Cybersecurity Penetration Testing Quiz

Questions and Answers

What best defines a penetration tester?

• An unauthorized individual trying to infiltrate a network
• An authorized threat actor identifying vulnerabilities (correct)
• An analyst whose role is to create security policies
• A cybersecurity professional focused solely on data analysis

What does the term 'risk' mean in the context of cybersecurity?

• The actual harm done to information technology systems
• The process of removing vulnerabilities from a system
• The probability that a threat will be realized (correct)
• The measures taken to protect systems from threats

Which of the following is a key objective in the planning and scoping phase of penetration testing?

• Identifying unauthorized access points
• Conducting root cause analysis
• Maintaining an ethical hacking mindset (correct)
• Implementing security measures

What is described as a vulnerability in a system?

Any weakness in system design or implementation (D)

Which role is primarily responsible for minimizing vulnerabilities within an organization?

Cybersecurity analyst (A)

What distinguishes a threat from a vulnerability?

A threat is a potential harm, whereas a vulnerability is a weakness (A)

In the planning and scoping of penetration testing, why is understanding organizational/customer requirements crucial?

To ensure the project will align with business objectives (C)

What is a common misconception about the role of a penetration tester?

They do not need to maintain professionalism during tests (C)

What is the primary function of logical security measures?

To prevent or restrict access to a system through hardware or software (D)

Which of the following is an example of physical security?

Security badges for personnel access (C)

What distinguishes continuous monitoring from auditing?

Continuous monitoring is an ongoing process that evaluates systems continually (C)

What is one of the main components of a pentest methodology?

It simulates the steps taken by threat actors or hackers (C)

Which type of monitoring is crucial for ensuring that an organization’s security is actively evaluated?

Continuous monitoring of system users and configurations (B)

Which of the following is NOT an example of logical security?

Locks on doors (A)

What is the purpose of auditing in the context of security?

To perform a one-time evaluation of the security posture (C)

What should organizations do to ensure effective continuous monitoring?

Automate the monitoring process as much as possible (A)

Which of the following methods is associated with the protection of personnel and facilities?

Access control vestibules (D)

Why is change management important in the context of continuous monitoring?

It provides structure for tracking modifications to the system (A)

What is the primary purpose of the Wassenaar Arrangement?

To prevent the exportation of dual-use technology. (A)

Which of the following tools is known for its capabilities in decrypting various encryption protocols?

Wireshark (D)

Why are Rules of Engagement (ROE) important in penetration testing?

They ensure both parties understand the testing boundaries. (B)

What should be included in the Rules of Engagement regarding locations?

Authorized locations, especially those crossing international borders. (D)

What is the significance of time restrictions in penetration testing?

They specify when testing can occur, including normal business hours. (B)

What are dual-use technologies in the context of the Wassenaar Arrangement?

Technologies that can serve both civilian and military applications. (A)

How does Wireshark function as a protocol analysis tool?

It captures and analyzes network traffic. (C)

What aspect of penetration testing does transparency refer to?

Full disclosure of testing objectives and findings. (B)

What does a 404 error code signify?

Non-existent resource requested by client (C)

Which of the following error codes represents a client request error?

401 (B)

What does the 502 error code indicate?

Bad gateway when acting as a proxy (D)

Which HTTP status code indicates a general error occurred on the server-side?

500 (C)

What could a 503 error code indicate?

Service unavailable due to server overload (A)

Which range of HTTP status codes indicates client errors?

4xx (B)

What does error code 401 specifically indicate?

Request lacks proper authorization (B)

Which of the following error codes indicates a server overload situation?

503 (A)

Which HTTP status code means that the request could not be parsed by the server?

400 (A)

What status code indicates insufficient permissions for a request?

403 (C)

What is the primary purpose of fingerprinting in the context of network security?

To identify the software version or operating system in use (C)

Which command is specifically mentioned as useful for enumerating a Windows host?

net (C)

How does banner grabbing typically function?

By connecting to a specific port running a service (B)

What does the term 'living off the land' refer to in the context of enumeration?

Utilizing default tools available on a regular workstation (D)

What type of scanning is considered to be the most detailed?

Fingerprinting (A)

Which protocol does the ARP command primarily rely on for enumerating a Windows host?

Address Resolution Protocol (ARP) (B)

What is a potential application of the 'arp' command in host enumeration?

Getting a list of recently communicated MAC addresses (D)

Which of the following best describes enumeration in comparison to scanning?

Enumeration is more systematic and in-depth. (C)

What is the primary purpose of an Organizational Unit (OU) in a domain?

To group similar objects like users and computers (D)

Which command in PowerShell lists all users logged into a specific computer?

Get-NetLoggedon (D)

What does the 'net user' command accomplish?

Lists all the users on the machine (B)

What type of collection is a Group considered to be?

A collection of user accounts (C)

Which tool would primarily be used for domain enumeration within a penetration test?

Metasploit (B)

What does the command 'Get-NetGroupMember' accomplish in a domain?

