Podcast
Questions and Answers
Which of these are types of information you are looking to collect about an organization during the information gathering phase? (Select all that apply)
Which of these are types of information you are looking to collect about an organization during the information gathering phase? (Select all that apply)
What is the term used for discovering information from public data sources available on the Internet?
What is the term used for discovering information from public data sources available on the Internet?
Which of these are techniques used for website reconnaissance? (Select all that apply)
Which of these are techniques used for website reconnaissance? (Select all that apply)
What is the term used for an information gathering technique in which specific keywords are used to search Google or other search engines?
What is the term used for an information gathering technique in which specific keywords are used to search Google or other search engines?
Signup and view all the answers
What is the name of a program in Kali Linux used to collect public information from resources such as Google, LinkedIn, Twitter and Bing?
What is the name of a program in Kali Linux used to collect public information from resources such as Google, LinkedIn, Twitter and Bing?
Signup and view all the answers
What is the name of a widely used database search used to discover domain name information and IP address information about a company?
What is the name of a widely used database search used to discover domain name information and IP address information about a company?
Signup and view all the answers
Which of these are common tools used for DNS profiling? (Select all that apply)
Which of these are common tools used for DNS profiling? (Select all that apply)
Signup and view all the answers
Which of these methods can modify the timing of a Nmap scan?
Which of these methods can modify the timing of a Nmap scan?
Signup and view all the answers
Which Nmap switch is used to perform a port scan and identify the version of the software running on each port?
Which Nmap switch is used to perform a port scan and identify the version of the software running on each port?
Signup and view all the answers
Which of these tools are typically used to identify systems that are running on a network? (Select all that apply)
Which of these tools are typically used to identify systems that are running on a network? (Select all that apply)
Signup and view all the answers
Which of these tools are often used to gather information for OSINT? (Select all that apply)
Which of these tools are often used to gather information for OSINT? (Select all that apply)
Signup and view all the answers
Vulnerability scanning is considered a passive assessment because you are not actively trying to exploit the system.
Vulnerability scanning is considered a passive assessment because you are not actively trying to exploit the system.
Signup and view all the answers
What is the term used to describe the process of connecting to and interrogating a network or system to retrieve information about that network or system?
What is the term used to describe the process of connecting to and interrogating a network or system to retrieve information about that network or system?
Signup and view all the answers
Nmap can be used to identify hosts and services, along with identifying the operating system and the version of the software running on those systems?
Nmap can be used to identify hosts and services, along with identifying the operating system and the version of the software running on those systems?
Signup and view all the answers
Which Nmap switch is often used to perform a basic ping sweep across a network?
Which Nmap switch is often used to perform a basic ping sweep across a network?
Signup and view all the answers
A TCP connect scan is considered more stealthy, compared to a SYN scan, as it does not perform a full handshake?
A TCP connect scan is considered more stealthy, compared to a SYN scan, as it does not perform a full handshake?
Signup and view all the answers
Which Nmap switch allows you to specify the ports to scan?
Which Nmap switch allows you to specify the ports to scan?
Signup and view all the answers
Which Nmap switch is used to specify a file containing a list of targets to scan?
Which Nmap switch is used to specify a file containing a list of targets to scan?
Signup and view all the answers
Which of these are common techniques used to detect and avoid security solutions like WAFs (web application firewalls) and intrusion detection systems?
Which of these are common techniques used to detect and avoid security solutions like WAFs (web application firewalls) and intrusion detection systems?
Signup and view all the answers
What is the purpose of a ping sweep within the context of active reconnaissance?
What is the purpose of a ping sweep within the context of active reconnaissance?
Signup and view all the answers
What is the primary purpose of using the '-sT' flag within Nmap?
What is the primary purpose of using the '-sT' flag within Nmap?
Signup and view all the answers
Which of these are common steps involved in enumeration? (Select all that apply)
Which of these are common steps involved in enumeration? (Select all that apply)
Signup and view all the answers
Which of these are common tools or techniques used to detect load balancers? (Select all that apply)
Which of these are common tools or techniques used to detect load balancers? (Select all that apply)
Signup and view all the answers
What is the purpose of using 'Recon-ng' in the context of OSINT gathering?
What is the purpose of using 'Recon-ng' in the context of OSINT gathering?
Signup and view all the answers
What is the primary purpose of using security tokens within an application?
What is the primary purpose of using security tokens within an application?
Signup and view all the answers
A common penetration testing technique is to fingerprint the target operating system as a first step in the vulnerability identification process.
A common penetration testing technique is to fingerprint the target operating system as a first step in the vulnerability identification process.
Signup and view all the answers
What is a primary advantage of using the '-sV' flag with Nmap?
What is a primary advantage of using the '-sV' flag with Nmap?
Signup and view all the answers
Study Notes
Exam Objectives
- Knowing the difference between passive and active information gathering
- Understanding open-source intelligence (OSINT) gathering
- Using DNS profiling
- Using Nmap for active scanning
- Being familiar with enumeration techniques
- Understanding vulnerabilities in your targets
- Performing vulnerability scans and analyzing results
- Mapping vulnerabilities to exploits
- Learning the types of weaknesses in specialized systems
Chapter 3: Information Gathering
- After planning and scoping the penetration testing, the next phase is information gathering and vulnerability identification.
- Tools are used to discover information about an organization or company before penetration testing begins.
- Examples of information gathered during this phase:
- Email addresses and phone numbers of employees (for social engineering)
- Public IP addresses used by the organization
- Target systems that are running
- Open ports on target systems
- Software used on target systems
- Whether the software is running in the cloud or is self-hosted
Chapter 4: Vulnerability Identification
- After reconnaissance, the next phase is vulnerability identification.
- Vulnerability scanning is a passive assessment, not an attempt to exploit the system.
- A vulnerability is a weakness in a system that can be exploited to compromise security.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
