Question 1

Active assessment

Accepted Answer

A network evaluation that is obtained by actively testing the network for weaknesses.

Question 2

Passive assessment

Accepted Answer

A network evaluation that is obtained by looking for weaknesses through observation with no direct network interaction.

Question 3

External assessment

Accepted Answer

A network evaluation that is obtained by testing external systems and testing from outside the network.

Question 4

Internal assessment

Accepted Answer

A network evaluation that is obtained by testing and analyzing processes and systems inside the network.

Question 5

vulnerability assessment

Accepted Answer

is the process of identifying weaknesses in an organization's infrastructure, including the operating system, web applications, and the web server. It's used to plan additional security measures to protect the organization from attack.

Question 6

What are the 2 types of scanning

Accepted Answer

Active
Passive

Question 7

Active scanning

Accepted Answer

An active scan transmits to the nodes within a network to determine exposed ports and can independently repair security flaws. It can also simulate an attack to test for vulnerabilities and can repair weak points in the system.

Question 8

Passive scanning

Accepted Answer

A passive scan tries to find vulnerabilities without directly interacting with the target network. The scan identifies vulnerabilities via information exposed by systems in their normal communications. You can set a scanner to scan constantly or at specific times.

Question 9

Point in time

Accepted Answer

A scan can only obtain data for the time period when it runs. For example, some weaknesses may be exposed only when systems are operating at peak capacity, at certain times of day, or even at certain times of the year.

Question 10

New vulnerabilities

Accepted Answer

Scans can only identify known vulnerabilities. This give an attacker that uses a new attack an advantage, as scans are written only for vulnerabilities that have been previously exploited.

Question 11

Active assessment

Accepted Answer

In an active assessment, specifically created packets are sent to target nodes to determine the OS of the domain, the hosts, the services, and the vulnerabilities in the network. nmap is a useful tool for this assessment.

Question 12

Passive assessment

Accepted Answer

Using sniffer traces from a remote system, you can determine the operating system of the remote host as well as a list of the current network work. Wireshark is a common tool for this type of information gathering and analysis.

Question 13

External assessment

Accepted Answer

looks for ways to access the network infrastructure through open firewall ports, routers, web servers, web pages, and public DNS servers. It is external because it is working from the outside using public networks through the internet. May include: 
•Do if maps exist for network and external service devices
•vulnerabilities in web applications
•Examining the rule set for external network router configurations and firewalls
•open ports on the external network and services
•Identifying DNS zones

Question 14

Internal assessment

Accepted Answer

The ethical hacker can also be inside the network, testing the internal networks and systems. This type of assessment can include: 
•	Inspecting physical security
•	Checking open ports on network devices and router configurations
•	Scanning for Trojans, spyware, viruses, and malware
•	Evaluating remote management processes
•	Determining flaws and patches on the internal network systems, devices, and servers

Question 15

Host-based assessment

Accepted Answer

This assessment focuses on all types of user risks, including malicious users and untrained users as well as vendors and administrators. Host-based assessment can also test the vulnerability of databases, firewalls, files, and web servers, as well as flag configuration errors.

Question 16

Application

Accepted Answer

Application-level scans allow the ethical hacker to scrutinize completed applications when the source code is unknown. Every application should be examined for input controls and data processing.

Question 17

Wireless network assessment

Accepted Answer

A hacker can access sensitive information even from outside a building by sniffing network packets that are transmitted wirelessly through radio waves. Generally, a hacker will obtain the SSID (the name assigned to the wireless network) through sniffing and use it to hack the wireless network without ever entering the building. These assessments analyze the network for patching errors, authentication and encryption problems, and unnecessary services.

Question 18

Misconfigurations

Accepted Answer

The primary cause of misconfiguration is human error. Web servers, application platforms, databases, and networks are all at risk of unauthorized access. Areas to check include outdated software, unnecessary services, external systems that are incorrectly authenticated, security settings that have been disabled, and debug enabled on a running application.

