1 $Which of the following best describes the primary goal of the Executive Summary in a penetration test report?$

A.

To provide raw scanning logs and exploit code to system administrators

B.

To explain the high-level business risks and impact to non-technical stakeholders

C.

To list every specific command used during the engagement

D.

To provide a step-by-step guide on how to patch software vulnerabilities

2 $In the context of communication triggers, what constitutes a Critical Finding that requires immediate notification?$

A.

Identifying an outdated version of jQuery with no known exploits

B.

Discovering a vulnerability that allows immediate remote code execution on a production server

C.

Finding a server that does not respond to ICMP ping requests

D.

Locating a sub-domain that returns a 404 error

3 $Which tool is specifically designed to facilitate collaborative reporting and vulnerability management during a penetration test?$

A.

Nmap

B.

Wireshark

C.

Dradis

D.

John the Ripper

4 $When defining the Communication Path at the start of an engagement, what is the most important information to establish?$

A.

The specific Linux kernel versions of the targets

B.

A contact list with primary and secondary contacts, including emergency numbers

C.

The preferred font size for the final PDF report

D.

The brand of router used by the ISP

5 $Which section of a penetration test report is primarily intended for system administrators and developers?$

A.

Executive Summary

B.

Statement of Scope

C.

Technical Findings and Remediation

D.

Document Control

6 $What is the purpose of the'Methodology' section in a penetration test report?$

A.

To list the prices of the tools used

B.

To describe the approach, standards (e.g., PTES, OWASP), and phases undertaken during the test

C.

To provide a biography of the penetration tester

D.

To list the hardware specifications of the tester's laptop

7 $When recommending remediation, which of the following is considered a best practice ?$

A.

Suggesting the organization takes the server offline permanently

B.

Providing a prioritized list of fixes based on risk severity

C.

Telling the client to 'Google the solution'

D.

Recommending the purchase of the tester's own software product exclusively

8 $What is the primary function of a Proof of Concept (PoC) in a report?$

A.

To prove that the tester is skilled

B.

To increase the page count of the report

C.

To demonstrate the existence of a vulnerability with evidence (screenshots, code, logs)

D.

To show the theoretical math behind an encryption algorithm

9 $Which metric is commonly used in reports to objectively score the severity of a vulnerability?$

A.

MTBF (Mean Time Between Failures)

B.

CVSS (Common Vulnerability Scoring System)

C.

ROI (Return on Investment)

D.

TTL (Time To Live)

10 $What is the definition of'Cleanup' in the context of post-report delivery activities?$

A.

Deleting the final report from the client's inbox

B.

Removing all artifacts, shells, user accounts, and tools created or uploaded during the test

C.

Wiping the client's database to ensure privacy

D.

Formatting the tester's hard drive

11 $Why is encryption important when delivering the final penetration test report?$

A.

It compresses the file size significantly

B.

It is required by the HTTP protocol

C.

The report contains sensitive vulnerability data that could be exploited if intercepted

D.

It prevents the client from printing the report

12 $In an IoT environment, what is Binwalk primarily used for during the analysis phase?$

A.

Brute-forcing SSH passwords

B.

Analyzing and extracting filesystem images from firmware binaries

C.

Scanning for open WiFi networks

D.

Performing SQL injection on the cloud dashboard

13 $Which of the following describes a'de-confliction' communication trigger?$

A.

The client notices an attack signature and contacts the tester to confirm it is them

B.

The tester argues with the client about payment

C.

Two penetration testers attack the same IP simultaneously

D.

The report format conflicts with the printer settings

14 $When writing a report, avoiding False Positives is crucial because:$

A.

They make the report file size too large

B.

They damage the credibility of the tester and waste the client's resources

C.

They are not supported by the CVSS scoring system

D.

They prevent the use of automated scanning tools

15 $What is the correct LaTeX representation for a CVSS temporal score calculation where ?$

A.

Score equals Base times TemporalMetric

B.

C.

Score == Base * TemporalMetric

D.

// Score = Base x TemporalMetric

16 $Which IoT attack vector involves analyzing power consumption or electromagnetic emissions to extract cryptographic keys?$

A.

Buffer Overflow

B.

