Unit 6 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which of the following best describes the primary goal of the Executive Summary in a penetration test report?

A. To provide a step-by-step guide on how to patch software vulnerabilities
B. To list every specific command used during the engagement
C. To provide raw scanning logs and exploit code to system administrators
D. To explain the high-level business risks and impact to non-technical stakeholders

2 In the context of communication triggers, what constitutes a Critical Finding that requires immediate notification?

A. Discovering a vulnerability that allows immediate remote code execution on a production server
B. Identifying an outdated version of jQuery with no known exploits
C. Locating a sub-domain that returns a 404 error
D. Finding a server that does not respond to ICMP ping requests

3 Which tool is specifically designed to facilitate collaborative reporting and vulnerability management during a penetration test?

A. Dradis
B. John the Ripper
C. Wireshark
D. Nmap

4 When defining the Communication Path at the start of an engagement, what is the most important information to establish?

A. The preferred font size for the final PDF report
B. The brand of router used by the ISP
C. The specific Linux kernel versions of the targets
D. A contact list with primary and secondary contacts, including emergency numbers

5 Which section of a penetration test report is primarily intended for system administrators and developers?

A. Executive Summary
B. Document Control
C. Statement of Scope
D. Technical Findings and Remediation

6 What is the purpose of the 'Methodology' section in a penetration test report?

A. To describe the approach, standards (e.g., PTES, OWASP), and phases undertaken during the test
B. To provide a biography of the penetration tester
C. To list the prices of the tools used
D. To list the hardware specifications of the tester's laptop

7 When recommending remediation, which of the following is considered a best practice?

A. Providing a prioritized list of fixes based on risk severity
B. Recommending the purchase of the tester's own software product exclusively
C. Telling the client to 'Google the solution'
D. Suggesting the organization takes the server offline permanently

8 What is the primary function of a Proof of Concept (PoC) in a report?

A. To prove that the tester is skilled
B. To show the theoretical math behind an encryption algorithm
C. To demonstrate the existence of a vulnerability with evidence (screenshots, code, logs)
D. To increase the page count of the report

9 Which metric is commonly used in reports to objectively score the severity of a vulnerability?

A. TTL (Time To Live)
B. ROI (Return on Investment)
C. MTBF (Mean Time Between Failures)
D. CVSS (Common Vulnerability Scoring System)

10 What is the definition of 'Cleanup' in the context of post-report delivery activities?

A. Removing all artifacts, shells, user accounts, and tools created or uploaded during the test
B. Deleting the final report from the client's inbox
C. Formatting the tester's hard drive
D. Wiping the client's database to ensure privacy

11 Why is encryption important when delivering the final penetration test report?

A. It compresses the file size significantly
B. It is required by the HTTP protocol
C. The report contains sensitive vulnerability data that could be exploited if intercepted
D. It prevents the client from printing the report

12 In an IoT environment, what is Binwalk primarily used for during the analysis phase?

A. Scanning for open WiFi networks
B. Analyzing and extracting filesystem images from firmware binaries
C. Performing SQL injection on the cloud dashboard
D. Brute-forcing SSH passwords

13 Which of the following describes a 'de-confliction' communication trigger?

A. The tester argues with the client about payment
B. The client notices an attack signature and contacts the tester to confirm it is them
C. The report format conflicts with the printer settings
D. Two penetration testers attack the same IP simultaneously

14 When writing a report, avoiding False Positives is crucial because:

A. They prevent the use of automated scanning tools
B. They are not supported by the CVSS scoring system
C. They make the report file size too large
D. They damage the credibility of the tester and waste the client's resources

15 What is the correct LaTeX representation for a CVSS temporal score calculation where ?

A. // Score = Base x TemporalMetric
B. Score == Base * TemporalMetric
C.
D. Score equals Base times TemporalMetric

16 Which IoT attack vector involves analyzing power consumption or electromagnetic emissions to extract cryptographic keys?

