What tools would you use to identify vulnerabilities in the systems? (Choose two.)
(A) OpenVAS
(B) Nessus
(C) Hydra
(D) Metasploit
(E) Nmap
6. During a penetration test you are looking to perform a MiTM attack. Which of the following tools would you use to perform the attack?
(A) Hydra
(B) Metasploit
(C) arpspoof
(D) John
7. You are performing a penetration test on a wireless network. You would like to deauthenticate the clients from the access point. What tool would you use?
(A) Aircrack-ng
(B) Aireplay-ng
(C) Airodump-ng
(D) Deauth-ng
8. While performing a penetration test on a wireless network, you decide to try to brute force the WPS pin on the wireless access point. What command would you use in Kali Linux?
(A) aircrack-ng
(B) mimikatz
(C) reaver
(D) wpscrack-ng
9. You are assessing the security of a web application running on a web server within the DMZ. Which of the following represents an example of a command injection attack?
(A) http://site/showData.php?id=1;phpinfo()
(B) http://site/purchase.aspx?redirect=confirmation.aspx
(C) http://site/prodt.php?id=5;update%20products%20set%20price=.50
(D) http://site/showData.php?dir=%3Bcat%20/etc/passwd
10. You are performing a penetration test for a customer and have exploited a system and gained a meterpreter session. What post-exploitation command was used to obtain the following output?
Admin:500:b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648cGuest:501:b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648ctestUser:1024:b45a8125648cbddf2c4272c:bddf2c4272cb45a8125648c
(A) hashdump
(B) hydra
(C) kill av
(D) truncate
11. You are assessing the security of a web application. What tool would you use to identify vulnerabilities on a website?
(A) SQLdict
(B) Nmap
(C) Nikto
(D) Hydra
12. You have obtained the password hash for the administrator account on a system. What tool would you use to crack the password hash?
(A) Hashdump
(B) Nmap
(C) Aircrack-ng
(D) Hashcat
13. During an authorized penetration test, you have used Nmap to locate systems on the network running RDP. What command would you use to perform password cracking using RDP traffic to the system?
(A) mimikatz
(B) hashcat
(C) hydra
(D) hashdump
14. What language was used to write the following code?
startTime = datetime.now() try: for port in range(1,1024): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) result = sock.connect_ex((remoteSystemIP, port)) if result == 0: print "Port {}: Open".format(port) sock.close()
(A) PowerShell
(B) Python
(C) Ruby
(D) Bash
15. While performing a penetration test for a customer, you notice there is evidence of a previous security compromise on the web server. What should you do?
(A) Make a note of it and continue the pentest
(B) Continue the pentest and add evidence to the report
(C) Patch the system and continue the pentest
(D) Halt the pentest and discuss the findings with the stakeholder
Answers
1 D. The information gathering and vulnerability identification phase uses tools to discover systems, services running on those systems, and vulnerabilities that exist on those systems. See Chapter 1.
2 C. Customers should have penetration testers sign a non-disclosure agreement (NDA) before starting the penetration test. See Chapter 2.
3 B, E. Recon-ng and Maltego are examples of OSINT tools used to discover public information about a customer. See Chapter 3.
4 A. You can use the -Pn parameter on Nmap to disable ping operations when performing a port scan. See Chapter 3.
5 A, B. OpenVAS and Nessus are examples of vulnerability scanners that can be used to discover vulnerabilities on a system. See Chapter 4.
6 C. arpspoof is an example of a tool that can be used during a MiTM attack. arpspoof is used to poison the ARP cache of systems so that the attacker can place themselves in the middle of the communication. See Chapter 5.
7 B. Aireplay-ng is a tool used to generate different types of wireless traffic, including a deauthentication packet that is used to instruct clients to disconnect. See Chapter 6.
8 C.
