-
web.groovymark@gmail.com
- December 5, 2024
Question 01
How do you calculate Risk?
a) Risk = Threat + Vulnerability
b) Risk = Threat x Vulnerability
c) Risk = Threat – Vulnerability
d) Risk = Vulnerability / Threat
Correct Answer: Risk = Threat x Vulnerability
Explanation: Risk is calculated as the product of the threat and the vulnerability, indicating the potential impact of a vulnerability being exploited
Question 02
Describe unified threat management (UTM):
a) A standalone firewall for network security
b) A collection of individual security appliances
c) An all-in-one security appliance combining multiple security functions
d) A malware scanner only
Correct Answer: An all-in-one security appliance combining multiple security functions
Explanation: UTM appliances combine functions like firewall, malware scanning, intrusion detection, and more, offering a comprehensive security solution.
Question 03
Describe OWASP:
a) A web browser testing tool
b) An open-source security project focused on web applications
c) A vulnerability scanning tool for web applications
d) A security operations center for web servers
Correct Answer: An open-source security project focused on web applications
Explanation: OWASP is a project that publishes a top-ten list of vulnerabilities and provides frameworks for testing web applications during development.
Question 04
Describe NIST:
a) A private security organization
b) A standards body for global cybersecurity
c) A U.S. agency developing security standards for federal agencies
d) A European organization for cybersecurity
Correct Answer: A U.S. agency developing security standards for federal agencies
Explanation: NIST is the U.S. National Institute of Standards and Technology, which develops security standards used in federal agencies and shares cybersecurity best practices.
Question 05
What is NIST SP 800-115?
a) A guide for software development
b) A penetration testing standard
c) A firewall configuration manual
d) A technical guide to information security testing and assessment
Correct Answer: A technical guide to information security testing and assessment
Explanation: NIST SP 800-115 provides guidance on conducting information security assessments, including penetration testing.
Question 06
Describe OSSTMM:
a) A manual for ethical hacking
b) A framework for developing software
c) A comprehensive methodology for security testing
d) A tool for managing security vulnerabilities
Correct Answer: A comprehensive methodology for security testing
Explanation: OSSTMM (Open-source Security Testing Methodology Manual) outlines all areas requiring testing in an organization, including human and physical security.
Question 07
Describe ISSAF:
a) An automated penetration testing tool
b) A vulnerability scanner
c) A framework for security assessment
d) A set of commercial cybersecurity products
Correct Answer: A framework for security assessment
Explanation: ISSAF (Information Systems Security Assessment Framework) provides a structured approach to security assessments, including contract templates and reporting guidelines.
Question 08
Describe PTES:
a) A tool for automating security testing
b) A set of guidelines for structured penetration testing
c) A vulnerability assessment tool
d) A certification program for ethical hackers
Correct Answer: A set of guidelines for structured penetration testing
Explanation: PTES (Penetration Testing Execution Standard) outlines a methodology for conducting penetration tests, covering stages like pre-engagement and vulnerability analysis.
Question 09
Explain MITRE ATT&CK:
a) A tool for vulnerability scanning
b) A knowledge base of adversary tactics and techniques
c) A training course for ethical hackers
d) A government agency for cybersecurity research
Correct Answer: A knowledge base of adversary tactics and techniques
Explanation: MITRE ATT&CK is a framework that documents adversary tactics, techniques, and procedures (TTPs), helping organizations understand potential attack vectors.
Question 10
Explain CVSS:
a) A tool for testing firewalls
b) A risk management framework
c) A scoring system for vulnerabilities
d) A standard for assessing network performance
Correct Answer: A scoring system for vulnerabilities
Explanation: CVSS (Common Vulnerability Scoring System) is used to quantify the severity of vulnerabilities, aiding in prioritizing remediation efforts.
