- web.groovymark@gmail.com
- December 5, 2024
Question 21
What is the “unknown environment” test strategy?
a) A method of testing where the team has no prior knowledge of the system
b) A testing strategy for cloud-based systems only
c) Testing that focuses on gathering metadata from files
d) Testing with complete access to source code
Correct Answer: A method of testing where the team has no prior knowledge of the system
Explanation: The unknown environment strategy mimics an attacker with no prior information about the network or system.
Question 22
Explain the “partially known environment” test strategy:
a) Testing where the team has no knowledge of the system
b) Testing conducted with limited information, such as code or internal functionality
c) Testing without source code but with access to physical systems
d) A test conducted only after vulnerabilities are fixed
Correct Answer: Testing conducted with limited information, such as code or internal functionality
Explanation: Partially known environment tests provide limited details to the PenTest team, allowing for focused testing on specific vulnerabilities.
Question 23
What are the three types of environment testing strategies?
a) Cloud, external, and internal testing
b) Black box, white box, and gray box testing
c) Known, unknown, and partially known environment testing
d) Web, mobile, and API testing
Correct Answer: Known, unknown, and partially known environment testing
Explanation: These three testing strategies define how much knowledge the PenTesting team has about the system.
Question 24
What should be discussed with stakeholders when determining the test scope?
a) Scope of assets and excluded elements
b) Only the budget of the test
c) Details of previous vulnerabilities found
d) Social engineering policies
Correct Answer: Scope of assets and excluded elements
Explanation: The test scope should clearly outline which assets are in scope, exclusions, timelines, restrictions, and relevant laws.
Question 25
What is an MSA (Master Service Agreement)?
a) A document that sets the terms of a particular project
b) A contract that outlines ongoing business relationship guidelines between two parties
c) A method for ensuring compliance with PCI DSS
d) A type of firewall setting for PenTest teams
Correct Answer: A contract that outlines ongoing business relationship guidelines between two parties
Explanation: An MSA is a general contract outlining guidelines for future engagements between two parties, allowing for flexibility in specific agreements.
Question 26
What is a SOW (Statement of Work)?
a) A detailed document outlining specific expectations for a business arrangement
b) A type of security assessment for internal assets
c) A test conducted in the post-compromise phase
d) A method for configuring DNS servers
Correct Answer: A detailed document outlining specific expectations for a business arrangement
Explanation: A SOW outlines deliverables, responsibilities, schedules, and other terms for a specific project or business agreement.
Question 27
What is an SLA (Service-Level Agreement)?
a) A type of cybersecurity standard
b) A contract outlining the terms of a service, including performance metrics and penalties
c) A methodology for penetration testing web applications
d) An audit performed after every test
Correct Answer: A contract outlining the terms of a service, including performance metrics and penalties
Explanation: SLAs define the level of service expected between a provider and client, with specific metrics for measuring performance and penalties for non-compliance.
Question 28
What are DNS records like MX, NS, TXT, and SRV used for?
a) To track server vulnerabilities
b) For storing malicious code
c) To provide critical information about domain services like mail servers and text data
d) To test vulnerability scans on DNS servers
Correct Answer: To provide critical information about domain services like mail servers and text data
Explanation: DNS records like MX (mail), NS (nameserver), TXT (text), and SRV (services) provide important information about how domains function.
Question 29
What is nslookup?
a) A tool for performing vulnerability assessments
b) A command-line tool to query domain records in DNS
c) A tool for scanning networks for open ports
d) A type of firewall configuration
Correct Answer: A command-line tool to query domain records in DNS
Explanation: Nslookup is used to query DNS and view records related to a domain.
Question 30
What is Dig used for?
a) A tool for mapping internal network devices
b) A tool for performing reverse DNS lookups and resolving IP addresses to domain names
c) A vulnerability scanner
d) A tool for collecting metadata
Correct Answer: A tool for performing reverse DNS lookups and resolving IP addresses to domain names
Explanation: Dig is used for DNS diagnostics, including reverse lookups that map IP addresses to domain names.
Question 31
If you want to capture the SQL statement and bind variables when performing a standard statement audit, which value should the AUDIT_TRAIL parameter have?
