TEST BANK
COMPTIA PENTEST+ GUIDE TO PENETRATION TESTING
1ST EDITION, ROB WILSON
1. INTRODUCTION TO PENETRATION TESTING.
1. A flaw in software, hardware, or procedures is known as what?
a. A vulnerability
b. An exploit
c. An attack
d. A mistake
ANSWER: a
RATIONALE: A vulnerability is a flaw in the software, hardware, or procedures that if exploited,
can cause undesired operations, or can be used to circumvent security controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
2. The National Institute of Standards and Technology (NIST) provides Special Publications to assist IT
personnel and companies in establishing procedures that govern information systems. Which Special
Publication (SP) is the technical guide to information systems testing and assessment?
a. SP 800-53
b. SP 800-100
c. SP 800-128
d. SP 800-115
ANSWER: d
RATIONALE: The SP 800-115 is the Technical Guide to Information Security Testing and
Assessment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
,ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
3. How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Quarterly
b. Monthly
c. Annually
d. Semi-annually
ANSWER: d
RATIONALE: Under the PCI DSS Requirement 11.3, segmentation controls should be tested
semi-annually, or when changes are made to those controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
4. The CIA triad includes all the following except?
a. Confidentiality
b. Availability
c. Intelligence
d. Integrity
ANSWER: c
RATIONALE: Confidentiality, integrity, and availability are the known concepts of the CIA
triad.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
,5. The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The tool that will be used against the network
d. The insurance policy and amounts of coverage
ANSWER: a
RATIONALE: The ROE will include the systems that are in scope, how to handle sensitive data
if found, and who will receive the final report from the test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Remember/Understand
6. At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: b
RATIONALE: Nmap and OpenVAS are scanning utilities used to identify open ports and
vulnerabilities of the network and are used in the information gathering and
vulnerability scanning phase of pen-testing.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
7. Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like John the
Ripper are utilized at what stage of the penetration testing process?
, a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: c
RATIONALE: Password cracking utilities are used during the attacking and exploiting phase of
the penetration test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
8. Disclosure of sensitive data and making it available to unauthorized entities can bring undesired publicity and
liability to a company. Disclosure attempts to destroy which property of the CIA triad?
a. Confidentiality
b. Integrity
c. Availability
d. Intelligence
ANSWER: a
RATIONALE: Disclosure of sensitive data destroys the confidentiality of the data because it is
not a secret anymore.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.2 - Describe the CIA and DAD triads.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
COMPTIA PENTEST+ GUIDE TO PENETRATION TESTING
1ST EDITION, ROB WILSON
1. INTRODUCTION TO PENETRATION TESTING.
1. A flaw in software, hardware, or procedures is known as what?
a. A vulnerability
b. An exploit
c. An attack
d. A mistake
ANSWER: a
RATIONALE: A vulnerability is a flaw in the software, hardware, or procedures that if exploited,
can cause undesired operations, or can be used to circumvent security controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
2. The National Institute of Standards and Technology (NIST) provides Special Publications to assist IT
personnel and companies in establishing procedures that govern information systems. Which Special
Publication (SP) is the technical guide to information systems testing and assessment?
a. SP 800-53
b. SP 800-100
c. SP 800-128
d. SP 800-115
ANSWER: d
RATIONALE: The SP 800-115 is the Technical Guide to Information Security Testing and
Assessment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
,ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
3. How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Quarterly
b. Monthly
c. Annually
d. Semi-annually
ANSWER: d
RATIONALE: Under the PCI DSS Requirement 11.3, segmentation controls should be tested
semi-annually, or when changes are made to those controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
4. The CIA triad includes all the following except?
a. Confidentiality
b. Availability
c. Intelligence
d. Integrity
ANSWER: c
RATIONALE: Confidentiality, integrity, and availability are the known concepts of the CIA
triad.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
,5. The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The tool that will be used against the network
d. The insurance policy and amounts of coverage
ANSWER: a
RATIONALE: The ROE will include the systems that are in scope, how to handle sensitive data
if found, and who will receive the final report from the test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Remember/Understand
6. At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: b
RATIONALE: Nmap and OpenVAS are scanning utilities used to identify open ports and
vulnerabilities of the network and are used in the information gathering and
vulnerability scanning phase of pen-testing.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
7. Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like John the
Ripper are utilized at what stage of the penetration testing process?
, a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: c
RATIONALE: Password cracking utilities are used during the attacking and exploiting phase of
the penetration test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
8. Disclosure of sensitive data and making it available to unauthorized entities can bring undesired publicity and
liability to a company. Disclosure attempts to destroy which property of the CIA triad?
a. Confidentiality
b. Integrity
c. Availability
d. Intelligence
ANSWER: a
RATIONALE: Disclosure of sensitive data destroys the confidentiality of the data because it is
not a secret anymore.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.2 - Describe the CIA and DAD triads.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
