PenTest+ Test Questions & Answers

Document Content and Description Below

PenTest+ Test Questions & Answers Mika runs the following Nmap scan: Nmap -sU -sT -p 1-65535 example.com What information will she receive? - ✔✔Vulnerability scanner. UDP scan. TCP connect/full... connect scan, meaning the user can't create raw packets for a SYN scan or is scanning an IPv6 network. Results for ports 1-65535. What technique is being used in the following command: Host -t axfr domain.com dns1.domain.com - ✔✔Zone Transfer. The axfr flag indicates a zone transfer in both dig and host utilities. After running an Nmap scan of a system, Lauren discovers that TCP ports 139, 443, and 3389 are open. What operating system is she most likely to discover running on the system? - ✔✔Windows. Port 3389 is Remote Desktop Protocol (RDP). Charles runs an Nmap scan using the following command: Nmap -sT -sV -T2 -p 1-65535 example.com After watching the scan run for over two hours, he realizes that he needs to optimize the scan .Which of the following is not a useful way to speed up his scan? - ✔✔Only scanning via UDP will not miss any TCP connections. Setting the scan to faster timing (3 or faster), changing from a TCP connect scan to a TCP SYN scan, or limiting the number of ports tested are all valid ways to speed up a scan. Karen identifies TCP port 8080 and 8443 open on a remote system during a port scan. What tool is her best option to manually validate the services running on these ports? - ✔✔A web browser. Many system administrators move services from their common service ports to alternate ports and 808 and 8443 are likely alternate HTTP (TCP 80) and HTTPS (TCP 443) server ports, and she will use a web browser to connect to those ports to check them. Angela recovered a PNG image during the early intelligence-gathering phase of a penetration test and wants to examine it for useful metadata. What tool could she most successfully use to do this? - ✔✔Exiftool is designed to pull metadata from images and other files. Duran an Nmap scan, Casey uses the -o flag. The scan identifies the host as follows: Running Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.33 What can she determine from this information? - ✔✔OS identification in Nmap is based on a variety of response attributes. In this case, Nmap's best guess is that the remote host is running a Linux 2.6.9-2.6.33 kernel, but it cannot be more specific. What is the full range of ports that a UDP service can run on? - ✔✔1-65,535 Steve is working from an unprivileged user account that was obtained as part of a penetration test. He has discovered that the host he is on has Nmap installed and wants to scan other hosts in his subnet to identify potential targets as part of a pivot attempt. What Nmap flag is he likely to have to use to successfully scan hosts from this account? - ✔✔-sT the TCP connect scan is often used when an un-privileged account is the tester's only option. Which of the following tools provides information about a domain's registrar and physical location? - ✔✔Whois provides information that can include the organiztion's physical address, registrar, contact information, and other details. Chris runs an Nmap scan of 10.10.0.0/16 network that his employer uses as an internal network range for the entire organization. If he uses the -T0 flag, what issue is he likely to encounter? - ✔✔The -T flag in Nmap is used to set scan timing. Timing setting range from 0 (paranoid) to 5 (insane). By default, it operates at 3, or normal. With timing set to a very slow speed, Chris will run his scan for a very, very long time on a /16 network. Which of the following Nmap output formats is unlikely to be useful for a penetration tester? - ✔✔The Script Kiddie output format that Nmap supports is entirely for fun-you should never have a practical need to use the -os flag for an actual penetration test. During an early phase of his penetration test, Mike recovers a binary executable file he wants to quickly analyze for useful information. Which of the following tools will quickly give him a view of potentially useful information in the binary? - ✔✔The Strings command parses a file for strings of text and outputs them. It is often useful for analyzing binary files, since you can quickly check for useful information with a single quick command-line too. Jack is conducting a penetration test for a customer in Japan. What NIC is he most likely to need to check for information about his client's networks? - ✔✔APNIC (Asian Pacific Network Interface Card) Charles uses the following hping command to sen [Show More]

Last updated: 2 years ago

Preview 1 out of 35 pages