1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?
Vulnerability Scan
2. Which three (3) forms of discovery can be conducted offline?
Shoulder Surfing
Social Engineering
Dumpster Diving
3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?
Active
4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.
False
5. What level of access is ideal for a penetration tester to achieve in order to exploit a system?
Admin/Root
6. Which of the following is NOT a common type of vulnerability?
Phishing
7. Which portion of the pentest report gives a step by step account of how and why each exploit was conducted?
Technical Review
8. Which tool lets you log network traffic and analyze it?
Wireshark
9. Which software serves as toolbox, providing access to hundreds of other tools and resources?
Kali Linux
10. Which tool is used primarily for password cracking?
John the Ripper
11. Which of the following is NOT a phase of a penetration test?
Reviewing
12. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?
Reporting
13. Which portion of the pentest report gives a high level detail of how the test went and what goals were accomplished?
Executive Summary
14. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system?
Discovery
15. What method of gathering information can be used to get information about a website that is not readily available?
Google Dorking
16. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?
General Data Protection Regulation (GDPR)
Health Insurance Portability and Accountability Act (HIPPA)
17. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?
Brute Force
18. What document would protect the privacy of your client and their customers?
Non Disclosure Agreement (NDA)
19. Gaining access to a system can occur in which two phases?
Discovery and Attack
20. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?
Black Box
21. Which three (3) of the following are phases of an incident response?
Containment, Eradication & Recovery
Preparation
Detection & Analysis
22. Which statement is true about an event?
An event may be totally benign, like receiving an email.
23. True or False: A robust automated incident response system should be able to detect and prevent loss from all incidents.
False
24. Which three (3) are common Incident Response Team models?
Distributed
Central
Coordinating
25. A good automated Incident Response system should be able to detect which three (3) of these common attack vectors?
An unauthorized removable drive being attached to the network.
A brute force hacking attack.
An email phishing attack.
26. Which three (3) of the following are components of an Incident Response Policy?
Means, tools and resources available.
IR Policy testing responsibility.
Identity of IR team members.
27. Contact information, Smart phones, and Secure storage facilities all belong to which Incident Response resource category?
Incident Handler Communications and Facilities.
28. Which three (3) of the following would be considered an incident detection precursor?
An announced threat against your organization from an activist group.
Detecting the use of a vulnerability scanner
A vendor notice of a vulnerability to a product you own.
29. Which type of monitoring system detects anomalous network traffic but typically does not take action beyond sending an alert to an administrator?
IDS
30. True or False: The Incident Response team should keep their documentation as concise as possible so only the most important facts take up the attention of the team leadership.
False
31. What is the proper classification for a data breach that resulted in the exposure of sensitive personally identifiable information (PII)?
Privacy Breach
32. What is the proper classification for the recovery effort from a breach if you can estimate the total effort required but it will require bringing in additional resources?
Supplemented
33. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Potential damange to and theft of resources, Need for evidence preservation, and Service availability?
Containment
34. Which Post Incident activity would include ascertaining exactly what happened and at what times?
Lessons learned meeting
35. Select the missing phase of Incident Response: Preparation, _____, Containment, Eradication & Recovery, Post Incident Activity.
Detection and Analysis
36. Which statement is true about an incident?
An incident is an event that negatively affects IT systems.
37. True or False: A Coordinating Incidents Response Team provides advice and guidance to the Distributed IR teams in each department, but generally does not have specific authority over those teams.
True
38. Which Incident Response Team model describes a team that has authority over all aspects of IR within the entire organization?
Central
39. In what way will having a set of predefined baseline questions will help you in the event of an incident?
Coordinate with all the teams and the media
40. Incident Response team resources can be divided into which three (3) of the following categories?
Incident Analysis Resources
Incident Analysis Hardware and Software
Incident Handler Communications and Facilities
41. Port lists, Documentation, and Cryptographic hashes all belong to which Incident Response resource category?
Incident Analysis Resources
42. Which three (3) of the following would be considered an incident detection indicator?
An application log showing numerous failed login attempts from an unknown remote system.
A significant deviation from typical network traffic flow patterns.
The discovery of a file containing unusual characters by a system administrator.
43. Which type of monitoring system analyzes logs and events in real time?
SIEM
44. True or False: Highly detailed and thorough documentation is needed to support the analysis of current and future incidents.
True
45. What is the proper classification for a breach that results in sensitive or proprietary information being changed or deleted.
Integrity Loss
46. What is the proper classification for the recovery effort from a breach if sensitive data was stolen and posted on a public web site?
Not Recoverable
47. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Eliminate components of the incident, Disable compromised accounts, and Identify and mitigate vulnerabilities?
Eradication
48. Which Post Incident activity would include reviewing response times, which systems were impacted and other metrics associated with the incident?
Utilizing collected data
49. Digital forensics can be defined as the application of science to the identification, collection, examination, and analysis of what?
Data
50. According to NIST, the four (4) steps of the forensic process include which? (Select 4)
Analysis
Collection
Examination
Reporting
51. According to NIST, a forensic analysis should include four elements, Places, Items, Events and what?
People
52. True or False. Digital forensics report must contain details of every test conducted, the methods and tools used, and the results.
True
53. Which section of a digital forensics report would contain a list of the steps you have taken to insure the integrity of the evidence?
