[CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
**Question 1. Which component of the CIA triad is most directly targeted when an attacker
exfiltrates proprietary source code from a server?**
A) Confidentiality
B) Integrity
C) Availability
D) Authentication
Answer: A
Explanation: Exfiltrating data compromises the confidentiality of the information, revealing it to
unauthorized parties.
**Question 2. In the context of ethical hacking, what does the term “white hat” refer to?**
A) A hacker who sells exploits on the dark web
B) A security professional who tests systems with permission
C) An attacker who only targets government agencies
D) A hacker who uses only social engineering techniques
Answer: B
Explanation: White‑hat hackers are authorized security professionals who perform penetration
testing under a legal agreement.
**Question 3. Which phase of the penetration testing lifecycle involves creating a detailed
document that includes remediation recommendations?**
A) Reconnaissance
B) Exploitation
C) Post‑Exploitation
D) Reporting
Answer: D
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
Explanation: The reporting phase is where findings are compiled, explained, and mitigation
steps are suggested.
**Question 4. Under the Computer Fraud and Abuse Act (CFAA), which of the following actions
is explicitly prohibited?**
A) Scanning a network without a written contract
B) Using a password manager to store credentials
C) Performing a penetration test after obtaining verbal consent
D) Conducting a vulnerability assessment on your own system
Answer: A
Explanation: The CFAA makes it illegal to access a computer without authorization, which
includes unauthenticated scanning.
**Question 5. What is the primary purpose of a “Rules of Engagement” (RoE) document in a
penetration test?**
A) To list all discovered vulnerabilities
B) To define the scope, limitations, and acceptable actions for the test
C) To provide a step‑by‑step exploitation guide
D) To outline the pricing model for the service
Answer: B
Explanation: RoE sets the boundaries, targets, and permissible techniques for the engagement.
**Question 6. Which OSINT technique is most useful for discovering subdomains of a target
domain?**
A) WHOIS lookup
B) Google dorking with “site:example.com”
C) Reverse DNS lookup on IP addresses
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
D) Shodan search for open ports
Answer: B
Explanation: Google dorking with “site:example.com” can reveal indexed subdomains.
**Question 7. Which DNS query type is used to attempt a zone transfer?**
A) A
B) MX
C) AXFR
D) TXT
Answer: C
Explanation: AXFR requests a full zone transfer, which can expose all DNS records if allowed.
**Question 8. In Nmap, which scan type is considered “stealthy” because it does not complete
the TCP three‑way handshake?**
A) TCP Connect scan (-sT)
B) SYN scan (-sS)
C) UDP scan (-sU)
D) ACK scan (-sA)
Answer: B
Explanation: The SYN scan sends only SYN packets and analyses responses, avoiding a full
handshake.
**Question 9. When using Nessus, which of the following is NOT a typical output format?**
A) HTML report
B) PDF summary
C) JSON feed
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
D) Executable binary
Answer: D
Explanation: Nessus generates reports in formats like HTML, PDF, or JSON, but never as an
executable.
**Question 10. Banner grabbing is primarily used to determine what?**
A) The physical location of a server
B) The operating system and service versions running on a host
C) The encryption keys used by a VPN
D) The number of users logged in
Answer: B
Explanation: By connecting to a service and reading its banner, attackers can infer OS and
version information.
**Question 11. Which layer of the OSI model is responsible for routing packets between
different networks?**
A) Data Link
B) Network
C) Transport
D) Session
Answer: B
Explanation: The Network layer (Layer 3) handles logical addressing and routing.
**Question 12. In a TCP three‑way handshake, which flag combination is sent by the client in
the final packet?**
A) SYN
B) SYN‑ACK
Associate CCPA Certification Review Guide
**Question 1. Which component of the CIA triad is most directly targeted when an attacker
exfiltrates proprietary source code from a server?**
A) Confidentiality
B) Integrity
C) Availability
D) Authentication
Answer: A
Explanation: Exfiltrating data compromises the confidentiality of the information, revealing it to
unauthorized parties.
**Question 2. In the context of ethical hacking, what does the term “white hat” refer to?**
A) A hacker who sells exploits on the dark web
B) A security professional who tests systems with permission
C) An attacker who only targets government agencies
D) A hacker who uses only social engineering techniques
Answer: B
Explanation: White‑hat hackers are authorized security professionals who perform penetration
testing under a legal agreement.
**Question 3. Which phase of the penetration testing lifecycle involves creating a detailed
document that includes remediation recommendations?**
A) Reconnaissance
B) Exploitation
C) Post‑Exploitation
D) Reporting
Answer: D
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
Explanation: The reporting phase is where findings are compiled, explained, and mitigation
steps are suggested.
**Question 4. Under the Computer Fraud and Abuse Act (CFAA), which of the following actions
is explicitly prohibited?**
A) Scanning a network without a written contract
B) Using a password manager to store credentials
C) Performing a penetration test after obtaining verbal consent
D) Conducting a vulnerability assessment on your own system
Answer: A
Explanation: The CFAA makes it illegal to access a computer without authorization, which
includes unauthenticated scanning.
**Question 5. What is the primary purpose of a “Rules of Engagement” (RoE) document in a
penetration test?**
A) To list all discovered vulnerabilities
B) To define the scope, limitations, and acceptable actions for the test
C) To provide a step‑by‑step exploitation guide
D) To outline the pricing model for the service
Answer: B
Explanation: RoE sets the boundaries, targets, and permissible techniques for the engagement.
**Question 6. Which OSINT technique is most useful for discovering subdomains of a target
domain?**
A) WHOIS lookup
B) Google dorking with “site:example.com”
C) Reverse DNS lookup on IP addresses
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
D) Shodan search for open ports
Answer: B
Explanation: Google dorking with “site:example.com” can reveal indexed subdomains.
**Question 7. Which DNS query type is used to attempt a zone transfer?**
A) A
B) MX
C) AXFR
D) TXT
Answer: C
Explanation: AXFR requests a full zone transfer, which can expose all DNS records if allowed.
**Question 8. In Nmap, which scan type is considered “stealthy” because it does not complete
the TCP three‑way handshake?**
A) TCP Connect scan (-sT)
B) SYN scan (-sS)
C) UDP scan (-sU)
D) ACK scan (-sA)
Answer: B
Explanation: The SYN scan sends only SYN packets and analyses responses, avoiding a full
handshake.
**Question 9. When using Nessus, which of the following is NOT a typical output format?**
A) HTML report
B) PDF summary
C) JSON feed
, [CCPA] Hacking 101 Check Point Certified PenTesting
Associate CCPA Certification Review Guide
D) Executable binary
Answer: D
Explanation: Nessus generates reports in formats like HTML, PDF, or JSON, but never as an
executable.
**Question 10. Banner grabbing is primarily used to determine what?**
A) The physical location of a server
B) The operating system and service versions running on a host
C) The encryption keys used by a VPN
D) The number of users logged in
Answer: B
Explanation: By connecting to a service and reading its banner, attackers can infer OS and
version information.
**Question 11. Which layer of the OSI model is responsible for routing packets between
different networks?**
A) Data Link
B) Network
C) Transport
D) Session
Answer: B
Explanation: The Network layer (Layer 3) handles logical addressing and routing.
**Question 12. In a TCP three‑way handshake, which flag combination is sent by the client in
the final packet?**
A) SYN
B) SYN‑ACK