A. Cross-Site Scripting
B. Side-Channel Attack
C. SQL Injection
D. Buffer Overflow

17 Who is the primary audience for the Scope section of the report?

A. The end-users of the application
B. Both technical and management stakeholders
C. The marketing department
D. Only the external auditors

18 Serpico (SimplE RePort wrIting and COllaboration) aids penetration testers by:

A. Decrypting HTTPS traffic
B. Automatically hacking the target
C. Compiling C++ code
D. Generating report templates and managing findings databases

19 Which of the following is an example of an IoT-specific communication protocol that might be analyzed during a test?

A. CSS (Cascading Style Sheets)
B. MQTT (Message Queuing Telemetry Transport)
C. HTML (HyperText Markup Language)
D. PHP (Hypertext Preprocessor)

20 During the presentation of findings, why is it important to begin with the Executive Summary?

A. It allows the tester to avoid answering technical questions
B. It allows the technical staff to leave early
C. It sets the business context before diving into technical minutiae
D. It is the only part of the report that matters

21 What is Retesting (or Verification) in the post-report phase?

A. Testing a different target that wasn't in the original scope
B. Verifying that the client has paid the invoice
C. Testing the fixes implemented by the client to ensure the vulnerabilities are closed
D. Running the exact same scan immediately after the first one

22 If a penetration tester finds default credentials (admin:admin) on an IoT device, how should this be categorized in the report?

A. Not a vulnerability - intended design
B. Informational - no risk
C. Low Risk - hard to guess
D. High/Critical Risk - trivial exploitation

23 Which component is NOT typically part of the Executive Summary?

A. Business Impact Analysis
B. Full Hex Dumps of Network Packets
C. Overall Security Posture
D. Key Recommendations (High Level)

24 What is the UART interface often used for in IoT penetration testing?

A. Displaying 4K video
B. Wireless charging
C. Connecting to the cloud via 5G
D. Serial communication for debugging and root shell access

25 When recommending remediation for a vulnerability that cannot be patched immediately (e.g., legacy system), what should be suggested?

A. Resign from the contract
B. Ignore the risk
C. Delete the data on the server
D. Compensating controls (e.g., network segmentation, firewall rules)

26 Which formatting feature helps improve the readability of technical reports?

A. Using yellow text on a white background
B. Writing the entire report in a single paragraph
C. Using complex vocabulary to sound more intelligent
D. Using a monospaced font for code snippets and command output

27 What is the primary risk associated with JTAG (Joint Test Action Group) ports on IoT devices?

A. They consume too much electricity
B. They are expensive to manufacture
C. They interfere with WiFi signals
D. They allow direct access to the CPU and firmware memory

28 In the context of reporting, what does 'Attribution' refer to?

A. Listing the sources of open-source intelligence used
B. Assigning credit to the penetration tester who found the bug
C. Identifying the specific hacker group responsible for an attack
D. Linking a finding to a specific host, IP, or URL

29 Which of the following is a critical step in post-report delivery?

A. Sending the report to the client's competitors
B. Publicly tweeting the vulnerabilities found
C. Keeping the VPN access open indefinitely
D. Securely destroying client data stored on tester machines according to the retention policy

30 Why should a report include a 'Limitations' section?

A. To document constraints such as time limits, restricted scopes, or fragile systems that affected testing
B. To complain about the client's network speed
C. To list the tools the tester could not afford
D. To explain why the tester is not liable for anything

31 What is the best way to present statistical data regarding findings (e.g., 5 High, 10 Medium, 20 Low)?

A. Hidden metadata in the PDF
B. A long comma-separated string of text
C. A complex algebraic equation
D. Visual charts (Pie charts or Bar graphs)

32 When defining best practices for reports, the tone should be:

A. Humorous and sarcastic
B. Accusatory toward the IT staff
C. Subjective and emotional
D. Objective, professional, and non-judgmental

