search
githubEdit

Phases of the penetration testing process — Quiz

hashtag
Phases of the penetration testing process

1. During the reconnaissance phase, what is the primary goal of the footprinting stage, as adapted from Faircloth (2011)? (Choose one answer) a) To learn about the target's business structure and partners b) To analyze the personal details of employees associated with the organization c) To translate DNS host names into IP addresses and IP address ranges d) To confirm the reachability of identified IP addresses using active probes

2. According to the section, how is scanning primarily distinguished from enumeration? (Choose one answer) a) Scanning is always passive, while enumeration is always active b) Scanning extracts user lists, while enumeration identifies open ports c) Scanning asks "What's alive and what ports are open?" while enumeration asks "What can I extract from those services?" d) Scanning uses tools like enum4linux, while enumeration uses tools like Nmap

3. A passive network sniffer is deployed on a target network. When the penetration tester uses it to capture and analyze unencrypted email contents from the traffic, this activity is best categorized as part of which phase? (Choose one answer) a) Reconnaissance, specifically Intelligence Gathering b) Reconnaissance, specifically Footprinting c) Scanning and enumeration d) Gaining access

4. The tool p0f is highlighted in the section as a powerful alternative to active scanning tools. What is its primary function and key characteristic? (Choose one answer) a) It is an active vulnerability scanner that generates custom packets to identify software versions b) It is used for social engineering and gathering intelligence from human sources c) It performs banner grabbing by actively connecting to open ports on a target system d) It is a passive fingerprinting tool that analyzes TCP/IP packet structures to determine OS and configuration properties

5. Based on the description of the phases, which of the following activities is a classic example of the enumeration phase? (Choose one answer) a) Using Shodan to identify an organization's public-facing web servers b) Running a masscan to identify all active hosts on a network subnet c) Using an LDAP query to extract a list of user accounts from a domain controller d) Deploying a persistent backdoor on a compromised system

PreviousGaining access (attacking a system)NextTypes of penetration testing

Last updated