A) NONE
B) DB
C) DB,EXTENDED
D) OS
E) OS,EXTENDED
Correct Answer: C) DB,EXTENDED
Explanation: The DB,EXTENDED setting for AUDIT_TRAIL captures SQL statements and bind variables during audits.
Question 32
Which of the following statements give user desmond the ability to alter table gl.accounts?
A) grant alter on gl.accounts to desmond;
B) grant alter to desmond on gl.accounts;
C) grant alter table to desmond;
D) allow desmond to alter table gl.accounts;
Correct Answer: A) grant alter on gl.accounts to desmond.
Explanation: The correct syntax for granting the ALTER privilege on a specific table is grant alter on gl.accounts to desmond.
Question 33
Which of the following statements has the correct syntax and gives the ability to grant the privilege to other users?
A) grant alter any table with grant option to desmond;
B) grant alter on gl.accounts to desmond with admin option;
C) grant alter any table to desmond with grant option;
D) grant alter any table to desmond with admin option;
Correct Answer: D) grant alter any table to desmond with admin option.
Explanation: The correct syntax for granting a system privilege with the ability to grant it to others is to use with admin option.
Question 34
Examine the CREATE USER statement and choose which of the following options best applies.
A) JOHN will not be able to log in to the database using SQL Plus until the DBA changes his password.
B) JOHN is authenticated by the database.
C) When tables are being created, if JOHN did not specify the TABLESPACE clause, the table will be created on the DATA01 tablespace.
D) Specifying unlimited space quota on INDEX01 is a redundant step because INDEX01 is JOHN’s default tablespace.
Correct Answer: B) JOHN is authenticated by the database.
Explanation: The user JOHN is authenticated by the database based on the password specified in the CREATE USER statement.
Question 35
User system granted the SELECT privilege on sh.products to user ian using WITH GRANT OPTION. Ian then granted SELECT on sh.products to user stuart. Ian has left the company, and his account has been dropped. What happens to Stuart’s privileges on sh.products?
A) Stuart loses his SELECT privilege on sh.products.
B) Stuart retains his SELECT privilege on sh.products.
C) Stuart loses his SELECT privilege if Ian was dropped with the CASCADE REVOKE option.
D) Stuart retains his SELECT privilege if Ian was dropped with the NOCASCADE REVOKE option.
Correct Answer: A) Stuart loses his SELECT privilege on sh.products.
Explanation: When object privileges are granted through an intermediary, they are revoked when the intermediary is dropped.
Question 36
User system granted the SELECT ANY TABLE privilege to user ian using WITH ADMIN OPTION. Ian then granted SELECT ANY TABLE to user stuart. Ian has left the company, and his account has been dropped. What happens to Stuart’s privileges?
A) Stuart loses his privileges.
B) Stuart retains his privileges.
C) Stuart loses his privileges if Ian was dropped with the CASCADE REVOKE option.
D) Stuart retains his privileges if Ian was dropped with the NOCASCADE REVOKE option.
Correct Answer: B) Stuart retains his privileges.
Explanation: System privileges are not affected by the removal of the user who granted them.
Question 37
Which of the following system privileges should be granted judiciously because they can allow the grantee to masquerade as another user?
A) CREATE ANY JOB
B) ALTER USER
C) CREATE ANY PROCEDURE
D) All of the above
Correct Answer: D) All of the above
Explanation: These system privileges allow actions that can be exploited to execute code or impersonate other users.
Question 38
Which of the following statements enables the role user_admin in the current session?
A) alter session enable role user_admin;
B) alter session set role user_admin;
C) alter role user_admin enable;
D) set role user_admin;
Correct Answer: D) set role user_admin;
Explanation: The set role statement is used to enable roles within the current session.
Question 39
Which of the following SQL statements allows user augustin to use the privileges associated with the password-protected role info_czar that has been granted to him?
A) set role all;
B) alter user augustin default role all;
C) alter session enable role info_czar;
D) alter session enable info_czar identified by brozo;
Correct Answer: B) alter user augustin default role all.
Explanation: Specifying a role as a default role allows it to be used without explicitly setting it in the session.
Question 40
By default, how much space can any account use for a new table?
A) None
B) Up to the current free space in the tablespace
C) Unlimited space, including autoextends
D) Up to the default quota established at tablespace creation time
Correct Answer: A) None
Explanation: By default, new user accounts do not have any space quota in tablespaces until a quota is explicitly assigned.