Question 19

Default settings

Accepted Answer

It is important to check default settings, especially for default SSIDs and admin passwords. If a company never changes the default admin passwords or the default SSID to combinations unique to the company, it is very simple for an attacker to gain access to the network.

Question 20

Buffer overflows

Accepted Answer

A buffer is a temporary data storage area with limited space. Overflows occur when more data is attempted to be stored than the program was written for. Error checking should identify this problem. When overflow occurs, it can allow hackers to cause data to flow to other memory areas and to access database files or alter system files. System crashing or instability can also occur.

Question 21

Unpatched servers

Accepted Answer

Hackers gain access to data in a system through misconfigured or unpatched servers. Since servers are integral part of an organization’s infrastructure, this vulnerability creates a central route for access to sensitive data and operations. Fixing bugs, patching, and simply updating software can block an attack.

Question 22

Design flaws

Accepted Answer

Every operating system or device has bugs or defects in its design. Hackers take advantage of design flaws such as broken authentication and access control, cross-site scripting, insufficient logging and monitoring, and incorrect encryption.

Question 23

Operating system flaws

Accepted Answer

Flaws in the OS can leave a system susceptible to malicious applications such as viruses, Trojan horses, and worms through scripts, undesirable software, or code. Firewalls, minimal software application usage, and regular system patches create protection from this form of attack.

Question 24

Application flaws

Accepted Answer

Flaws in the validation and authorization of users present the greatest threat to security in transactional applications. This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Both open-source and commercial tools are recommended for this assessment.

Question 25

Open services

Accepted Answer

Ports and services must be checked regularly to prevent unsecure, open, or unnecessary ports, which can lead to attacks on connected nodes or devices, loss of private information, or even denial of service.

Question 26

Default usernames and passwords

Accepted Answer

Passwords should always be immediately changed after installation or setup. Passwords should always be kept secret.

Question 27

For active scans what assessment tool works well

Accepted Answer

NMAP

Question 28

For passive assessments what is commonly used to gather this information. It establishes the information retrieved from the sniffer traces.

Accepted Answer

Wireshark

Question 29

An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items:

   - Inspecting physical security
    -Checking open ports on network devices and router configurations
    -Scanning for Trojans, spyware, viruses, and malware
    -Evaluating remote management processes
    -Determining flaws and patches on the internal network systems, devices, and servers 

What assessment tests is being performed?

Accepted Answer

Internal assessment

Question 30

In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. What assessments does an ethical hacker complete to expose these weeknesses?

Accepted Answer

Vulnerability assessment

Question 31

What assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?

Accepted Answer

Host-based assessment

Question 32

On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?

Accepted Answer

nmap --script nmap-vulners -sV 10.10.10.195

Question 33

This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?

Accepted Answer

Application flaws

Question 34

Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?

Accepted Answer

Vulnerability research

Question 35

What best describes active scanning?

Accepted Answer

A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.

Question 36

Which of the following assessment types can monitor and alert on attacks but cannot stop them?

Accepted Answer

Passive

Question 37

Vulnerability assessment

Accepted Answer

A phase of testing the network for vulnerabilities.

Question 38

Risk assessment

Accepted Answer

A phase of evaluating the found vulnerabilities for threat level.

Question 39

Remediation

Accepted Answer

A phase of patching, hardening, and correcting weaknesses.

Question 40

Verification

Accepted Answer

A phase of retesting the system to verify that patching and hardening was effective.

Question 41

Monitoring

Accepted Answer

A phase where continuous monitoring of systems is implemented.

Question 42

Product-based

Accepted Answer

This solution involves an organization purchasing a product and administering it from inside the network. The product functions inside the firewall. This would make it inaccessible from outside penetration. An organization could implement this type of solution hoping that it solves vulnerability issues.

Question 43

Service-based

Accepted Answer

A service-based solution entails hiring a professional, such as yourself, to provide a solution. This approach would involve using the vulnerability management life cycle. The professional would conduct the testing and solutions from outside the network. The risk of this approach is that an assessment based entirely from outside the network leaves potential for a hacker to gain access to the system.