SQL Injection

C.

Side-Channel Attack

D.

Cross-Site Scripting

17 $Who is the primary audience for the Scope section of the report?$

A.

The marketing department

B.

Both technical and management stakeholders

C.

Only the external auditors

D.

The end-users of the application

18 $Serpico (SimplE RePort wrIting and COllaboration) aids penetration testers by:$

A.

Automatically hacking the target

B.

Generating report templates and managing findings databases

C.

Decrypting HTTPS traffic

D.

Compiling C++ code

19 $Which of the following is an example of an IoT-specific communication protocol that might be analyzed during a test?$

A.

MQTT (Message Queuing Telemetry Transport)

B.

HTML (HyperText Markup Language)

C.

CSS (Cascading Style Sheets)

D.

PHP (Hypertext Preprocessor)

20 $During the presentation of findings, why is it important to begin with the Executive Summary?$

A.

It allows the technical staff to leave early

B.

It sets the business context before diving into technical minutiae

C.

It is the only part of the report that matters

D.

It allows the tester to avoid answering technical questions

21 $What is Retesting (or Verification) in the post-report phase?$

A.

Running the exact same scan immediately after the first one

B.

Verifying that the client has paid the invoice

C.

Testing the fixes implemented by the client to ensure the vulnerabilities are closed

D.

Testing a different target that wasn't in the original scope

22 $If a penetration tester finds default credentials (admin:admin) on an IoT device, how should this be categorized in the report?$

A.

Informational - no risk

B.

Low Risk - hard to guess

C.

High/Critical Risk - trivial exploitation

D.

Not a vulnerability - intended design

23 $Which component is NOT typically part of the Executive Summary?$

A.

Overall Security Posture

B.

Key Recommendations (High Level)

C.

Business Impact Analysis

D.

Full Hex Dumps of Network Packets

24 $What is the UART interface often used for in IoT penetration testing?$

A.

Wireless charging

B.

Serial communication for debugging and root shell access

C.

Displaying 4K video

D.

Connecting to the cloud via 5G

25 $When recommending remediation for a vulnerability that cannot be patched immediately (e.g., legacy system), what should be suggested?$

A.

Ignore the risk

B.

Compensating controls (e.g., network segmentation, firewall rules)

C.

Resign from the contract

D.

Delete the data on the server

26 $Which formatting feature helps improve the readability of technical reports?$

A.

Writing the entire report in a single paragraph

B.

Using a monospaced font for code snippets and command output

C.

Using yellow text on a white background

D.

Using complex vocabulary to sound more intelligent

27 $What is the primary risk associated with JTAG (Joint Test Action Group) ports on IoT devices?$

A.

They consume too much electricity

B.

They allow direct access to the CPU and firmware memory

C.

They interfere with WiFi signals

D.

They are expensive to manufacture

28 $In the context of reporting, what does'Attribution' refer to?$

A.

Identifying the specific hacker group responsible for an attack

B.

Assigning credit to the penetration tester who found the bug

C.

Listing the sources of open-source intelligence used

D.

Linking a finding to a specific host, IP, or URL

29 $Which of the following is a critical step in post-report delivery ?$

A.

Publicly tweeting the vulnerabilities found

B.

Securely destroying client data stored on tester machines according to the retention policy

C.

Sending the report to the client's competitors

D.

Keeping the VPN access open indefinitely

30 $Why should a report include a'Limitations' section?$

A.

To complain about the client's network speed

B.

To document constraints such as time limits, restricted scopes, or fragile systems that affected testing

C.

To explain why the tester is not liable for anything

D.

To list the tools the tester could not afford

31 $What is the best way to present statistical data regarding findings (e.g., 5 High, 10 Medium, 20 Low)?$

A.

A long comma-separated string of text

B.

Visual charts (Pie charts or Bar graphs)

C.

A complex algebraic equation

D.

Hidden metadata in the PDF

32 $When defining best practices for reports, the tone should be:$

A.

Subjective and emotional

B.

Objective, professional, and non-judgmental

C.

Accusatory toward the IT staff

D.

Humorous and sarcastic

33 $Which tool is commonly used to take screenshots and annotate them for reports?$

A.

