Unit 1 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the primary objective of the Planning and Scoping phase in penetration testing?

A. To perform active scanning of the network perimeter
B. To exploit known vulnerabilities in the target system
C. To define the rules of engagement, objectives, and boundaries of the test
D. To generate the final report for the stakeholders

2 Which of the following best describes a Black Box penetration test?

A. The tester has partial knowledge, such as user credentials but no network diagrams
B. The tester has zero prior knowledge of the target system, simulating an external attacker
C. The tester works alongside the internal security team to audit systems
D. The tester has full knowledge of the network infrastructure and source code

3 In the context of the CIA Triad, penetration testing primarily seeks to ensure that security controls maintain:

A. Cost, Insurance, and Assessment
B. Control, Identity, and Authorization
C. Confidentiality, Integrity, and Availability
D. Compliance, Inspection, and Auditing

4 Which document is essential to obtain before starting any penetration testing activities to avoid legal liability?

A. Service Level Agreement (SLA)
B. Vulnerability Scan Report
C. Written Authorization (Get Out of Jail Free card)
D. Software License Agreement

5 In a White Box penetration test, which of the following is typically provided to the tester?

A. Physical access badges only
B. Only a URL to the public website
C. Network diagrams, source code, and IP addressing schemes
D. Only the company name

6 What distinguishes a Vulnerability Assessment from a Penetration Test?

A. Vulnerability assessments take longer to complete than penetration tests
B. Vulnerability assessments are manual; penetration tests are automated
C. Vulnerability assessments identify potential flaws; penetration tests attempt to exploit them to verify risk
D. There is no difference; the terms are interchangeable

7 Which regulatory standard applies specifically to organizations handling credit card information?

A. PCI-DSS
B. HIPAA
C. GDPR
D. FERPA

8 According to the PTES (Penetration Testing Execution Standard), which phase immediately follows Pre-engagement Interactions?

A. Intelligence Gathering
B. Exploitation
C. Reporting
D. Post-Exploitation

9 What is the purpose of the Rules of Engagement (RoE) document?

A. To detail the cost and payment terms of the contract
B. To list the specific exploits that will be used
C. To report the findings of the test after completion
D. To define how the test will be conducted, constraints, timeline, and communication channels

10 Which of the following implies a Gray Box testing approach?

A. The tester has Administrator access to all servers
B. The tester has no knowledge of the system
C. The tester audits the physical security of the building only
D. The tester acts as an authenticated user with limited knowledge of the backend

11 When defining Scope, what does the term "Out-of-Scope" refer to?

A. Tools that the tester is not allowed to use
B. Assets or systems that must explicitly not be tested or touched
C. Systems that have critical vulnerabilities
D. Vulnerabilities that cannot be patched

12 Which type of team is responsible for defending the network during a penetration test exercise?

A. White Team
B. Purple Team
C. Red Team
D. Blue Team

13 What is a Purple Team exercise?

A. A collaborative effort where Red and Blue teams work together to improve detection and defense
B. A physical security assessment combined with social engineering
C. A test focused solely on wireless networks
D. A test conducted strictly by government auditors

14 In the context of Risk Management, how is Risk typically calculated conceptually?

A.
B.
C.
D.

15 Which standard is specifically known as the Open Source Security Testing Methodology Manual?

A. OSSTMM
B. ISO 27001
C. OWASP
D. NIST SP 800-115

16 Why is Passive Reconnaissance preferred in the early stages of a stealthy penetration test?

A. It exploits vulnerabilities immediately
B. It involves direct interaction with the target system
C. It relies on public information and does not alert the target's IDS/IPS
D. It generates a large amount of network traffic

17 What is a critical Environmental Consideration when planning a penetration test on a SCADA or Industrial Control System (ICS)?

A. These systems are often fragile; active scanning may cause physical damage or safety hazards
B. These systems are always connected to the internet
C. These systems handle high-speed video streaming
D. These systems are usually robust and can handle heavy scanning traffic

18 Which US regulation requires healthcare organizations to secure Protected Health Information (PHI)?

A. HIPAA
B. FISMA
C. GLBA
D. SOX

19 During the Scoping phase, why is it important to identify Third-Party providers (e.g., Cloud hosts, ISPs)?

A. To ensure they are ignored completely
B. To hack them instead of the client
C. To obtain necessary permission, as testing their infrastructure without consent is illegal
D. To ask them for free software

20 What is the NIST Special Publication that acts as a Technical Guide to Information Security Testing and Assessment?

A. NIST SP 800-37
B. NIST SP 800-115
C. NIST SP 800-30
D. NIST SP 800-53

21 Which test type focuses on the human element of security?

A. Buffer Overflow
B. Network Sniffing
C. Social Engineering
D. SQL Injection

22 In the context of scoping, what is a Blackout Window?

A. A period when the power is turned off
B. A specific time period where no testing is allowed due to critical business operations
C. A tool used to block network traffic
D. The time when Black Box testing is conducted

23 What is the main advantage of an Internal penetration testing team?

A. They have deep contextual knowledge of the organization's culture and systems
B. They are cheaper than automated tools
C. They bring a completely unbiased external perspective
D. They do not require any rules of engagement