Question 44

Tree-based

Accepted Answer

With a tree-based assessment, you have a preset plan for testing and scanning based on some previous knowledge of the system. You then choose specific modes of testing for each operating system and machine.

Question 45

Inference-based

Accepted Answer

In an inference-based approach, you test and discover information as you go. You then adjust your scans according to the information you discover.

Question 46

What are the 3 basic steps in penetration testing

Accepted Answer

1 	Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is.
2 	Itemize each open port and service in the network.
3 	Test each open port for known vulnerabilities.

TestOut Ethical Hack

TestOut Ethical Hacker Pro Q&A Chapter 7 Analyze Vulnerabilities

Question	Answer
Why is vulnerability assessment important?
What are the limitations of scans?
What are seven types of assessments?
What are the top nine areas to research when conducting an assessment?
Active assessment	A network evaluation that is obtained by actively testing the network for weaknesses.
Passive assessment	A network evaluation that is obtained by looking for weaknesses through observation with no direct network interaction.
External assessment	A network evaluation that is obtained by testing external systems and testing from outside the network.
Internal assessment	A network evaluation that is obtained by testing and analyzing processes and systems inside the network.
vulnerability assessment	is the process of identifying weaknesses in an organization's infrastructure, including the operating system, web applications, and the web server. It's used to plan additional security measures to protect the organization from attack.
What are the 2 types of scanning	Active Passive
Active scanning	An active scan transmits to the nodes within a network to determine exposed ports and can independently repair security flaws. It can also simulate an attack to test for vulnerabilities and can repair weak points in the system.
Passive scanning	A passive scan tries to find vulnerabilities without directly interacting with the target network. The scan identifies vulnerabilities via information exposed by systems in their normal communications. You can set a scanner to scan constantly or at specific times.
Point in time	A scan can only obtain data for the time period when it runs. For example, some weaknesses may be exposed only when systems are operating at peak capacity, at certain times of day, or even at certain times of the year.
New vulnerabilities	Scans can only identify known vulnerabilities. This give an attacker that uses a new attack an advantage, as scans are written only for vulnerabilities that have been previously exploited.
Active assessment	In an active assessment, specifically created packets are sent to target nodes to determine the OS of the domain, the hosts, the services, and the vulnerabilities in the network. nmap is a useful tool for this assessment.
Passive assessment	Using sniffer traces from a remote system, you can determine the operating system of the remote host as well as a list of the current network work. Wireshark is a common tool for this type of information gathering and analysis.
External assessment	looks for ways to access the network infrastructure through open firewall ports, routers, web servers, web pages, and public DNS servers. It is external because it is working from the outside using public networks through the internet. May include: •Do if maps exist for network and external service devices •vulnerabilities in web applications •Examining the rule set for external network router configurations and firewalls •open ports on the external network and services •Identifying DNS zones
Internal assessment	The ethical hacker can also be inside the network, testing the internal networks and systems. This type of assessment can include: • Inspecting physical security • Checking open ports on network devices and router configurations • Scanning for Trojans, spyware, viruses, and malware • Evaluating remote management processes • Determining flaws and patches on the internal network systems, devices, and servers
Host-based assessment	This assessment focuses on all types of user risks, including malicious users and untrained users as well as vendors and administrators. Host-based assessment can also test the vulnerability of databases, firewalls, files, and web servers, as well as flag configuration errors.
Application	Application-level scans allow the ethical hacker to scrutinize completed applications when the source code is unknown. Every application should be examined for input controls and data processing.
Wireless network assessment	A hacker can access sensitive information even from outside a building by sniffing network packets that are transmitted wirelessly through radio waves. Generally, a hacker will obtain the SSID (the name assigned to the wireless network) through sniffing and use it to hack the wireless network without ever entering the building. These assessments analyze the network for patching errors, authentication and encryption problems, and unnecessary services.
Misconfigurations	The primary cause of misconfiguration is human error. Web servers, application platforms, databases, and networks are all at risk of unauthorized access. Areas to check include outdated software, unnecessary services, external systems that are incorrectly authenticated, security settings that have been disabled, and debug enabled on a running application.
