Exploiting Local Host And Physical Full Test Bank Chapter 7

CompTIA® PenTest+ Cert Guide

Chapter 7 Exploiting Local Host and Physical Security Vulnerabilities

1) Which of these protocols is the least secure?

A) SSH

B) FTPS

C) SFTP

D) Cisco Smart Install

2) Which of these protocols is the most vulnerable to man-in-the-middle attacks and IP traffic capture (sniffing)?

A) Telnet

B) HTTPS

C) SMTP

D) SSL

3) Which of these best describes local privilege escalation?

A) Gaining a foothold in a target system and exploiting a vulnerability

B) Elevating the level of authority on an already compromised account or application

C) Ensuring that the intrusion is not detected

D) Installing a backdoor for later re-entry into the system

4) What Linux command can help you escalate privileges?

A) rwxrwx

B) man

C) sudo

D) elevate

5) What Linux command modifies the permissions on a file or folder?

A) attrib

B) chmod

C) su

D) sudo

6) In Linux, which of these represents full permission for the owner of the file, and read-only permission for everyone else?

A) -rwxr--r--

B) -rwxrwxrwx

C) -r--rwxr--

D) -r--r--rwx

7) Which of these commands will set the permission of the file myfile.txt to full permission for the owner and no permission for anyone else?

A) chmod 0700 myfile.txt

B) chmod a-w myfile.txt

C) attrib +rwx

D) su 0777 myfile.txt

8) In Linux, what command shows the groups that the current user belongs to?

A) showgrps

B) sudo

C) groups

D) visudo

9) What can mitigate ret2libc attacks?

A) Using clear-text credentials in LDAP

B) ASCII armoring

C) LSASS armoring

D) Encrypting the SAM database

10) Which tool can you use to automatically decrypt passwords that are stored in the Group Policy Preferences?

A) DLL Hijack

B) vmss2core

C) LSASS

D) Metasploit

11) What does it mean if you find event IDs 2886 and 2887 in the Active Directory Service log?

A) Passwords are not being hashed properly in SAM

B) The memory from a suspended VM has been dumped

C) LDAP signing is not being enforced by the domain controller

D) Clients are not being authenticated

12) Which of these is exploitable?

A) Unquoted service paths

B) Quoted service paths

C) Read-only services

D) Secure file permissions

13) Which of these is not a type of software-based keylogger?

A) Kernel-based

B) API-based

C) Hypervisor-based

D) Pointer-based

14) Why is the Windows Task Scheduler a security risk?

A) Events can be scheduled via group policy

B) Its password is not hashed

C) It bypasses UAC

D) Events can be scheduled from a guest account

15) Which of these is not an example of a sandbox implementation?

A) Jail

B) Virtual machines

C) Secure Computing Mode

D) Metasploit

16) In what way is a container different from a virtual machine?

A) Doesn't require an underlying guest OS

B) Doesn't require a host operating system

C) Doesn't require host hardware

D) Doesn't require a separate keyboard and monitor

17) Docker is an example of what?

A) Virtual machine

B) Container

C) Packet sniffer

D) Password cracker

18) Which of these is not a basic tampering technique for mobile systems and apps?

A) Binary patching

B) Code injection

C) Debugging and tracing

D) Jail

19) On an Android system, which file contains key information about an app’s package, including its name, target, components, and permissions?

A) resources.arsc

B) assets

C) AndroidManifest.xml

D) CERT.RSA

20) Which of these is an example of a physical device security attack?

A) Password brute-forcing

B) Serial console debugging

C) Jailbreaking

D) Sandboxing