PenTest+ Test Questions & Answers
Mika runs the following Nmap scan:
Nmap -sU -sT -p 1-65535 example.com
What information will she receive? - ✔✔Vulnerability scanner. UDP scan. TCP connect/full
connect scan, meaning
...
PenTest+ Test Questions & Answers
Mika runs the following Nmap scan:
Nmap -sU -sT -p 1-65535 example.com
What information will she receive? - ✔✔Vulnerability scanner. UDP scan. TCP connect/full
connect scan, meaning the user can't create raw packets for a SYN scan or is scanning an IPv6
network. Results for ports 1-65535.
What technique is being used in the following command:
Host -t axfr domain.com dns1.domain.com - ✔✔Zone Transfer. The axfr flag indicates a zone
transfer in both dig and host utilities.
After running an Nmap scan of a system, Lauren discovers that TCP ports 139, 443, and 3389
are open. What operating system is she most likely to discover running on the system? -
✔✔Windows. Port 3389 is Remote Desktop Protocol (RDP).
Charles runs an Nmap scan using the following command:
Nmap -sT -sV -T2 -p 1-65535 example.com
After watching the scan run for over two hours, he realizes that he needs to optimize the scan
.Which of the following is not a useful way to speed up his scan? - ✔✔Only scanning via UDP
will not miss any TCP connections. Setting the scan to faster timing (3 or faster), changing from
a TCP connect scan to a TCP SYN scan, or limiting the number of ports tested are all valid ways
to speed up a scan.
Karen identifies TCP port 8080 and 8443 open on a remote system during a port scan. What tool
is her best option to manually validate the services running on these ports? - ✔✔A web browser.
Many system administrators move services from their common service ports to alternate ports
and 808 and 8443 are likely alternate HTTP (TCP 80) and HTTPS (TCP 443) server ports, and
she will use a web browser to connect to those ports to check them.
Angela recovered a PNG image during the early intelligence-gathering phase of a penetration
test and wants to examine it for useful metadata. What tool could she most successfully use to do
this? - ✔✔Exiftool is designed to pull metadata from images and other files.
Duran an Nmap scan, Casey uses the -o flag. The scan identifies the host as follows:
Running Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33
What can she determine from this information? - ✔✔OS identification in Nmap is based on a
variety of response attributes. In this case, Nmap's best guess is that the remote host is running a
Linux 2.6.9-2.6.33 kernel, but it cannot be more specific.
What is the full range of ports that a UDP service can run on? - ✔✔1-65,535
Steve is working from an unprivileged user account that was obtained as part of a penetration
test. He has discovered that the host he is on has Nmap installed and wants to scan other hosts in
his subnet to identify potential targets as part of a pivot attempt. What Nmap flag is he likely to
have to use to successfully scan hosts from this account? - ✔✔-sT the TCP connect scan is often
used when an un-privileged account is the tester's only option.
Which of the following tools provides information about a domain's registrar and physical
location? - ✔✔Whois provides information that can include the organiztion's physical address,
registrar, contact information, and other details.
Chris runs an Nmap scan of 10.10.0.0/16 network that his employer uses as an internal network
range for the entire organization. If he uses the -T0 flag, what issue is he likely to encounter? -
✔✔The -T flag in Nmap is used to set scan timing. Timing setting range from 0 (paranoid) to 5
(insane). By default, it operates at 3, or normal. With timing set to a very slow speed, Chris will
run his scan for a very, very long time on a /16 network.
Which of the following Nmap output formats is unlikely to be useful for a penetration tester? -
✔✔The Script Kiddie output format that Nmap supports is entirely for fun-you should never
have a practical need to use the -os flag for an actual penetration test.
During an early phase of his penetration test, Mike recovers a binary executable file he wants to
quickly analyze for useful information. Which of the following tools will quickly give him a
view of potentially useful information in the binary? - ✔✔The Strings command parses a file for
strings of text and outputs them. It is often useful for analyzing binary files, since you can
quickly check for useful information with a single quick command-line too.
Jack is conducting a penetration test for a customer in Japan. What NIC is he most likely to need
to check for information about his client's networks? - ✔✔APNIC (Asian Pacific Network
Interface Card)
Charles uses the following hping command to sen
[Show More]
