CpS 391 Quiz (all answered)

What is the primary goal of penetration testing? correct answers Attempt to uncover deep vulnerabilities and then manually exploit them There is often confusion between vulnerability scanning and penetration testing. What is the best explanation of the difference between vulnerability scanning and penetration testing? correct answers Vulnerability scanning is performed using an automated tool to scan a network for known vulnerability signatures. Penetration testing involves attempting to manually uncover deep vulnerabilities just as a threat actor would, and then exploiting them. Khalid joins a security team where he is assigned an SOC developer role and has to build different teams under SOC. Which of the following teams should he build to deal with providing real-time feedback related to security incidents and threat detections, which can then be utilized to facilitate better prioritization of threats and a mature way of detecting threats? correct answers Purple team Kile is assigned a role as a grey box penetration tester in the financial sector. He has to conduct a pen testing attack on all the application servers in the network. Which of the following tasks should he perform first while conducting a penetration testing attack on a network? correct answers Footprinting Which of the following tools can be used to scan 16 IP addresses for vulnerabilities? correct answers Nessus Essentials Which of the following penetration testing consultants have limited knowledge of the network and some elevated privileges? correct answers Gray box Which of the following is the most efficient means of discovering wireless signals? correct answers War flying Which of the following techniques is a method of passive reconnaissance? correct answers Open Source Intelligence (OSINT) What is the primary difference between credentialed and non-credentialed scans? correct answers Credentialed scans use valid authentication credentials to mimic threat actors, while non-credentialed scans do not provide authentication credentials. Alice, a vulnerability assessment engineer at a bank, is told to find all the vulnerabilities on an internet-facing web application server running on port HTTPS. When she finishes the vulnerability scan, she finds several different vulnerabilities at different levels. How should she proceed? correct answers Look at the priority and the accuracy of the vulnerability Which of the following is a characteristic of a vulnerability scan that is not a characteristic of a penetration test? correct answers A vulnerability scan is usually automated.