CIS 213 Exam 1 || 100% Correct Answers.
A flaw in software, hardware, or procedures is known as what?
a. A mistake
b. A vulnerability
c. An attack
d. An exploit correct answers vulnerability
The National Institute of Standards and Technology (NIST) provides Special Publications to
assist IT personnel and companies in establishing procedures that govern information systems.
Which Special Publication (SP) is the technical guide to information systems testing and
assessment?
a. SP 800-53
b. SP 800-128
c. SP 800-100
d. SP 800-115 correct answers SP 800-115
How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Semi-annually
b. Quarterly
c. Monthly
d. Annually correct answers semi-annually
The CIA triad includes all the following except?
a. Confidentiality
b. Intelligence
c. Integrity
d. Availability correct answers intelligence
The ROE will specify which of the following during the scope process?
a. The insurance policy and amounts of coverage
b. The cost of the testing being performed
c. Who will receive the report after the test is complete
d. The tool that will be used against the network correct answers Who will receive the report
after the test is complete
At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Attacking and exploitation
b. Reporting and communicating results
c. Planning and scoping
d. Information gathering and vulnerability scanning correct answers Information gathering and
vulnerability scanning
Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like
John the Ripper are utilized at what stage of the penetration testing process?
a. Planning and scoping
,b. Attacking and exploitation
c. Information gathering and vulnerability scanning
d. Reporting and communicating results correct answers Attacking and exploitation
Disclosure of sensitive data and making it available to unauthorized entities can bring undesired
publicity and liability to a company. Disclosure attempts to destroy which property of the CIA
triad?
a. Availability
b. Intelligence
c. Integrity
d. Confidentiality correct answers Confidentiality
The cyber kill chain is a seven-step process describing the normal process of cyber attacks.
Which step is described as "Intruder transmits weapon to target"?
a. Delivery
b. Exploitation
c. Weaponization
d. Installation correct answers delivery
The cyber kill chain describes the need for an intruder to maintain access to the target. This
activity can be ensured by installation of which of the following items?
a. Virus
b. Backdoor
c. Ransomware
d. Worm correct answers backdoor
Adrian has just located a target during the scanning that is not within the scope of operations or
approved in the ROE. What should Adrian do next to scan the new target?
a. Scan the target using Nessus to document existing vulnerabilities.
b. Seek permission from the client to include the new target in a revised ROE.
c. Document the new target in their report.
d. Scan the system for its MAC address and look the system up using ARP. correct answers Seek
permission from the client to include the new target in a revised ROE.
SpearTrax Inc. has decided to include their own IT department in the pen-testing preparation
process. Which color is the appropriate label for these personnel?
a. Blue
b. Purple
c. White
d. Red correct answers blue
Which tool would allow a pen-tester to sniff details from a wireless network, including the
potential to crack the network key?
a. Netcat
b. Recon-ng
c. Aircrack-ng
,d. BeEF correct answers Aircrack-ng
Aurora is utilizing the OWASP ZAP application to gather information from a client's network.
What sort of information can Aurora expect to elicit via this application?
a. Firewall configuration settings for web access
b. Operating system version and service pack number
c. System user account names and web application used by the account
d. Communication streams between web applications and web browsers correct answers
Communication streams between web applications and web browsers
Novelie is working with Livia to monitor network traffic for the wireless network. Livia suggests
using tcpdump, but Novelie prefers a GUI interface for monitoring. Which tool would allow
them to visually view the live network traffic as it is captured?
a. Nessus
b. Wireshark
c. SCAP
d. Reaver correct answers Wireshark
Jameson wants to test a new alarm system on the network by sending several invalid packets to
the service on port 4077. Which tool could Jameson use to manipulate the header information
and allow them to monitor the response of the service?
a. Scapy
b. hping3
c. Wireshark
d. tcpdump correct answers hping3
Jacinda has used a stealth scan in Nmap and has identified several open ports. She now wants to
use SQLMap and WPScan to identify any vulnerabilities with those ports. What is Jacinda trying
to accomplish by using these two applications?
a. Uncover data in the server that could be fraudulent
b. Uncover evidence using digital forensics tools
c. Limit the company's exposure to attack
d. Increase the confidentiality of the data being transmitted correct answers Limit the company's
exposure to attack
Robyn has identified several Bluetooth devices that are attempting to connect to the point-of-sale
system. Which of the following tools would Robyn best employ to simulate an attack on the
point-of-sale system?
a. Spooftooph
b. Reaver
c. Fern
d. Kismet correct answers Spooftooph
Alessandra has been hired by Cyberdyne to investigate a possible data breach on a Linux cloud
server. Alessandra is unsure of which provider the company uses, but wants to be best prepared
to audit the services when approved. Which tool would be best utilized for this purpose?