Netcat

B.

Greenshot or Snagit

C.

Metasploit

D.

Aircrack-ng

34 $What is a'Lessons Learned' meeting?$

A.

A training session for the penetration tester

B.

A post-engagement meeting to discuss what went well, what didn't, and how to improve future processes

C.

A meeting where the client lectures the tester

D.

A session to install antivirus software

35 $In IoT security, what does'Firmware extraction' allow a tester to do?$

A.

Physically break the device

B.

Access the file system to look for hardcoded keys, configuration files, and binaries

C.

Increase the device's Wi-Fi range

D.

Bypass the need for electricity

36 $What is the formula often used to calculate Risk in a report context?$

A.

B.

C.

D.

37 $Which of the following is an example of an'Out-of-band' communication method?$

A.

Sending an email through the compromised mail server

B.

Using an encrypted messaging app (Signal) or phone call instead of the client's corporate email

C.

Writing the report in the comments of the client's website

D.

Using the client's internal chat server

38 $What is the primary security concern regarding Zigbee in IoT devices?$

A.

It is too fast for modern computers

B.

It uses excessive battery power

C.

Replay attacks and lack of encryption in older implementations

D.

It requires a fiber optic connection

39 $When presenting findings, what does'Reproducibility' ensure?$

A.

That the report can be printed on any printer

B.

That the client's technical team can follow the steps to trigger the vulnerability themselves

C.

That the vulnerability can never be fixed

D.

That the vulnerability happens automatically every day

40 $Which section of the report protects the penetration testing firm from legal liability ?$

A.

Executive Summary

B.

Statement of Scope and Authorization

C.

Tool Output

D.

CVSS Calculator

41 $What is a'Living Document' in the context of long-term security engagements?$

A.

A document that contains biological viruses

B.

A report that is continuously updated as new vulnerabilities are found and fixed (e.g., in Purple Teaming)

C.

A video recording of the test

D.

A report written on paper only

42 $Why is it important to version control the report (e.g., v0.1, v1.0)?$

A.

To track changes between the draft, review, and final release

B.

To increase the price of the report

C.

To confuse the client

D.

To use more hard drive space

43 $Which of the following is a Post-Exploitation activity that must be reported?$

A.

Scanning ports

B.

Data exfiltration and lateral movement

C.

Checking IP address reputation

D.

Reading the privacy policy

44 $What is the recommended file format for the final deliverable report?$

A.

Plain Text (.txt) only

B.

Microsoft Word (.docx) and PDF (.pdf)

C.

Proprietary format requiring a paid viewer

D.

Executable file (.exe)

45 $In IoT testing, what is'SPI' (Serial Peripheral Interface)?$

A.

Stateful Packet Inspection

B.

Synchronous Serial Communication interface used for short-distance communication in embedded systems

C.

Security Policy Infrastructure

D.

Standard Protocol for Internet

46 $What is the primary purpose of the'Strategic Recommendations' section?$

A.

To list specific code patches

B.

To suggest long-term improvements like architecture changes, training, or policy updates

C.

To sell hardware

D.

To criticize the CEO

47 $Identify the incorrect statement regarding Report Quality Assurance (QA) .$

A.

QA should check for grammar and spelling errors

B.

QA ensures the findings map to the scope

C.

QA is unnecessary if the tester is senior

D.

QA verifies that the severity ratings are consistent

48 $If a tester identifies a Zero-Day vulnerability in a third-party vendor product during a test, what is the best practice?$

A.

Post it on social media immediately

B.

Follow Responsible Disclosure guidelines (notify vendor, wait for patch)

C.

Sell the exploit on the dark web

D.

Ignore it

49 $What tool helps organize findings by mapping them to the MITRE ATT&CK framework in reports?$

A.

Vectr

B.

Notepad

C.

Calculator

D.

Paint

50 $When analyzing IoT network traffic, why might Bluetooth Low Energy (BLE) sniffing be required?$

A.

To intercept communications between a smartphone app and the IoT device

B.

To hack the satellite connection

C.

To speed up the internet connection

D.

To decrypt SSL/TLS on the web server

Unit 6 - Practice Quiz