33 Which tool is commonly used to take screenshots and annotate them for reports?

A. Aircrack-ng
B. Netcat
C. Greenshot or Snagit
D. Metasploit

34 What is a 'Lessons Learned' meeting?

A. A post-engagement meeting to discuss what went well, what didn't, and how to improve future processes
B. A training session for the penetration tester
C. A session to install antivirus software
D. A meeting where the client lectures the tester

35 In IoT security, what does 'Firmware extraction' allow a tester to do?

A. Access the file system to look for hardcoded keys, configuration files, and binaries
B. Physically break the device
C. Bypass the need for electricity
D. Increase the device's Wi-Fi range

36 What is the formula often used to calculate Risk in a report context?

A.
B.
C.
D.

37 Which of the following is an example of an 'Out-of-band' communication method?

A. Using the client's internal chat server
B. Using an encrypted messaging app (Signal) or phone call instead of the client's corporate email
C. Sending an email through the compromised mail server
D. Writing the report in the comments of the client's website

38 What is the primary security concern regarding Zigbee in IoT devices?

A. It requires a fiber optic connection
B. It uses excessive battery power
C. Replay attacks and lack of encryption in older implementations
D. It is too fast for modern computers

39 When presenting findings, what does 'Reproducibility' ensure?

A. That the report can be printed on any printer
B. That the vulnerability happens automatically every day
C. That the vulnerability can never be fixed
D. That the client's technical team can follow the steps to trigger the vulnerability themselves

40 Which section of the report protects the penetration testing firm from legal liability?

A. Tool Output
B. Statement of Scope and Authorization
C. Executive Summary
D. CVSS Calculator

41 What is a 'Living Document' in the context of long-term security engagements?

A. A report written on paper only
B. A video recording of the test
C. A report that is continuously updated as new vulnerabilities are found and fixed (e.g., in Purple Teaming)
D. A document that contains biological viruses

42 Why is it important to version control the report (e.g., v0.1, v1.0)?

A. To track changes between the draft, review, and final release
B. To increase the price of the report
C. To use more hard drive space
D. To confuse the client

43 Which of the following is a Post-Exploitation activity that must be reported?

A. Reading the privacy policy
B. Checking IP address reputation
C. Scanning ports
D. Data exfiltration and lateral movement

44 What is the recommended file format for the final deliverable report?

A. Microsoft Word (.docx) and PDF (.pdf)
B. Proprietary format requiring a paid viewer
C. Plain Text (.txt) only
D. Executable file (.exe)

45 In IoT testing, what is 'SPI' (Serial Peripheral Interface)?

A. Standard Protocol for Internet
B. Security Policy Infrastructure
C. Synchronous Serial Communication interface used for short-distance communication in embedded systems
D. Stateful Packet Inspection

46 What is the primary purpose of the 'Strategic Recommendations' section?

A. To suggest long-term improvements like architecture changes, training, or policy updates
B. To sell hardware
C. To criticize the CEO
D. To list specific code patches

47 Identify the incorrect statement regarding Report Quality Assurance (QA).

A. QA is unnecessary if the tester is senior
B. QA verifies that the severity ratings are consistent
C. QA ensures the findings map to the scope
D. QA should check for grammar and spelling errors

48 If a tester identifies a Zero-Day vulnerability in a third-party vendor product during a test, what is the best practice?

A. Follow Responsible Disclosure guidelines (notify vendor, wait for patch)
B. Ignore it
C. Post it on social media immediately
D. Sell the exploit on the dark web

49 What tool helps organize findings by mapping them to the MITRE ATT&CK framework in reports?

A. Paint
B. Calculator
C. Notepad
D. Vectr

50 When analyzing IoT network traffic, why might Bluetooth Low Energy (BLE) sniffing be required?

A. To decrypt SSL/TLS on the web server
B. To intercept communications between a smartphone app and the IoT device
C. To speed up the internet connection
D. To hack the satellite connection