-
web.groovymark@gmail.com
- December 5, 2024
Question 21
Explain the “unknown environment” test strategy:
a) Testing is performed with partial knowledge of the system
b) The PenTesting team has complete access to system details
c) The PenTesting team has no prior knowledge about the system
d) Only internal staff perform the tests
Correct Answer: The PenTesting team has no prior knowledge about the system
Explanation: In an unknown environment test, the PenTesting team mimics the behavior of a real threat actor with no prior access to system information.
Question 22
Explain the “partially known environment” strategy:
a) The PenTesting team has no knowledge of the system at all
b) The team is provided partial information, such as internal functionality or code
c) The team only works on external assets
d) The test focuses solely on user access rights
Correct Answer: The team is provided partial information, such as internal functionality or code
Explanation: In a partially known environment test, some system details are provided, allowing the team to focus on specific vulnerabilities and system defects.
Question 23
Explain known environment testing:
a) The PenTesting team is given complete access and information
b) Testing is only conducted on external-facing systems
c) The test is run by users only
d) The PenTesting team has limited information about the environment
Correct Answer: The PenTesting team is given complete access and information
Explanation: In known environment testing, the team is provided with full knowledge about the system, allowing for a comprehensive security assessment.
Question 24
What are some elements to review with stakeholders when determining the scope of the test?
a) IP addresses only
b) Scope, assets, strategy, timeline, and legal restrictions
c) Only in-scope assets and exclusion zones
d) Just the timeline and restrictions
Correct Answer: Scope, assets, strategy, timeline, and legal restrictions
Explanation: It's essential to define the scope, in-scope assets, excluded areas, testing strategy, timeline, and any legal restrictions before the test.
Question 25
What is a Master Service Agreement (MSA)?
a) A legal contract for system audits
b) A contract that defines ongoing services and cost structures
c) A document used for software testing
d) A vulnerability management agreement
Correct Answer: A contract that defines ongoing services and cost structures
Explanation: An MSA outlines the terms for recurring services, cost structures, and additional fees that might arise during a project.
Question 26
What is a Statement of Work (SOW)?
a) A document detailing vulnerability scans
b) A document outlining project deliverables, timelines, and payment terms
c) A report on security patches applied
d) A contract covering penalties for non-compliance
Correct Answer: A document outlining project deliverables, timelines, and payment terms
Explanation: The SOW defines specific expectations for a business arrangement, including deliverables, milestones, and payment schedules.
Question 27
What is a Service-Level Agreement (SLA)?
a) An internal document for managing team roles
b) A contract outlining detailed service terms, including performance metrics
c) A report card for system vulnerabilities
d) A communication protocol for internal audits
Correct Answer: A contract outlining detailed service terms, including performance metrics
Explanation: SLAs define the expected levels of service, performance metrics, and penalties if those levels are not met, including security and risk assessments.
Question 28
Describe the following DNS records: MX, NS, TXT, SRV:
a) Mail Exchange, Name Server, Text, and Service
b) Main Exchange, Net Server, Terminal Server, and Routing Server
c) Mail Transfer, New Server, Terminal Server, and Secure Record
d) None of the above
Correct Answer: Mail Exchange, Name Server, Text, and Service
Explanation: These DNS records help direct different kinds of network traffic. MX points to mail servers, NS identifies authoritative servers, TXT contains text information, and SRV provides service information like VoIP or IM services.
Question 29
Describe nslookup and Dig:
a) Tools to analyze malware signatures
b) Tools for querying DNS records and domains
c) Tools for testing firewall configurations
d) Vulnerability scanning tools for DNS servers
Correct Answer: Tools for querying DNS records and domains
Explanation: Nslookup and Dig are tools that help in querying DNS servers to obtain domain information such as IP addresses, MX records, and more.
Question 30
Explain the highlights of the following source code repositories: GitHub, Bitbucket, CloudForge, SourceForge:
a) These are cloud-based platforms for storing emails
b) These repositories store application source code and offer collaboration tools
c) They are tools for compiling software
d) They are anti-malware platforms
Correct Answer: These repositories store application source code and offer collaboration tools
Explanation: GitHub, Bitbucket, CloudForge, and SourceForge are cloud-based repositories that provide features like version control, bug tracking, and project collaboration.
