University of the Cumberlands EMISS ISOL532 Telecommunications and network security. Lab 5 Assessment Quiz. 20 Q&A

Document Content and Description Below

University of the Cumberlands EMISS ISOL532 Telecommunications and network security. Lab 5 Assessment Quiz. 20 Q&A QUESTION 1 1. A probe or even a full pen test is often a precursor to which phase... in the attacker “kill chain” process? Reconnaissance Weaponization Delivery C2 (command and control) 5.00000 points QUESTION 2 1. Domain Name Service runs on port: 21. 25. 53. 11 0. 5.00000 points QUESTION 3 1. For attackers, the last step in penetration testing is often __________, during which log files or other forensic information is destroyed or modified. covering their tracks remediation exploitation validation 5.00000 points QUESTION 4 1. For defenders, the last step in penetration testing is __________, during which vulnerabilities are fixed and the pen test steps are repeated to ensure the attack can’t occur again. covering their tracks remediation exploitation validation 5.00000 points QUESTION 5 1. In the lab, the detailed vulnerability information in the Nessus reports provided a(n): hexadecimal description of the problem and no solution possibilities. plain-English, high-level description of the problem and a hint at the solution. encrypted description of the problem and a hint at the solution. highly detailed description of the problem but no solution possibilities. 5.00000 points QUESTION 6 1. In which of the following phases in the attacker “kill chain” process is the attack actually unleashed? C2 (command and control) Weaponization Delivery Exploitation 5.00000 points QUESTION 7 1. In which of the following phases of the attacker “kill chain” process do attackers use a combination of technical and social engineering approaches to develop specific tools, such as spear-fishing e-mails or mobile apps? Reconnaissa nce Weaponizatio n Delivery Exploitation 5.00000 points QUESTION 8 1. Penetration testing tests the strengths and weaknesses of the IT security of an organization, as well as the: readiness of the facility and/or employees to respond to an attack. readiness of white-hat hackers to respond to an attack. ability of white-hat hackers to make successful attacks when necessary. ability of personnel to complete the time-consuming job of typing commands. 5.00000 points QUESTION 9 1. The Nessus report summary includes ______ : forensic evidence against black-hat hackers. a comparison of findings over several scans. a ranking of the network’s security. both a bar chart and a pie chart showing the distribution of vulnerability findings. 5.00000 points QUESTION 10 1. What is another term used to describe the vulnerability analysis step of penetration testing? Exploitatio n Enumerati on Examinati on Scanning 5.00000 points QUESTION 11 1. Which of the following is the first phase in the attacker “kill chain” process? Reconnaissance Weaponization Delivery C2 (command and control) 5.00000 points QUESTION 12 1. Which of the following phases in the attacker “kill chain” process includes a component during which the results of exploitation are reported but can also include additional targeting and tasks? C2 (command and control) Weaponization Delivery Exploitation 5.00000 points QUESTION 13 1. Which of the following rules exist to block or permit the public (outside) traffic from coming into the 172.30.0.0 network? Inbound rules on the LAN Outbound rules on the WAN Outbound rules on the LAN Inbound rules on the WAN 5.00000 points QUESTION 14 1. Which of the following rules exist to identify the type of traffic from the private (inside) network at 172.30.0.0/24 that should be allowed to pass through the firewall? Inbound rules on the LAN Outbound rules on the WAN Outbound rules on the LAN Inbound rules on the WAN 5.00000 points QUESTION 15 1. Which of the following statements is true regarding pen testing? Pen testing is only considered marginal as a security control. It is not necessary to re-scan a system or network to validate changes. It is not necessary to re-scan a system after patching programs. Closing some vulnerability issues can expose other vulnerabilities. 5.00000 points QUESTION 16 1. Which of the following statements is true regarding penetration testing? It is considered an art, but not a science. It is only done by individuals outside the organization, not by employees. It can be done by black-hat hackers as a part of their targeting rituals. It is too sophisticated to be done by script kiddies searching for a story to tell. 5.00000 points QUESTION 17 1. Which of the following statements is true regarding the automated tools used for penetration testing? Pen testers typically use automated tools after attacking a system to identify the various vulnerabilities that have been exploited. Automated tools are all the same in terms of the target environments they work against. Pen testers often use more than one tool to help identify vulnerabilities from a number of sources. Automated tools have completely replaced humans typing specialized commands for specialized circumstances. 5.00000 points QUESTION 18 1. Which of the following statements is true regarding the security configuration of an organization? White-hat hackers generally know nothing about the security configuration of the IT system they are trying to penetrate. There are many possible security postures of any network and its constituent parts, from highly secure to not secure at all. It is not a good idea for pen testers to have advance information about the security configuration of a network. Actual attackers are likely to know as much about the environment as employees or those who are hired to protect that environment. 5.00000 points QUESTION 19 1. Which step of penetration testing includes the actual attack? Exploitatio n Enumerati on Examinati on Scanning 5.00000 points QUESTION 20 1. Which step of penetration testing includes the remediation of the vulnerabilities? Reconnaissance Scanning Vulnerability analysis Post-attack activities [Show More]

Last updated: 1 year ago

Preview 1 out of 6 pages