CIS 213 Pentesting Exam Questions With
Answers 100% Correct
A flaw in software, hardware, or procedures is known as what?
a. An attack
b. An exploit
c. A vulnerability
d. A mistake - ANSWER c. A vulnerability
The National Institute of Standards and Technology (NIST) provides Special
Publications to assist IT personnel and companies in establishing procedures that
govern information systems. Which Special Publication (SP) is the technical guide to
information systems testing and assessment?
a. SP 800-53
b. SP 800-128
c. SP 800-100
d. SP 800-115 - ANSWER d. SP 800-115
How often should penetration tests be performed for segmentation controls under
the PCI DSS?
a. Monthly
b. Quarterly
c. Semi-annually
d. Annually - ANSWER c. Semi-annually
The CIA triad includes all the following except?
a. Confidentiality
,b. Intelligence
c. Integrity
d. Availability - ANSWER b. Intelligence
The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The insurance policy and amounts of coverage
d. The tool that will be used against the network - ANSWER a. Who will receive the
report after the test is complete
At what stage of the pen-test process would Evan utilize programs such as Nmap
and OpenVas?
a. Planning and scoping
b. Attacking and exploitation
c. Reporting and communicating results
d. Information gathering and vulnerability scanning - ANSWER d. Information
gathering and vulnerability scanning
Virgil has just utilized John the Ripper to crack passwords from the client's network.
Tools like John the Ripper are utilized at what stage of the penetration testing
process?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Reporting and communicating results
d. Attacking and exploitation - ANSWER d. Attacking and exploitation
Disclosure of sensitive data and making it available to unauthorized entities can
bring undesired publicity and liability to a company. Disclosure attempts to destroy
,which property of the CIA triad?
a. Integrity
b. Confidentiality
c. Availability
d. Intelligence - ANSWER b. Confidentiality
The cyber kill chain is a seven-step process describing the normal process of cyber
attacks. Which step is described as "Intruder transmits weapon to target"?
a. Weaponization
b. Exploitation
c. Installation
d. Delivery - ANSWER d. Delivery
The cyber kill chain describes the need for an intruder to maintain access to the
target. This activity can be ensured by installation of which of the following items?
a. Backdoor
b. Virus
c. Worm
d. Ransomware - ANSWER a. Backdoor
Adrian has just located a target during the scanning that is not within the scope of
operations or approved in the ROE. What should Adrian do next to scan the new
target?
a. Seek permission from the client to include the new target in a revised ROE.
b. Scan the target using Nessus to document existing vulnerabilities.
c. Document the new target in their report.
d. Scan the system for its MAC address and look the system up using ARP. -
ANSWER a. Seek permission from the client to include the new target in a revised
ROE.
, SpearTrax Inc. has decided to include their own IT department in the pen-testing
preparation process. Which color is the appropriate label for these personnel?
a. White
b. Blue
c. Purple
d. Red - ANSWER b. Blue
Which tool would allow a pen-tester to sniff details from a wireless network,
including the potential to crack the network key?
a. Aircrack-ng
b. Netcat
c. Recon-ng
d. BeEF - ANSWER a. Aircrack-ng
Aurora is utilizing the OWASP ZAP application to gather information from a client's
network. What sort of information can Aurora expect to elicit via this application?
a. System user account names and web application used by the account
b. Operating system version and service pack number
c. Firewall configuration settings for web access
d. Communication streams between web applications and web browsers - ANSWER
d. Communication streams between web applications and web browsers
Novelie is working with Livia to monitor network traffic for the wireless network.
Livia suggests using tcpdump, but Novelie prefers a GUI interface for monitoring.
Which tool would allow them to visually view the live network traffic as it is
captured?
a. Wireshark
b. Reaver
Answers 100% Correct
A flaw in software, hardware, or procedures is known as what?
a. An attack
b. An exploit
c. A vulnerability
d. A mistake - ANSWER c. A vulnerability
The National Institute of Standards and Technology (NIST) provides Special
Publications to assist IT personnel and companies in establishing procedures that
govern information systems. Which Special Publication (SP) is the technical guide to
information systems testing and assessment?
a. SP 800-53
b. SP 800-128
c. SP 800-100
d. SP 800-115 - ANSWER d. SP 800-115
How often should penetration tests be performed for segmentation controls under
the PCI DSS?
a. Monthly
b. Quarterly
c. Semi-annually
d. Annually - ANSWER c. Semi-annually
The CIA triad includes all the following except?
a. Confidentiality
,b. Intelligence
c. Integrity
d. Availability - ANSWER b. Intelligence
The ROE will specify which of the following during the scope process?
a. Who will receive the report after the test is complete
b. The cost of the testing being performed
c. The insurance policy and amounts of coverage
d. The tool that will be used against the network - ANSWER a. Who will receive the
report after the test is complete
At what stage of the pen-test process would Evan utilize programs such as Nmap
and OpenVas?
a. Planning and scoping
b. Attacking and exploitation
c. Reporting and communicating results
d. Information gathering and vulnerability scanning - ANSWER d. Information
gathering and vulnerability scanning
Virgil has just utilized John the Ripper to crack passwords from the client's network.
Tools like John the Ripper are utilized at what stage of the penetration testing
process?
a. Planning and scoping
b. Information gathering and vulnerability scanning
c. Reporting and communicating results
d. Attacking and exploitation - ANSWER d. Attacking and exploitation
Disclosure of sensitive data and making it available to unauthorized entities can
bring undesired publicity and liability to a company. Disclosure attempts to destroy
,which property of the CIA triad?
a. Integrity
b. Confidentiality
c. Availability
d. Intelligence - ANSWER b. Confidentiality
The cyber kill chain is a seven-step process describing the normal process of cyber
attacks. Which step is described as "Intruder transmits weapon to target"?
a. Weaponization
b. Exploitation
c. Installation
d. Delivery - ANSWER d. Delivery
The cyber kill chain describes the need for an intruder to maintain access to the
target. This activity can be ensured by installation of which of the following items?
a. Backdoor
b. Virus
c. Worm
d. Ransomware - ANSWER a. Backdoor
Adrian has just located a target during the scanning that is not within the scope of
operations or approved in the ROE. What should Adrian do next to scan the new
target?
a. Seek permission from the client to include the new target in a revised ROE.
b. Scan the target using Nessus to document existing vulnerabilities.
c. Document the new target in their report.
d. Scan the system for its MAC address and look the system up using ARP. -
ANSWER a. Seek permission from the client to include the new target in a revised
ROE.
, SpearTrax Inc. has decided to include their own IT department in the pen-testing
preparation process. Which color is the appropriate label for these personnel?
a. White
b. Blue
c. Purple
d. Red - ANSWER b. Blue
Which tool would allow a pen-tester to sniff details from a wireless network,
including the potential to crack the network key?
a. Aircrack-ng
b. Netcat
c. Recon-ng
d. BeEF - ANSWER a. Aircrack-ng
Aurora is utilizing the OWASP ZAP application to gather information from a client's
network. What sort of information can Aurora expect to elicit via this application?
a. System user account names and web application used by the account
b. Operating system version and service pack number
c. Firewall configuration settings for web access
d. Communication streams between web applications and web browsers - ANSWER
d. Communication streams between web applications and web browsers
Novelie is working with Livia to monitor network traffic for the wireless network.
Livia suggests using tcpdump, but Novelie prefers a GUI interface for monitoring.
Which tool would allow them to visually view the live network traffic as it is
captured?
a. Wireshark
b. Reaver