Question 31
What are some sites that offer reverse image search?
a) Shodan, Tenable, Metasploit
b) Google, TinEye, Yandex
c) Nessus, Retina, CloudForge
d) Amazon, Bing, CVE
Correct Answer: Google, TinEye, Yandex
Explanation: Google, TinEye, and Yandex offer reverse image search services, which allow users to upload an image to find related images or websites.
Question 32
What are 5 tools to investigate a website?
a) Firefox, Chrome, Safari, Internet Explorer, and Opera
b) Nmap, Metasploit, DirBuster, forced browsing, and web spiders
c) Word, Excel, PowerPoint, Outlook, and OneNote
d) Facebook, Twitter, LinkedIn, Instagram, and TikTok
Correct Answer: Nmap, Metasploit, DirBuster, forced browsing, and web spiders
Explanation: These tools are used for web investigation, including port scanning, exploiting vulnerabilities, and identifying unlinked URLs.
Question 33
What is a robots.txt file?
a) A file that enhances web application security
b) A file that tells search engine bots where they are allowed to crawl
c) A file used to store network configuration data
d) A malware scanning configuration file
Correct Answer: A file that tells search engine bots where they are allowed to crawl
Explanation: A robots.txt file is found in the root directory of a website and specifies which parts of the site search engines are allowed or disallowed from indexing.
Question 34
What is the importance of a digital certificate’s SAN?
a) It secures the content in email transmissions
b) It identifies specific subdomains covered by the certificate
c) It encrypts VPN communication
d) It helps manage encryption keys
Correct Answer: It identifies specific subdomains covered by the certificate
Explanation: The Subject Alternative Name (SAN) field in a digital certificate allows for the inclusion of multiple subdomains or hostnames under one certificate.
Question 35
What are a certificate’s CT logs?
a) Logs of changes to server configurations
b) Logs of digital certificate authorities, which are publicly accessible
c) Logs of successful network penetration tests
d) Logs tracking software updates
Correct Answer: Logs of digital certificate authorities, which are publicly accessible
Explanation: Certificate Transparency (CT) logs contain public records of certificates issued by Certificate Authorities (CAs), helping to detect rogue or misissued certificates.
Question 36
What is the significance of CRL and OCSP regarding certificates?
a) They identify software bugs in encryption algorithms
b) They check the status of certificates to determine validity
c) They enhance encryption strength for data in transit
d) They provide a backup for lost encryption keys
Correct Answer: They check the status of certificates to determine validity
Explanation: The Certificate Revocation List (CRL) and the Online Certificate Status Protocol (OCSP) are methods for checking whether a certificate has been revoked.
Question 37
Explain the 2 ways a certificate is checked for validity:
a) By verifying against CRL or checking with OCSP
b) By decoding the certificate’s public key
c) By analyzing the certificate’s expiry date
d) By comparing it to a firewall rule set
Correct Answer: By verifying against CRL or checking with OCSP
Explanation: Certificates are validated by checking their status with either the CRL or OCSP to see if they have been revoked or are still valid.
Question 38
What is Metagoofil?
a) A web application firewall
b) A Python-based tool for extracting metadata from public documents
c) A file encryption software
d) A tool for DNS enumeration
Correct Answer: A Python-based tool for extracting metadata from public documents
Explanation: Metagoofil is a Linux-based tool that searches Google for public documents and extracts metadata such as usernames and software versions.
Question 39
What is FOCA?
a) A Linux-based vulnerability scanning tool
b) A Windows OSINT tool for discovering metadata in documents
c) A tool for password cracking
d) A network scanning tool
Correct Answer: A Windows OSINT tool for discovering metadata in documents
Explanation: FOCA (Fingerprinting Organizations with Collected Archives) is an open-source intelligence tool that extracts metadata from documents found online.
Question 40
Explain OSINT tool TheHarvester (CLI):
a) A command-line tool to extract metadata from files
b) A tool for automated gathering of open-source intelligence like subdomains and email addresses
c) A command-line interface for creating phishing campaigns
d) A tool for encrypting sensitive data
Correct Answer: A tool for automated gathering of open-source intelligence like subdomains and email addresses
Explanation: TheHarvester automates the collection of OSINT, including subdomains, email addresses, and PGP key entries, from various public sources.