Lists members of a specified group (A)

In the context of domain management, what is a User designed to represent?

A person or process accessing a resource (B)

What type of tool is typically used to gain more information about web servers or applications?

Various enumeration tools (C)

Flashcards

Engagement (Penetration Testing)

A single penetration testing project, planned and agreed upon by the client and the testing team.

Penetration Tester

An authorized person who identifies and exploits vulnerabilities to test systems.

Risk (Cybersecurity)

The likelihood that a threat will cause harm.

Vulnerability

A weakness in a system's design or implementation.

Threat (Cybersecurity)

Anything that could harm information technology systems.

Cybersecurity Analyst

A role that focuses on minimizing vulnerabilities.

Scoping & Organizational Requirements

Importance of defining project boundaries and specific needs from the client.

Ethical Hacking Mindset

Maintaining professionalism and integrity during penetration testing.

What are Rules of Engagement (ROE)?

The written agreement between the client and the penetration tester outlining the boundaries and expectations of the test.

Why are timelines important in penetration testing?

Timelines define the period during which the penetration test will take place, providing a structure for the process.

What are time restrictions?

Specific time periods when penetration testers are permitted or prohibited from conducting exploits and attacks.

Why specify locations in ROE?

Locations clarify the authorized areas where the penetration test can be conducted, including those that cross international borders.

What is transparency in penetration testing?

Open communication and information sharing between the penetration tester and the client throughout the test.

What is the Wassenaar Arrangement?

An international agreement that restricts the export of technology that could be used for weapons development, including penetration testing tools.

What are US Export Administration Regulations (EAR)?

Regulations that govern the export of certain technologies, including penetration testing tools that could be used for military purposes.

Wireshark

A powerful open-source protocol analysis tool that can decrypt many different types of encryption protocols.

Logical Security Controls

Implemented through hardware or software to prevent or restrict access to a system. Examples include firewalls, intrusion detection systems, and encryption.

Physical Security Controls

Measures protecting personnel and facilities. Examples include fences, locks, and security badges.

Auditing (Security)

A one-time evaluation of a system's security posture.

Monitoring (Security)

An ongoing process that continually evaluates the system or its users. Includes change management, configuration management, log monitoring, and status report analysis.

PenTest Methodology

A systematic approach a pentester uses before, during, and after a penetration test. It's similar to the steps a hacker would take.

What is a methodology?

A system of methods used in a particular area of study or activity.

What are the steps in a PenTest?

A Penetration Test typically follows a methodology, which includes planning, information gathering, vulnerability scanning, exploitation, reporting, and remediation.

Why is Continuous Monitoring Important?

It helps identify vulnerabilities and security threats in real-time. By automating the process, organizations can quickly respond to security incidents.

Change Management (Security)

A process that controls and tracks any changes to a system or its configuration.

Configuration Management (Security)

Ensures that systems are configured and maintained according to security policies and best practices.

Fingerprinting (Network)

Identifying the operating system, service, or software version used by a host, system, or network.

Banner Grabbing

Using tools like Netcat, wget, or telnet to connect to a specific port and retrieve information about the service running on that port.

Scanning

A general overview of a network or system to gather basic information about its structure and hosts.

Enumeration

A more detailed investigation of a network or system, exploring specific services and resources.

Fingerprinting (Detailed)

The most detailed level of information gathering, aiming to pinpoint specific software versions and configurations.

Host Enumeration

Gathering information about specific devices (servers, workstations, clients, etc.) on a network.

Living off the Land (LOL)

Using pre-installed tools available on a target system for enumeration, minimizing detection.

ARP Cache

A table stored on a Windows host, containing MAC addresses of recently communicated devices.

HTTP Status Code

A numerical code returned by a web server indicating the status of a client's request.

What does 200 indicate?

It means the request was successfully completed and the server returned the requested content.

What does 300 indicate?

It implies a redirect, meaning the server has sent the client to a different URL.

What does 400 indicate?

It denotes an error in the client's request, preventing the server from processing it.

What does 401 indicate?

This means that the client's request requires authentication but has not provided valid credentials.

What does 403 indicate?

It signifies that the client is unauthorized to access the requested resource, even if they are authenticated.

What does 404 indicate?

It denotes that the requested resource doesn't exist on the server.

What does 500 indicate?

A general error occurred on the server side, preventing the request from completing successfully.

What does 502 indicate?

It signifies a gateway error, occurring when a server acting as a proxy encounters an issue.

What does 503 indicate?

It means the server is temporarily unavailable due to overload, maintenance, or other issues.

Organizational Unit (OU)

A way to group similar objects like computers, users, or groups within a domain.

Domain Enumeration

The process of identifying and listing the users, groups, and computers within a domain.

PowerShell

A powerful command-line interface used for system administration and automation.

Get-NetDomain

A PowerShell command that lists the domain the current user is logged into.

Get-NetLoggedon

A PowerShell command that displays all the users logged into a specific computer.

