Reference no: EM133245612
1. This section of a formal Penetration Test Report defines the restrictions on the aggressiveness of a penetration test, describes the methods that a pen tester will use to reach a target, and provides a list of the planned/executed tests.
Scope section
Target(s) section
Summary of Findings section
Conclusion section
2. Which Nmap switch would attempt to guess a target host's operating system?
-sV
-sS
-O
Nmap doesn't detect a host's operating system.
3. In OpenVAS, the ________ measures how reliable a vulnerability's severity score is.
GSM
QoD score
CVSS score
CVE value
4. Which Nmap command would you run to execute a Ping scan on all hosts on the 172.30.0.0/24 subnet?
nmap -Pn 172.30.0.0/24
nmap -sL 172.30.0.0/24
nmap -T4 -A -v 172.30.0.0/24
Nmap doesn't Ping hosts.
5. Zenmap and Nessus can identify devices, operating systems, applications, database servers, and services on those devices. Which of the two applications can also identify known vulnerabilities or bugs on the devices being scanned?
Only Zenmap
Only Nessus
Both Zenmap and Nessus
Neither Zenmap nor Nessus
6. The ________ allows you to tailor the thoroughness of a vulnerability scan and can affect whether a scan is quick or longer.
basic network scan in Nessus
SYN scan in Zenmap
assessment option in Nessus
discovery option in Zenmap
7. A Nessus scan report identifies vulnerabilities by a ________.
NASL
CVSS score
Plugin ID
CVE value
8. You should enumerate recommended mitigations or next steps in this section of a formal Penetration Test Report.
Scope section
Target(s) section
Summary of Findings section
Conclusion section
9. A ________ is limited to the scanning and enumeration phase of the cyber kill chain, while a ________ encompasses the full kill chain.
port scan in Zenmap; basic network scan in Nessus
basic network scan in Nessus; port scan in Zenmap
vulnerability assessment; penetration test
penetration test; vulnerability assessment
10. The Common Vulnerabilities and Exposures (CVE) list is maintained by the ________ and, together with the NVD, provides information about vulnerabilities and how to ________ them with software patches and updates.
MITRE Corporation; mitigate
NIST; mitigate
MITRE Corporation; assess
NIST; assess