Default settings	It is important to check default settings, especially for default SSIDs and admin passwords. If a company never changes the default admin passwords or the default SSID to combinations unique to the company, it is very simple for an attacker to gain access to the network.
Buffer overflows	A buffer is a temporary data storage area with limited space. Overflows occur when more data is attempted to be stored than the program was written for. Error checking should identify this problem. When overflow occurs, it can allow hackers to cause data to flow to other memory areas and to access database files or alter system files. System crashing or instability can also occur.
Unpatched servers	Hackers gain access to data in a system through misconfigured or unpatched servers. Since servers are integral part of an organization’s infrastructure, this vulnerability creates a central route for access to sensitive data and operations. Fixing bugs, patching, and simply updating software can block an attack.
Design flaws	Every operating system or device has bugs or defects in its design. Hackers take advantage of design flaws such as broken authentication and access control, cross-site scripting, insufficient logging and monitoring, and incorrect encryption.
Operating system flaws	Flaws in the OS can leave a system susceptible to malicious applications such as viruses, Trojan horses, and worms through scripts, undesirable software, or code. Firewalls, minimal software application usage, and regular system patches create protection from this form of attack.
Application flaws	Flaws in the validation and authorization of users present the greatest threat to security in transactional applications. This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Both open-source and commercial tools are recommended for this assessment.
Open services	Ports and services must be checked regularly to prevent unsecure, open, or unnecessary ports, which can lead to attacks on connected nodes or devices, loss of private information, or even denial of service.
Default usernames and passwords	Passwords should always be immediately changed after installation or setup. Passwords should always be kept secret.
For active scans what assessment tool works well	NMAP
For passive assessments what is commonly used to gather this information. It establishes the information retrieved from the sniffer traces.	Wireshark
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: - Inspecting physical security -Checking open ports on network devices and router configurations -Scanning for Trojans, spyware, viruses, and malware -Evaluating remote management processes -Determining flaws and patches on the internal network systems, devices, and servers What assessment tests is being performed?	Internal assessment
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. What assessments does an ethical hacker complete to expose these weeknesses?	Vulnerability assessment
What assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?	Host-based assessment
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?	nmap --script nmap-vulners -sV 10.10.10.195
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?	Application flaws
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?	Vulnerability research
What best describes active scanning?	A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
Which of the following assessment types can monitor and alert on attacks but cannot stop them?	Passive
Why is it important to create a baseline before testing begins?
How important is the vulnerability assessment phase to the rest of the cycle?
Why should you take the time to evaluate the threat levels of the results of your penetration testing?
Which phase includes fixing weaknesses that are found?
Why would you retest the system after remediation?
Why is ongoing monitoring a valuable practice?
Vulnerability assessment	A phase of testing the network for vulnerabilities.
Risk assessment	A phase of evaluating the found vulnerabilities for threat level.
Remediation	A phase of patching, hardening, and correcting weaknesses.
Verification	A phase of retesting the system to verify that patching and hardening was effective.
Monitoring	A phase where continuous monitoring of systems is implemented.
Product-based	This solution involves an organization purchasing a product and administering it from inside the network. The product functions inside the firewall. This would make it inaccessible from outside penetration. An organization could implement this type of solution hoping that it solves vulnerability issues.
Service-based	A service-based solution entails hiring a professional, such as yourself, to provide a solution. This approach would involve using the vulnerability management life cycle. The professional would conduct the testing and solutions from outside the network. The risk of this approach is that an assessment based entirely from outside the network leaves potential for a hacker to gain access to the system.
Tree-based	With a tree-based assessment, you have a preset plan for testing and scanning based on some previous knowledge of the system. You then choose specific modes of testing for each operating system and machine.
Inference-based	In an inference-based approach, you test and discover information as you go. You then adjust your scans according to the information you discover.
What are the 3 basic steps in penetration testing	1 Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is. 2 Itemize each open port and service in the network. 3 Test each open port for known vulnerabilities.

"Know" box contains:
Time elapsed:
Retries: