Ch3 Test Bank Docx Information Gathering And Vulnerability

CompTIA® PenTest+ Cert Guide

Chapter 3 Information Gathering and Vulnerability Identification

1) Probing a target network or system to elicit a response is called:

A) Passive reconnaissance

B) Active reconnaissance

C) Classification

D) Sniffing

2) Gathering information without directly interacting with the target device is called:

A) Passive reconnaissance

B) Active reconnaissance

C) Network enumeration

D) Packet crafting

3) Which of these is not a type of active reconnaissance?

A) Group enumeration

B) Web page enumeration

C) Packet crafting

D) Packet inspection

4) Which of these is not a type of passive reconnaissance?

A) Domain enumeration

B) Packet inspection

C) Host enumeration

D) Eavesdropping

5) ______ is an active scan in which the tool sends probes to the target IP address and examines the responses to determine whether the service is listening.

A) A port scan

B) User enumeration

C) Network share enumeration

D) Eavesdropping

6) Of the Nmap scan types, which type establishes a full TCP connection with the target device being scanned?

A) -sF

B) -sU

C) -sT

D) -sn

7) Of the Nmap scan types, which type is stealthy, and doesn't get picked up by a network filter or firewall?

A) -sF

B) -sU

C) -sT

D) -sP

8) If you wanted to use Nmap for host enumeration, which option would you use?

A) -sF

B) -sU

C) -sT

D) -sP

9) Which of these is a way to enumerate users, groups, and shares?

A) OSINT gathering

B) Google search

C) Server Message Block (SMB) messages

D) Recon-ng

10) Scapy is a utility that enables you to do _______ with more control than Nmap provides with its -sS option.

A) SMB messaging

B) Enumeration

C) Packet inspection

D) Packet crafting

11) Which kind of enumeration is considered a passive activity?

A) Group

B) Domain

C) User

D) Services

12) You might use a tool such as Wireshark or TCPDUMP to do what?

A) SMB messaging

B) Packet crafting

C) Packet inspection

D) OSINT gathering

13) ________ is a method of gathering publicly available intelligence sources to collect and analyze information about a target.

A) OSINT gathering

B) Packet crafting

C) Active reconnaissance

D) Packet inspection

14) Recon-ng is a modular framework for passive enumeration that is especially effective at _______ because of its use of APIs to gather information.

A) Social networking site enumeration

B) Packet inspection

C) Vulnerability scanning

D) Domain enumeration

15) Which type of vulnerability scan shows only the network services that are exposed to the network?

A) Active

B) Passive

C) Authenticated

D) Unauthenticated

16) When performing an authenticated scan, after logging into the target, you would run a command such as ______ to gather information from inside the host.

A) tracert

B) ping

C) netstat

D) ls

17) Which type of scan monitors and analyzes network traffic, and uses the gathered information to determine the network’s topology and what service the hosts are listening on?

A) SYN scan

B) Passive vulnerability scan

C) Active vulnerability scan

D) Compliance scan

18) _______ is the practice of slowing down the traffic created by your scanner to work around bandwidth limitations and avoid crashing the target.

A) VPN adjustment

B) Bandwidth segmentation

C) Fragile system scanning

D) Query throttling

19) In scan results, each vulnerability will typically map to one or many items in the _____ list.

A) CVE

B) OWASP

C) CVSS

D) TCP

20) Which of these is not an important consideration for prioritizing findings from vulnerability scans?

A) How many systems does the vulnerability apply to?

B) What is the attack vector, and does it apply to your environment?

C) Is the device critical to your business or infrastructure?

D) How long has this vulnerability existed?