Forensic Acquisition & Examination Preparation
54. Network activity, Application usage, Logs and Keystroke monitoring are all sources of what?
Data
55. What are the three (3) main hurdles that must be overcome when examining data? (Select 3)
Selecting the most effective tools to help with the searching and filtering of data.
Dealing with a sea of data. A single hard drive will contains many thousands of files that are not relevant to our investigation.
Bypassing controls such as operating system and encryption passwords.
56. True of False. Only data files can be effectively analyzed during a forensic analysis.
False
57. Most data files are smaller than the number of blocks allocated to their storage by the file system, the unused spaces is known as what?
Slack space
58. What does file metadata known as “MAC” data stand for in the context of a forensic analysis?
Modification, Access and Creation times
59. Open files are considered which data type?
Volatile
60. True or False. When collecting forensic data from a running system, you should always attempt to collect volatile data first.
True
61. Which operating system has a “Target Disk Mode” that allows a forensic investigator to easily make a copy of the target hard drive?
Mac OS X
62. Which three (3) of the following are application components? (Select 3)
Configuration settings
Log files
Supporting files
63. Which of these applications would likely be of the most interest in a forensic analysis?
64. What useful foresnsic data can be extracted from the Application layer of the TCP/IP protocol stack?
HTTP addresses
65. Which device would you inspect if you were looking for failed attempts to penetrate your company’s network?
Firewall
66. Digital forensics is commonly applied to which of the following activities?
All of the above
67. NIST includes which three (3) as steps in collecting data? (Select 3)
Acquire the data
Verify the integrity of the data
Develop a plan to aquire the data
68. What is the primary purpose of maintaining a chain of custody?
To avoid allegations of mishandling or tampering of evidence.
69. True or False. Digital forensics had been used to solve a number of high-profile violent crimes.
True
70. True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.
False
71. Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?
Findings & Analysis
72. Which types of files are appropriate subjects for forensic analysis?
All of the above
73. Deleting a file results in what action by most operating systems?
The memory registers used by the file are marked as available for new storage but are otherwise not changed.
74. Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?
A logical backup
75. How does a forensic analysis use hash sets acquired from NIST’s Software Reference Library project?
They can quickly eliminate known good operating system and application files from consideration.
76. Which three (3) of the following data types are considered non-volatile? (Select 3)
Dump files
Swap files
Logs
77. Configuration files are considered which data type?
Non-volatile
78. True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.
False
79. Which three (3) of the following are application components? (Select 3)
Data files
Authentication mechanisms
Application architecture
80. Which of these applications would likely be of the least interest in a forensic analysis?
Patch files
81. The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)
IPv4 / IPv6
ICMP
82. Which device would you inspect if you were looking for event data correlated across a number of different network devices?
Remote access server
83. Which of these sources might require a court order in order to obtain the data for forensic analysis?
ISP records
84. Which organization is credited with creating the first scripting language?
IBM Corporation
85. Which concept of a scripting language helps with repetitive tasks?
Loops
86. Which three (3) of the following are scripting language? (Select 3)
PowerShell
JavaScript
JCL
87. True or False. JavaScript greatly improved the functionality of webpages.
True
88. Which Scripting language uses 1s and 0s in a two symbol system?
Binary
89. Python can be best described as what?
A high-level scripting language.
90. True or False. Extensive free resources are available on the web to make it relatively easy to learn Python.
True
91. Indentations are used in Python code for which reason?
To define a block of code and are required.
92. What file type is commonly used to store Python code?
Py
93. What is the data type of the variable pi?
Int
94. True or False. A tuple in Python is similar to a list but it is an immutable data type so its values cannot be changed after they are first set.
True
95. How many times will a while loop execute in Python?
As long as the specified condition is true.
96. True or False. Python functions must be purchased or downloaded in libraries from Python development companies. You must have Python SDK in order to develop your own functions.
False
97. Which two (2) of these Python libraries provides useful scientific computing functions? (Select 2)
Pandas
NumPy
98. What was considered to be the first scripting language?
JCL
99. Which concept of a scripting language is a memory address paired with a symbolic name (or identifier) which contains a value?
Variables
100. Which three (3) of the following are scripting languages? (Select 3)
Perl
Hex
Bash
101. Which Scripting language is a task automation and configuration management framework from Microsoft?
PowerShell
102. Which is an example of how scripts are commonly used today?
Task automation
103. What scripting concept is widely used across different languages to process a set of instructions over and over again until a specified condition is met?
Loops
104. Bash is a scripting language developed for use with which operating system?
UNIX
105. Which Python command would print out “Hello World”?
print(“Hello World”)
106. Why does Python often takes fewer lines of code to accomplish a task than C or Java?
Python can utilize extensive function libraries.
107. How many spaces must be used to indent a block of code in Python?
Any number 1 or more as long as the same indentation is used within a code block.
108. What will Python do when it encounters the hash character “#”?
Treat everything to the right of the hash on the current line as a comment.
109. What will be printed by this Python code block?
pi=3.14159
pi=int(pi)
print(pi)
3
110. How many times will the following Python for loop be executed assuming UNMembers is a list of the 193 members of the United Nations General Assembly?
for country in UNMembers: print(country)
193
111. What is one good reason to write your own function in Python?
There is no library function already written that will do what you need.
112. Which two (2) of these Python libraries provide useful graphics and visualization functions? (Select 2)
Seaborn
Matplotlib
Other Links:
See other websites for quiz:
Check on QUIZLET