, TESTBANK for CompTIA PenTest+ Guide To
Penetration Testing, 1st Edition Rob S. Wilson
Notes
1- All Chapters are step by step.
2- We have shown you 10 pages.
3- The file contains all Appendix and Excel
sheet if it exists.
4- We have all what you need, we make
update at every time. There are many new
editions waiting you.
5- If you think you purchased the wrong file
You can contact us at every time, we can
replace it with true one.
Our email:
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
1. A flaw in software, hardware, or procedures is known as what?
a. A vulnerability
b. An exploit
c. An attack
d. A mistake
ANSWER: a
RATIONALE: A vulnerability is a flaw in the software, hardware, or procedures that if exploited,
can cause undesired operations, or can be used to circumvent security controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
2. The National Institute of Standards and Technology (NIST) provides Special Publications to assist IT
personnel and companies in establishing procedures that govern information systems. Which Special
Publication (SP) is the technical guide to information systems testing and assessment?
a. SP 800-53
b. SP 800-100
c. SP 800-128
d. SP 800-115
ANSWER: d
RATIONALE: The SP 800-115 is the Technical Guide to Information Security Testing and
Assessment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
DATE MODIFIED: 3/28/2023 5:31 PM
3. How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Quarterly
b. Monthly
c. Annually
d. Semi-annually
ANSWER: d
RATIONALE: Under the PCI DSS Requirement 11.3, segmentation controls should be tested
semi-annually, or when changes are made to those controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
4. The CIA triad includes all the following except?
a. Confidentiality
b. Availability
c. Intelligence
d. Integrity
ANSWER: c
RATIONALE: Confidentiality, integrity, and availability are the known concepts of the CIA
triad.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
5. The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The tool that will be used against the network
d. The insurance policy and amounts of coverage
ANSWER: a
RATIONALE: The ROE will include the systems that are in scope, how to handle sensitive data
if found, and who will receive the final report from the test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
6. At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: b
RATIONALE: Nmap and OpenVAS are scanning utilities used to identify open ports and
vulnerabilities of the network and are used in the information gathering and
vulnerability scanning phase of pen-testing.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
7. Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like John the
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
Ripper are utilized at what stage of the penetration testing process?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: c
RATIONALE: Password cracking utilities are used during the attacking and exploiting phase of
the penetration test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
8. Disclosure of sensitive data and making it available to unauthorized entities can bring undesired publicity and
liability to a company. Disclosure attempts to destroy which property of the CIA triad?
a. Confidentiality
b. Integrity
c. Availability
d. Intelligence
ANSWER: a
RATIONALE: Disclosure of sensitive data destroys the confidentiality of the data because it is
not a secret anymore.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.2 - Describe the CIA and DAD triads.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
9. The cyber kill chain is a seven-step process describing the normal process of cyber attacks. Which step is
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
described as "Intruder transmits weapon to target"?
a. Weaponization
b. Delivery
c. Exploitation
d. Installation
ANSWER: b
RATIONALE: Transmitting the weapon to the target is the main goal of the third step of the kill
chain, delivery.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.3 - Describe the ethical hacking mindset.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.5 The Cyber Kill Chain
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
10. The cyber kill chain describes the need for an intruder to maintain access to the target. This activity can be
ensured by installation of which of the following items?
a. Virus
b. Worm
c. Ransomware
d. Backdoor
ANSWER: d
RATIONALE: Installation of a backdoor in the installation phase allows the attacker to establish
command and control capabilities.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.3 - Describe the ethical hacking mindset.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.5 The Cyber Kill Chain
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
11. Adrian has just located a target during the scanning that is not within the scope of operations or approved in
the ROE. What should Adrian do next to scan the new target?
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Scan the target using Nessus to document existing vulnerabilities.
b. Document the new target in their report.
c. Seek permission from the client to include the new target in a revised ROE.
d. Scan the system for its MAC address and look the system up using ARP.
ANSWER: c
RATIONALE: The ROE between Adrian and the client needs to be modified to include the
target. If permission is not granted, Adrian should NOT scan the system.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
12. SpearTrax Inc. has decided to include their own IT department in the pen-testing preparation process. Which
color is the appropriate label for these personnel?
a. Red
b. White
c. Purple
d. Blue
ANSWER: d
RATIONALE: Blue Team will include members of the client's IT staff to prepare the network for
the pen-test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
13. Which tool would allow a pen-tester to sniff details from a wireless network, including the potential to crack
the network key?
