?
- Non Disclosure Agreement (NDA)
Q9) Gaining access to a system can occur in which two phases ?
- Discovery and Attack
Q10) Conducting a pentest as if you were an external hacker with no resources is known as what type of test ?
- Black Box
0 Comments