, a. Pacu
b. Censys
c. Cloud Janitor
d. Scout Suite correct answers Scout Suite
Octavious was hired to complete a vulnerability assessment of a web server. He completed his
vulnerability scan of Web Enterprises and has identified a serious and critical vulnerability on
the server. A published exploit is available. What should Octavious do next?
a. Scan the remaining servers to ensure they are vulnerable also
b. Attempt to use the exploit on the system to verify the vulnerability
c. Document and report the vulnerability to Web Enterprises
d. Research the vulnerability and correct the vulnerability if a solution exists correct answers
Document and report the vulnerability to Web Enterprises
During which stage of the pen-test process does an individual perform active and passive
reconnaissance of the target?
a. Reporting and communicating results
b. Planning and scoping
c. Information gathering and vulnerability scanning
d. Attacking and exploiting
Hide Feedback correct answers information gathering and vulnerability scanning
During which stage of the pen-test process does the cleanup of the targeted systems and network
occur?
a. Attacking and exploiting
b. Planning and scoping
c. Reporting and communicating results
d. Information gathering and vulnerability scanning correct answers Reporting and
communicating results
The cyber kill chain from Lockheed Martin includes seven stages. Malware has been planted on
the network and is now infecting the company assets. Which stage number does this installation
occur in?
a. Stage 3
b. Stage 4
c. Stage 5
d. Stage 2 correct answers stage 5
Disrupting communications of company data to an attacker is a defensive action that could be
used to decrease the amount of damage caused by an attack. By doing so, which portion of the
CIA triad is the company trying to protect most?
a. Intrusion
b. Availability
c. Confidentiality
d. Integrity correct answers confidentiality
A flaw in software, hardware, or procedures is known as what?
a. A mistake
b. A vulnerability
c. An attack
d. An exploit correct answers vulnerability
The National Institute of Standards and Technology (NIST) provides Special Publications to
assist IT personnel and companies in establishing procedures that govern information systems.
Which Special Publication (SP) is the technical guide to information systems testing and
assessment?
a. SP 800-53
b. SP 800-128
c. SP 800-100
d. SP 800-115 correct answers SP 800-115
How often should penetration tests be performed for segmentation controls under the PCI DSS?
a. Semi-annually
b. Quarterly
c. Monthly
d. Annually correct answers semi-annually
The CIA triad includes all the following except?
a. Confidentiality
b. Intelligence
c. Integrity
d. Availability correct answers intelligence
The ROE will specify which of the following during the scope process?
a. The insurance policy and amounts of coverage
b. The cost of the testing being performed
c. Who will receive the report after the test is complete
d. The tool that will be used against the network correct answers Who will receive the report
after the test is complete
At what stage of the pen-test process would Evan utilize programs such as Nmap and OpenVas?
a. Attacking and exploitation
b. Reporting and communicating results
c. Planning and scoping
d. Information gathering and vulnerability scanning correct answers Information gathering and
vulnerability scanning
Virgil has just utilized John the Ripper to crack passwords from the client's network. Tools like
John the Ripper are utilized at what stage of the penetration testing process?
a. Planning and scoping
,b. Attacking and exploitation
c. Information gathering and vulnerability scanning
d. Reporting and communicating results correct answers Attacking and exploitation
Disclosure of sensitive data and making it available to unauthorized entities can bring undesired
publicity and liability to a company. Disclosure attempts to destroy which property of the CIA
triad?
a. Availability
b. Intelligence
c. Integrity
d. Confidentiality correct answers Confidentiality
The cyber kill chain is a seven-step process describing the normal process of cyber attacks.