Get-NetGroupMember

A PowerShell command to list all the members of a specific group in a domain.

net user

A command-line tool to list all the users on a specific computer.

net groups

A command-line tool to list all the groups on a specific computer.

Study Notes

CompTIA PenTest+ (PT0-002) Study Notes

• Intermediate-level certification for technical professionals who conduct penetration testing and vulnerability management across on-premise, cloud, and hybrid environments.
• Recommended prerequisites include intermediate-level security professionals with at least 3-4 years of broad hands-on experience, Security+, and CySA+ certification (though not strictly required).
• The CompTIA Security+ exam knowledge is assumed.
• The exam covers five domains: Planning and Scoping, Information Gathering and Vulnerability Scanning, Attacks and Exploits, Reporting and Communication, and Tools and Code Analysis.
• The exam includes 90 multiple-choice and multiple-select questions and 3-5 performance-based questions (PBQs).
• The exam duration is 165 minutes.
• A passing score is 750 points out of 900 (80-85%).
• Exam vouchers can be purchased at store.comptia.org for regular pricing or at a 10% discount at diontraining.com/vouchers.

Penetration Testing/Vulnerability Assessment Stages

• Planning and scoping
• Reconnaissance
• Scanning
• Enumeration
• Attack
• Exploitation
• Reporting
• Communication

Exam Tips and Tricks

• Closed captions and adjustable playback speed are available.
• Download and print the study guide.
• Join the Dion Training Facebook group (facebook.com/groups/diontraining).
• Email [email protected] if you don't have a Facebook account.
• Be aware of distractors and red herrings.
• Base answers on study materials, not personal experience.
• Choose the answer correct in the majority of situations.
• Focus on understanding the 'why' behind tool usage in tool-based questions.

Planning an Engagement

• A singular penetration testing project, planned and scoped by the requesting client and performing analysts.
• Domain 1: Planning and Scoping
  • Objective 1.1: Compare and contrast governance, risk, and compliance concepts.
  • Objective 1.2: Explain the importance of scoping and organizational/customer requirements.
  • Objective 1.3: Demonstrate an ethical hacking mindset by maintaining professionalism and integrity, given a scenario.
• Penetration Tester
  • An authorized threat actor who tries to identify how unauthorized intruders could damage a network.
• Risk: The probability that a threat will be realized.
  • Cybersecurity Analyst: Minimizes vulnerabilities
  • Penetration Tester: Finds and exploits vulnerabilities
• Vulnerability: Any weakness in the system design or implementation.
• Threat: Anything that could cause harm, loss, damage, or compromise to information technology systems.
• Risk Management: Finds ways to minimize the likelihood of a certain outcome, from occurring and to achieve desired outcomes.
  • Risk Types: Inherent Risk, Residual Risk, Risk Exception
  • Risk Handling: Risk Avoidance, Risk Mitigation, Risk Acceptance, Risk Transfer
• Controls: Categories: Compensative, Used in primary access control measures in order to mitigate a given risk, Example: Dual control

Corrective, Detective, Deterrent, Directive and Preventive Controls

• Corrective: Reduces the effect of an undesirable event or attack.
• Detective: Detects ongoing attacks and notifies the right personnel.
• Deterrent: Discourages security policy violations.
• Directive: Forces compliance with security policies and practices within organizations.
• Preventive: Prevents or stops attacks from occurring.
• Recovery: Recovers lost data, systems, and functionality after an attack.

Legal Concepts

• Written Permission: Prevents a penetration tester from going to prison. (Essential for ethical hacking operations)
• Written Permission Information: Includes authorized names, test inclusions, authorization validity, data handling requirements, reporting guidelines, and termination guidelines.
• Statement of Work (SOW): A formal document outlining tasks and deliverables, with clear specifications for the engagement.
• Master Service Agreement (MSA): Special contract to govern future transactions.
• Service-Level Agreement(SLA): A detailed agreement between the service provider (penetration tester) and the client regarding the security service being provided.

Risk Management

• Inherent Risk: Occurs when a risk is discovered, but no mitigation methods have been applied.
• Residual Risk: Calculated risk after applying mitigation methods and security controls.
• Risk Exception: Risk created by exemption from corporate policy compliance.

NIST Special Publication 800-115

• Technical Guide to Information Security Testing and Assessment.
• Mimics tactics, techniques, and procedures (TTPs) used by an actual attacker

MITRE ATT&CK Framework

• A knowledge base of adversary tactics, techniques, and procedures (TTPs) in real-world attacks.

Penetration Standards

• Open Web Application Security Project (OWASP): Community-led group for securing the web.
• OWASP Top 10: Standard awareness document for developers and web application security.
• Open-Source Security Testing Methodology Manual (OSSTMM): A methodology for security testing.

Penetration Testing Execution Standard (PTES)

• A common language and scope for performing penetration tests.

Information Systems Security Assessment Framework (ISSAF)

• A comprehensive guide used in penetration testing.