24 Which phase involves cleaning up artifacts, removing user accounts created during the test, and restoring settings?

A. Pre-engagement
B. Reconnaissance
C. Post-Exploitation / Restoration
D. Vulnerability Mapping

25 Which organization manages the Common Vulnerability Scoring System (CVSS)?

A. FIRST.org
B. Google
C. FBI
D. NSA

26 If a client requests a penetration test but forbids the use of automated scanners to prevent noise, this constraint is part of:

A. The Rules of Engagement (RoE)
B. The invoice
C. The Post-Mortem
D. The CVSS score

27 Which of the following is an example of Open Source Intelligence (OSINT)?

A. Scanning the target's firewall ports
B. Looking up employee email addresses on LinkedIn
C. Cracking the Wi-Fi password
D. Intercepting internal phone calls

28 What is the difference between Production and Staging environments in the context of scoping?

A. There is no difference
B. Production is for developers; Staging is for customers
C. Staging is more secure than Production
D. Production is live data; Staging is a replica for testing

29 Which legal concept requires the pentester to keep client findings secret?

A. Chain of Custody
B. Statement of Work (SOW)
C. Non-Disclosure Agreement (NDA)
D. Indemnification Clause

30 In the OWASP Top 10, what does OWASP stand for?

A. Open Web Application Security Project
B. Official Wireless Access Security Protocol
C. Organization for Web Authentication and Security Pentesters
D. Online Wide Assessment of Security Procedures

31 What is the primary goal of Physical Penetration Testing?

A. To check if the air conditioning is working
B. To ensure the website loads fast
C. To test the firewall throughput
D. To access the facility, server room, or workstations physically to compromise security

32 Which term describes a limitation where the tester cannot perform Denial of Service (DoS) attacks?

A. Rules of Engagement Constraint
B. Compliance Failure
C. White Box Requirement
D. Scope Creep

33 During the planning phase, defining Communication Paths ensures:

A. The client knows who to contact if the test causes a critical outage
B. The tester can ask the client for passwords
C. The tester can blog about the findings
D. The media is informed of the test

34 What is Scope Creep?

A. A method of physical entry
B. A type of slow network scan
C. The process of analyzing results
D. The gradual expansion of the project's goals or boundaries beyond the original agreement

35 Which testing methodology focuses heavily on the business logic and data flow?

A. Wireless Testing
B. Physical Testing
C. Application Logic Testing
D. Network Layer Testing

36 ISO/IEC 27001 is a standard for:

A. Wireless Encryption
B. Payment Card Processing
C. Medical Record Storage
D. Information Security Management Systems (ISMS)

37 In a Double-Blind test:

A. The test is done twice
B. The tester knows nothing, and the client's security team is unaware of the test
C. Two testers work simultaneously
D. Both the tester and the client know everything

38 What is the Statement of Work (SOW)?

A. A manual for the testing software
B. A formal document defining the timeline, deliverables, and payment for the project
C. A list of vulnerabilities found
D. A code snippet used for exploitation

39 If a pentester discovers evidence of a previous, ongoing criminal compromise during a test, what should they do?

A. Delete the evidence to clean the system
B. Stop the test immediately and notify the client's point of contact
C. Hack the criminal back
D. Include it in the final report next month

40 Which of the following is an example of Active Reconnaissance?

A. Port scanning using Nmap
B. Searching WHOIS records
C. Reading employee blogs
D. Browsing the company website

41 What does FEDRAMP standardize?

A. European data privacy
B. Credit Card processing fees
C. Password complexity rules
D. Security assessment and authorization for cloud products used by US federal agencies

42 Which scanning type identifies open ports and services?

A. Phishing
B. Vulnerability Scanning
C. Social Engineering
D. Port Scanning

43 In the context of the Cyber Kill Chain, which phase corresponds to the actual execution of malicious code on the target?

A. Actions on Objectives
B. Weaponization
C. Exploitation
D. Reconnaissance

44 Why is Shodan a relevant tool in the planning phase?

A. It generates reports
B. It cracks passwords
C. It is a search engine for Internet-connected devices
D. It is a virus scanner

45 What is Lateral Movement?

A. Moving physically from one office to another
B. Escalating privileges on a single machine
C. Exfiltrating data out of the network
D. Moving deeper into a network from a compromised host to access other resources

46 A Targeted Testing approach generally means:

A. Testing without any authorization
B. Testing only on weekends
C. Random testing of all systems
D. The IT team and the pentester work together to test a specific system

47 Which of the following represents a Technical constraint in scoping?

A. Holiday schedules
B. Bandwidth limitations or unstable network connections
C. Legal restrictions
D. Budget limitations

48 What is the primary focus of GDPR compliance testing?

A. Protecting the privacy and personal data of EU citizens
B. Securing medical devices
C. Protecting US Government Data
D. Ensuring credit card transactions are fast

49 When is the Chain of Custody relevant in penetration testing?

A. When ordering lunch
B. When handling physical evidence or forensic data found during a test
C. When writing the invoice
D. When scheduling the test

50 Mathematically, in the CVSS v3.1 equations, the Base Score is a function of:

A.
B.
C.
D.