Which step is described as "Intruder transmits weapon to target"?
a. Delivery
b. Exploitation
c. Weaponization
d. Installation correct answers delivery
The cyber kill chain describes the need for an intruder to maintain access to the target. This
activity can be ensured by installation of which of the following items?
a. Virus
b. Backdoor
c. Ransomware
d. Worm correct answers backdoor
Adrian has just located a target during the scanning that is not within the scope of operations or
approved in the ROE. What should Adrian do next to scan the new target?
a. Scan the target using Nessus to document existing vulnerabilities.
b. Seek permission from the client to include the new target in a revised ROE.
c. Document the new target in their report.
d. Scan the system for its MAC address and look the system up using ARP. correct answers Seek
permission from the client to include the new target in a revised ROE.
SpearTrax Inc. has decided to include their own IT department in the pen-testing preparation
process. Which color is the appropriate label for these personnel?
a. Blue
b. Purple
c. White
d. Red correct answers blue
Which tool would allow a pen-tester to sniff details from a wireless network, including the
potential to crack the network key?
a. Netcat
b. Recon-ng
c. Aircrack-ng
,d. BeEF correct answers Aircrack-ng
Aurora is utilizing the OWASP ZAP application to gather information from a client's network.
What sort of information can Aurora expect to elicit via this application?
a. Firewall configuration settings for web access
b. Operating system version and service pack number
c. System user account names and web application used by the account
d. Communication streams between web applications and web browsers correct answers
Communication streams between web applications and web browsers
Novelie is working with Livia to monitor network traffic for the wireless network. Livia suggests
using tcpdump, but Novelie prefers a GUI interface for monitoring. Which tool would allow
them to visually view the live network traffic as it is captured?
a. Nessus
b. Wireshark
c. SCAP
d. Reaver correct answers Wireshark
Jameson wants to test a new alarm system on the network by sending several invalid packets to
the service on port 4077. Which tool could Jameson use to manipulate the header information
and allow them to monitor the response of the service?
a. Scapy
b. hping3
c. Wireshark
d. tcpdump correct answers hping3
Jacinda has used a stealth scan in Nmap and has identified several open ports. She now wants to
use SQLMap and WPScan to identify any vulnerabilities with those ports. What is Jacinda trying
to accomplish by using these two applications?
a. Uncover data in the server that could be fraudulent
b. Uncover evidence using digital forensics tools
c. Limit the company's exposure to attack
d. Increase the confidentiality of the data being transmitted correct answers Limit the company's
exposure to attack
Robyn has identified several Bluetooth devices that are attempting to connect to the point-of-sale
system. Which of the following tools would Robyn best employ to simulate an attack on the
point-of-sale system?
a. Spooftooph
b. Reaver
c. Fern
d. Kismet correct answers Spooftooph
Alessandra has been hired by Cyberdyne to investigate a possible data breach on a Linux cloud
server. Alessandra is unsure of which provider the company uses, but wants to be best prepared
to audit the services when approved. Which tool would be best utilized for this purpose?
, a. Pacu
b. Censys
c. Cloud Janitor
d. Scout Suite correct answers Scout Suite
Octavious was hired to complete a vulnerability assessment of a web server. He completed his
vulnerability scan of Web Enterprises and has identified a serious and critical vulnerability on
the server. A published exploit is available. What should Octavious do next?
a. Scan the remaining servers to ensure they are vulnerable also
b. Attempt to use the exploit on the system to verify the vulnerability
c. Document and report the vulnerability to Web Enterprises
d. Research the vulnerability and correct the vulnerability if a solution exists correct answers
Document and report the vulnerability to Web Enterprises
During which stage of the pen-test process does an individual perform active and passive
reconnaissance of the target?
a. Reporting and communicating results
b. Planning and scoping
c. Information gathering and vulnerability scanning
d. Attacking and exploiting
Hide Feedback correct answers information gathering and vulnerability scanning
During which stage of the pen-test process does the cleanup of the targeted systems and network
occur?
a. Attacking and exploiting
b. Planning and scoping
c. Reporting and communicating results
d. Information gathering and vulnerability scanning correct answers Reporting and
communicating results
The cyber kill chain from Lockheed Martin includes seven stages. Malware has been planted on
the network and is now infecting the company assets. Which stage number does this installation
occur in?
a. Stage 3
b. Stage 4
c. Stage 5
d. Stage 2 correct answers stage 5
Disrupting communications of company data to an attacker is a defensive action that could be
used to decrease the amount of damage caused by an attack. By doing so, which portion of the
CIA triad is the company trying to protect most?
a. Intrusion
b. Availability
c. Confidentiality
d. Integrity correct answers confidentiality