Question 11
Explain CVE:
a) A vulnerability testing tool
b) A list of known vulnerabilities
c) A framework for developing secure software
d) A threat detection algorithm
Correct Answer: A list of known vulnerabilities
Explanation: CVE (Common Vulnerabilities and Exposures) provides a standardized format for naming and documenting specific vulnerabilities in software and hardware
Question 12
Explain CWE:
a) A list of coding guidelines
b) A database of software weaknesses
c) A tool for detecting malware
d) A compliance certification
Correct Answer: A database of software weaknesses
Explanation: CWE (Common Weakness Enumeration) is a database maintained by MITRE that lists hardware and software weaknesses, helping developers improve security.
Question 13
What are important considerations when pen-testing a company’s web applications and services?
a) Test only high-risk areas
b) Perform testing with limited permissions
c) Obtain a variety of user roles and permissions for testing
d) Perform all tests externally
Correct Answer: Obtain a variety of user roles and permissions for testing
Explanation: Testing should cover multiple roles, such as user and admin, to ensure all levels of access are secure.
Question 14
What are examples of assets when determining the scope of the test?
a) Software licenses and hardware specs
b) IP addresses, domains, APIs, and SSIDs
c) Third-party vendor agreements
d) User manuals and product documentation
Correct Answer: IP addresses, domains, APIs, and SSIDs
Explanation: Assets include technical elements like IPs, domains, and APIs that must be included in the scope of a penetration test.
Question 15
Explain internal vs external assets:
a) Internal assets are less valuable than external ones
b) External assets are easier to exploit than internal ones
c) Internal assets are accessed within the network, external assets are internet-visible
d) Internal assets are hosted in the cloud, external assets are on-premise
Correct Answer: Internal assets are accessed within the network, external assets are internet-visible
Explanation: Internal assets are typically accessed by employees, while external assets (e.g., websites, DNS) are exposed to the internet and vulnerable to external threats.
Question 16
Explain first-party vs third-party hosted assets:
a) First-party assets are hosted on internal servers only
b) First-party assets are hosted by the client organization, third-party assets by vendors
c) Third-party hosted assets are always more secure
d) Third-party hosted assets are inaccessible to penetration testers
Correct Answer: First-party assets are hosted by the client organization, third-party assets by vendors
Explanation: First-party hosted assets are under the direct control of the client, while third-party hosted assets are managed by external vendors or partners.
Question 17
What kinds of questions should the PenTest team ask the stakeholders?
a) Open-ended questions to clarify scope and methods
b) Closed questions to reduce testing time
c) Questions focused only on technical issues
d) No questions should be asked
Correct Answer: Open-ended questions to clarify scope and methods
Explanation: Open-ended questions help remove ambiguity, ensuring both the PenTest team and stakeholders are aligned on the methods and goals.
Question 18
Describe compliance-based assessments:
a) Fulfilling legal and regulatory requirements
b) Focusing on detecting malware
c) Testing network performance
d) Evaluating user satisfaction
Correct Answer: Fulfilling legal and regulatory requirements
Explanation: Compliance-based assessments focus on meeting specific laws or standards, such as GDPR or PCI DSS, to ensure the organization complies with regulations.
Question 19
Describe red team/blue team-based assessments:
a) Blue team performs ethical hacking while red team secures the network
b) Red team represents attackers, blue team represents defenders
c) Blue team audits system logs, red team patches vulnerabilities
d) Both teams work together to build firewalls
Correct Answer: Red team represents attackers, blue team represents defenders
Explanation: In red team/blue team assessments, the red team simulates attacks while the blue team focuses on defending the network.
Question 20
Describe goals-based/objectives-based assessments:
a) Assessments focusing on the overall health of the network
b) Testing designed to achieve specific business objectives
c) Randomized testing for system vulnerabilities
d) Testing conducted without a predefined scope
Correct Answer: Testing designed to achieve specific business objectives
Explanation: Goals-based assessments are purpose-driven, targeting specific business objectives, like testing security before launching a new system.
