Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Ethical Hacking SA4
Summative Assessment 4
| Question | Answer |
|---|---|
| Which industry-standard method has created a catalog of known vulnerabilities that provides a score indicating the severity of a vulnerability? CVSS CVE OWASP WSTG NIST SP 800-115 | CVSS |
| Which vulnerability catalog creates a list of publicly known vulnerabilities, each assigned an ID number, description, and reference? CVE CVSS OWASP WSTG NIST SP 800-115 | CVE |
| Match the CVSS metric group with the respective information. Environmental metric group includes modified base metrics, confidentiality, integrity, and availability requirements continue sa likod--- | Base metric group includes exploitability metrics and impact metrics Temporal metric group includes exploit code maturity, remediation level, and report confidence |
| Which three items are included in the base metric group used by CVSS? (Choose three.) | attack complexity integrity impact user interaction |
| Which item is included in the environmental metric group used by CVSS? privileges required confidentiality requirements report confidence availability impact | confidentiality requirements |
| Which item is included in the temporal metric group used by CVSS? exploit code maturity integrity impact modified base metrics attack vector | exploit code maturity |
| Which tool can ingest the results from many penetration testing tools a cybersecurity analyst uses and help this professional produce reports in formats such as CSV, HTML, and PDF? Dradis Mimikatz Nessus PowerSploit | Dradis |
| Match the description to the respective control category. Key rotation: Technical control Input sanitization: Technical control Secure software development life cycle: Administrative control continue sa likod--- | Role-based access control: Administrative control Time-of-day restrictions: Operational control Job rotation: Operational control Video surveillance: Physical control Biometric controls: Physical control |
| Which two items are examples of technical controls that can be recommended as mitigations and remediation of the vulnerabilities found during a pen test? (Choose two.) | multifactor authentication certificate management |
| A recent pen-test results in a cybersecurity analyst report, including information on process-level remediation, patch management, and secrets management solutions. Which control category is represented by this example? | technical |
| Which document provides several cheat sheets and detailed guidance on preventing vulnerabilities such as cross-site scripting, SQL injection, and command injection? OWASP CVE GDPR CVSS | OWASP |
| A cybersecurity analyst report should contain minimum password requirements and policies and procedures. These are examples that are included in which control category? technical administrative operational physical | administrative |
| Which control category includes information on mandatory vacations and user training in the cybersecurity analyst report? technical administrative operational physical | operational |
| When creating a cybersecurity analyst report, which control category includes information concerning the access control vestibule? technical administrative operational physical | physical |
| Match the term to the respective description. false negative - malicious activities that are not detected by a network security device true positive - a successful identification of a security attack or a malicious event continue sa likod --- | true negative - an intrusion detection device identifies an activity as acceptable behavior and the activity is acceptable false positive - a security device triggers an alarm, but there is no malicious activity or actual attack taking place |
| Which kind of event is also called a “benign trigger”? false positive false negative true positive true negative | false positive |
| What kind of events diminishes the value and urgency of real alerts? false positives false negatives true negatives true positives | false positives |
| Which kinds of events are malicious activities not detected by a network security device? false positives false negatives true negatives true positives | false negatives |
| Which kind of event occurs when an intrusion detection device identifies an activity as acceptable behavior and the activity is acceptable? false positives false negatives true negatives true positives | true negatives |
| Which kind of event is a successful identification of a security attack? false negative false positive true positive true negative | true positive |
| Which example of technical control is recommended to mitigate and prevent vulnerabilities such as cross-site scripting, cross-site request forgery, SQL injection, and command injection? | user input sanitization |
| Which example of administrative controls enables administrators to control what users can do at both broad and granular levels? RBAC secure software development life cycle policies and procedures minimum password requirements | RBAC |
| A document entitled “Building an Information Technology Security Awareness Training Program” succinctly defines y security education and training r so important for users. The document defines ways to improve security operations of organization. | NIST SP 800-50 |
| How is the score that CVSS provides interpreted? | scores are rated from 0 to 10, with 10 being the most severe |
| What control category does system hardening belong to? technical administrative operational physical | technical |
| ------ | ---- |
| Which two items are programming logic constructs? (Choose two.) Boolean operators Conditionals Arrays Dictionaries Libraries | Boolean operators Conditionals |
| Which two items are data structures used in programming languages? (Choose two.) Procedures functions Arrays Lists Libraries | Arrays Lists |
| Which two items can be included in a library? (Choose two.) Message templates Subroutines Trees Databases Conditionals | Message templates Subroutines |
| What is the definition of a procedure used in an application software | It is a section of code that is created to perform a specific task. |
| Which programming language data structure is a special variable with more than one value at a time? List Array Tree File with comma-separated values | Array |
| Which term describes a programming language component such as JavaScript Object Notation (JSON)? Data structures Logic constructs Procedures Classes | Data structures |
| What kind of data structure in Python is represented in the example below? cves = [‘CVE-2022-0945’, ‘CVE-2023-1234’, ‘CVE-2022-0987’] List Tree Array Dictionary | List |
| Which programming language elements perform similar tasks? Procedures and functions Procedures and libraries Libraries and classes Functions and libraries | Procedures and functions |
| What is the definition of a library in application software? | It is a collection of resources that can be reused by programs. |
| Which domain name database query utility has been restricted by the European Union´s General Data Protection Regulation (GDPR) to protect privacy? Dig Whois FOCA theHarvester | Whois |
| What are two tools that can be used to perform active reconnaissance? (Choose two.) Nslookup Zenmap Tor Enum4linux Maltego | Zenmap Enum4linux |
| What are two tools that can be used to perform credential attacks? (Choose two.) Nslookup FOCA Mimikatz Censys Patator | Mimikatz Patator |
| Which Linux distribution comes with more than 1900 security penetration testing tools? BlackArch Linux Parrot OS Kali Linux BackTrack | BlackArch Linux |
| Which tool is designed to find metadata and hidden information in documents? theHarvester FOCA ExifTool Shodan | FOCA |
| Which programming language element is a block of code that can be reused multiple times to execute a specific task? Function JavaScript Object Notation (JSON) Array Class | Function |
| Which tool organizes query entities within the Entity Palette and calls the search options “transforms”? Shodan FOCA Maltego theHarvester | Maltego |
| Which programming language element is a code template that includes initial variables and functions for creating an object? Class Function Array Procedure | Class |
| Which passive reconnaissance tool can be used to find information about devices and networks on the Internet? Recon-ng Maltego Censys theHarvester | Censys |
| What is a command-line tool that allows for interactive or non-interactive command execution? Bash Kali Linux Parrot OS Metasploit | Bash |
| Which popular Linux penetration testing distribution is based on Debian GNU/Linux and has evolved from WHoppiX, WHAX, and BackTrack? Kali Linux Parrot OS BlackArch Linux Security Onion | Kali Linux |
| Which vulnerability scanner tool offers a cloud-based service that performs continuous monitoring, vulnerability management, and compliance checking? w3af Nikto SQLmap Qualys | Qualys |
| Which option is a PowerShell-based post-exploitation tool that can maintain persistence on a compromised system and run PowerShell agents without the need for powershell.exe? Empire Veil Patator Security Onion | Empire |
| Which tool can be used with Metasploit to maintain stealth and avoid detection from security controls implemented by an organization? Veil Empire Patator Security Onion | Veil |
| Which encoding method can secretly exfiltrate confidential data in the payload of DNS packets? Base64 MD5 ASCII HTML | Base64 |
| Which option is a Linux distribution tool for forensic evidence collection? CAINE BeEF Immunity Debugger Metasploit | CAINE |
Created by:
cinnamonbr34d