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Recon-ng
b. BeEF
c. Netcat
d. Aircrack-ng
ANSWER: d
RATIONALE: Aircrack-ng is utilized to detect, sniff, and potentially crack wireless network
keys.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
14. Aurora is utilizing the OWASP ZAP application to gather information from a client's network. What sort of
information can Aurora expect to elicit via this application?
a. Communication streams between web applications and web browsers
b. System user account names and web application used by the account
c. Operating system version and service pack number
d. Firewall configuration settings for web access
ANSWER: a
RATIONALE: ZAP can be used to intercept communications between web applications and web
browsers.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
15. Novelie is working with Livia to monitor network traffic for the wireless network. Livia suggests using
tcpdump, but Novelie prefers a GUI interface for monitoring. Which tool would allow them to visually view the
live network traffic as it is captured?
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Reaver
b. Wireshark
c. Nessus
d. SCAP
ANSWER: b
RATIONALE: Wireshark provides a live capture GUI for monitoring networks.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
16. Jameson wants to test a new alarm system on the network by sending several invalid packets to the service
on port 4077. Which tool could Jameson use to manipulate the header information and allow them to monitor
the response of the service?
a. Scapy
b. Wireshark
c. tcpdump
d. hping3
ANSWER: d
RATIONALE: hping3 is used to craft packets and would allow a user to manipulate the header
information and allow the user to monitor the response.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
17. Jacinda has used a stealth scan in Nmap and has identified several open ports. She now wants to use
SQLMap and WPScan to identify any vulnerabilities with those ports. What is Jacinda trying to accomplish by
using these two applications?
Copyright Cengage Learning. Powered by Cognero. Page 8
Penetration Testing, 1st Edition Rob S. Wilson
Notes
1- All Chapters are step by step.
2- We have shown you 10 pages.
3- The file contains all Appendix and Excel
sheet if it exists.
4- We have all what you need, we make
update at every time. There are many new
editions waiting you.
5- If you think you purchased the wrong file
You can contact us at every time, we can
replace it with true one.
Our email:
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
1. A flaw in software, hardware, or procedures is known as what?
a. A vulnerability
b. An exploit
c. An attack
d. A mistake
ANSWER: a
RATIONALE: A vulnerability is a flaw in the software, hardware, or procedures that if exploited,
can cause undesired operations, or can be used to circumvent security controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
2. The National Institute of Standards and Technology (NIST) provides Special Publications to assist IT
personnel and companies in establishing procedures that govern information systems. Which Special
Publication (SP) is the technical guide to information systems testing and assessment?
a. SP 800-53
b. SP 800-100
c. SP 800-128
d. SP 800-115
ANSWER: d
RATIONALE: The SP 800-115 is the Technical Guide to Information Security Testing and
Assessment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
Copyright Cengage Learning. Powered by Cognero. Page 1
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
DATE MODIFIED: 3/28/2023 5:31 PM
3. How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Quarterly
b. Monthly
c. Annually
d. Semi-annually
ANSWER: d
RATIONALE: Under the PCI DSS Requirement 11.3, segmentation controls should be tested
semi-annually, or when changes are made to those controls.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.1 What, Why, When, How, and Who?
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
4. The CIA triad includes all the following except?
a. Confidentiality
b. Availability
c. Intelligence
d. Integrity
ANSWER: c
RATIONALE: Confidentiality, integrity, and availability are the known concepts of the CIA
triad.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
Copyright Cengage Learning. Powered by Cognero. Page 2
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
5. The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The tool that will be used against the network
d. The insurance policy and amounts of coverage
ANSWER: a
RATIONALE: The ROE will include the systems that are in scope, how to handle sensitive data
if found, and who will receive the final report from the test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
6. At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: b
RATIONALE: Nmap and OpenVAS are scanning utilities used to identify open ports and
vulnerabilities of the network and are used in the information gathering and
vulnerability scanning phase of pen-testing.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
7. Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like John the
Copyright Cengage Learning. Powered by Cognero. Page 3
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
Ripper are utilized at what stage of the penetration testing process?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Attacking and exploitation
d. Reporting and communicating results
ANSWER: c
RATIONALE: Password cracking utilities are used during the attacking and exploiting phase of
the penetration test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.4 The Pen-Test Process
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
8. Disclosure of sensitive data and making it available to unauthorized entities can bring undesired publicity and
liability to a company. Disclosure attempts to destroy which property of the CIA triad?
a. Confidentiality
b. Integrity
c. Availability
d. Intelligence
ANSWER: a
RATIONALE: Disclosure of sensitive data destroys the confidentiality of the data because it is
not a secret anymore.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.2 - Describe the CIA and DAD triads.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
9. The cyber kill chain is a seven-step process describing the normal process of cyber attacks. Which step is
Copyright Cengage Learning. Powered by Cognero. Page 4
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
described as "Intruder transmits weapon to target"?
a. Weaponization
b. Delivery
c. Exploitation
d. Installation
ANSWER: b
RATIONALE: Transmitting the weapon to the target is the main goal of the third step of the kill
chain, delivery.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.3 - Describe the ethical hacking mindset.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.5 The Cyber Kill Chain
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
10. The cyber kill chain describes the need for an intruder to maintain access to the target. This activity can be
ensured by installation of which of the following items?
a. Virus
b. Worm
c. Ransomware
d. Backdoor
ANSWER: d
RATIONALE: Installation of a backdoor in the installation phase allows the attacker to establish
command and control capabilities.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.3 - Describe the ethical hacking mindset.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.5 The Cyber Kill Chain
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
11. Adrian has just located a target during the scanning that is not within the scope of operations or approved in
the ROE. What should Adrian do next to scan the new target?
Copyright Cengage Learning. Powered by Cognero. Page 5
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Scan the target using Nessus to document existing vulnerabilities.
b. Document the new target in their report.
c. Seek permission from the client to include the new target in a revised ROE.
d. Scan the system for its MAC address and look the system up using ARP.
ANSWER: c
RATIONALE: The ROE between Adrian and the client needs to be modified to include the
target. If permission is not granted, Adrian should NOT scan the system.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
12. SpearTrax Inc. has decided to include their own IT department in the pen-testing preparation process. Which
color is the appropriate label for these personnel?
a. Red
b. White
c. Purple
d. Blue
ANSWER: d
RATIONALE: Blue Team will include members of the client's IT staff to prepare the network for
the pen-test.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.1 - Describe the penetration testing process and its phases,
activities, and team members.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.2 CIA, DAD, and the Hacker Mindset
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
13. Which tool would allow a pen-tester to sniff details from a wireless network, including the potential to crack
the network key?
Copyright Cengage Learning. Powered by Cognero. Page 6
,Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Recon-ng
b. BeEF
c. Netcat
d. Aircrack-ng
ANSWER: d
RATIONALE: Aircrack-ng is utilized to detect, sniff, and potentially crack wireless network
keys.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
14. Aurora is utilizing the OWASP ZAP application to gather information from a client's network. What sort of
information can Aurora expect to elicit via this application?
a. Communication streams between web applications and web browsers
b. System user account names and web application used by the account
c. Operating system version and service pack number
d. Firewall configuration settings for web access
ANSWER: a
RATIONALE: ZAP can be used to intercept communications between web applications and web
browsers.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
15. Novelie is working with Livia to monitor network traffic for the wireless network. Livia suggests using
tcpdump, but Novelie prefers a GUI interface for monitoring. Which tool would allow them to visually view the
live network traffic as it is captured?
Copyright Cengage Learning. Powered by Cognero. Page 7
, Name: Class: Date:
Mod 01 Introduction to Penetration Testing
a. Reaver
b. Wireshark
c. Nessus
d. SCAP
ANSWER: b
RATIONALE: Wireshark provides a live capture GUI for monitoring networks.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
16. Jameson wants to test a new alarm system on the network by sending several invalid packets to the service
on port 4077. Which tool could Jameson use to manipulate the header information and allow them to monitor
the response of the service?
a. Scapy
b. Wireshark
c. tcpdump
d. hping3
ANSWER: d
RATIONALE: hping3 is used to craft packets and would allow a user to manipulate the header
information and allow the user to monitor the response.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Wils.Pentest+1E.24.1.4 - Describe some of the tools used in penetration testing.
ACCREDITING STANDARDS: Wils.PTO-002.24.1.3 - Given a scenario, demonstrate an ethical hacking mindset by
maintaining professionalism and integrity.
TOPICS: 1.6 The Pen-Test Toolkit
KEYWORDS: Bloom's: Apply
DATE CREATED: 3/28/2023 5:31 PM
DATE MODIFIED: 3/28/2023 5:31 PM
17. Jacinda has used a stealth scan in Nmap and has identified several open ports. She now wants to use
SQLMap and WPScan to identify any vulnerabilities with those ports. What is Jacinda trying to accomplish by
using these two applications?
Copyright Cengage Learning. Powered by Cognero. Page 8
