1 $Which of the following best describes the primary goal of the Executive Summary in a penetration test report?$

A.

To list every specific command used during the engagement

B.

To provide a step-by-step guide on how to patch software vulnerabilities

C.

To provide raw scanning logs and exploit code to system administrators

D.

To explain the high-level business risks and impact to non-technical stakeholders

2 $In the context of communication triggers, what constitutes a Critical Finding that requires immediate notification?$

A.

Locating a sub-domain that returns a 404 error

B.

Finding a server that does not respond to ICMP ping requests

C.

Discovering a vulnerability that allows immediate remote code execution on a production server

D.

Identifying an outdated version of jQuery with no known exploits

3 $Which tool is specifically designed to facilitate collaborative reporting and vulnerability management during a penetration test?$

A.

Nmap

B.

Dradis

C.

John the Ripper

D.

Wireshark

4 $When defining the Communication Path at the start of an engagement, what is the most important information to establish?$

A.

The preferred font size for the final PDF report

B.

A contact list with primary and secondary contacts, including emergency numbers

C.

The brand of router used by the ISP

D.

The specific Linux kernel versions of the targets

5 $Which section of a penetration test report is primarily intended for system administrators and developers?$

A.

Technical Findings and Remediation

B.

Statement of Scope

C.

Executive Summary

D.

Document Control

6 $What is the purpose of the'Methodology' section in a penetration test report?$

A.

To provide a biography of the penetration tester

B.

To list the prices of the tools used

C.

To describe the approach, standards (e.g., PTES, OWASP), and phases undertaken during the test

D.

To list the hardware specifications of the tester's laptop

7 $When recommending remediation, which of the following is considered a best practice ?$

A.

Telling the client to 'Google the solution'

B.

Providing a prioritized list of fixes based on risk severity

C.

Suggesting the organization takes the server offline permanently

D.

Recommending the purchase of the tester's own software product exclusively

8 $What is the primary function of a Proof of Concept (PoC) in a report?$

A.

To show the theoretical math behind an encryption algorithm

B.

To demonstrate the existence of a vulnerability with evidence (screenshots, code, logs)

C.

To prove that the tester is skilled

D.

To increase the page count of the report

9 $Which metric is commonly used in reports to objectively score the severity of a vulnerability?$

A.

MTBF (Mean Time Between Failures)

B.

ROI (Return on Investment)

C.

TTL (Time To Live)

D.

CVSS (Common Vulnerability Scoring System)

10 $What is the definition of'Cleanup' in the context of post-report delivery activities?$

A.

Deleting the final report from the client's inbox

B.

Formatting the tester's hard drive

C.

Wiping the client's database to ensure privacy

D.

Removing all artifacts, shells, user accounts, and tools created or uploaded during the test

11 $Why is encryption important when delivering the final penetration test report?$

A.

It compresses the file size significantly

B.

It prevents the client from printing the report

C.

The report contains sensitive vulnerability data that could be exploited if intercepted

D.

It is required by the HTTP protocol

12 $In an IoT environment, what is Binwalk primarily used for during the analysis phase?$

A.

Brute-forcing SSH passwords

B.

Analyzing and extracting filesystem images from firmware binaries

C.

Performing SQL injection on the cloud dashboard

D.

Scanning for open WiFi networks

13 $Which of the following describes a'de-confliction' communication trigger?$

A.

Two penetration testers attack the same IP simultaneously

B.

The client notices an attack signature and contacts the tester to confirm it is them

C.

The report format conflicts with the printer settings

D.

The tester argues with the client about payment

14 $When writing a report, avoiding False Positives is crucial because:$

A.

They prevent the use of automated scanning tools

B.

They damage the credibility of the tester and waste the client's resources

C.

They make the report file size too large

D.

They are not supported by the CVSS scoring system

15 $What is the correct LaTeX representation for a CVSS temporal score calculation where ?$

A.

// Score = Base x TemporalMetric

B.

Score == Base * TemporalMetric

C.

D.

Score equals Base times TemporalMetric

16 $Which IoT attack vector involves analyzing power consumption or electromagnetic emissions to extract cryptographic keys?$

A.

Cross-Site Scripting

B.

Buffer Overflow

C.

SQL Injection

D.

Side-Channel Attack

17 $Who is the primary audience for the Scope section of the report?$

A.

The end-users of the application

B.

Both technical and management stakeholders

C.

Only the external auditors

D.

The marketing department

18 $Serpico (SimplE RePort wrIting and COllaboration) aids penetration testers by:$

A.

Compiling C++ code

B.

Automatically hacking the target

C.

Generating report templates and managing findings databases

D.

Decrypting HTTPS traffic

19 $Which of the following is an example of an IoT-specific communication protocol that might be analyzed during a test?$

A.

CSS (Cascading Style Sheets)

B.

HTML (HyperText Markup Language)

C.

PHP (Hypertext Preprocessor)

D.

MQTT (Message Queuing Telemetry Transport)

20 $During the presentation of findings, why is it important to begin with the Executive Summary?$

A.

It is the only part of the report that matters

B.

It allows the tester to avoid answering technical questions

C.

It sets the business context before diving into technical minutiae

D.

It allows the technical staff to leave early

21 $What is Retesting (or Verification) in the post-report phase?$

A.

Running the exact same scan immediately after the first one

B.

Testing a different target that wasn't in the original scope

C.

Verifying that the client has paid the invoice

D.

Testing the fixes implemented by the client to ensure the vulnerabilities are closed

22 $If a penetration tester finds default credentials (admin:admin) on an IoT device, how should this be categorized in the report?$

A.

High/Critical Risk - trivial exploitation

B.

Low Risk - hard to guess

C.

Informational - no risk

D.

Not a vulnerability - intended design

23 $Which component is NOT typically part of the Executive Summary?$

A.

Overall Security Posture

B.

Full Hex Dumps of Network Packets

C.

Business Impact Analysis

D.

Key Recommendations (High Level)

24 $What is the UART interface often used for in IoT penetration testing?$

A.

Serial communication for debugging and root shell access

B.

Connecting to the cloud via 5G

C.

Displaying 4K video

D.

Wireless charging

25 $When recommending remediation for a vulnerability that cannot be patched immediately (e.g., legacy system), what should be suggested?$

A.

Resign from the contract

B.

Compensating controls (e.g., network segmentation, firewall rules)

C.

Ignore the risk

D.

Delete the data on the server

26 $Which formatting feature helps improve the readability of technical reports?$

A.

Using complex vocabulary to sound more intelligent

B.

Using yellow text on a white background

C.

Writing the entire report in a single paragraph

D.

Using a monospaced font for code snippets and command output

27 $What is the primary risk associated with JTAG (Joint Test Action Group) ports on IoT devices?$

A.

They interfere with WiFi signals

B.

They allow direct access to the CPU and firmware memory

C.

They are expensive to manufacture

D.

They consume too much electricity

28 $In the context of reporting, what does'Attribution' refer to?$

A.

Assigning credit to the penetration tester who found the bug

B.

Listing the sources of open-source intelligence used

C.

Linking a finding to a specific host, IP, or URL

D.

Identifying the specific hacker group responsible for an attack

29 $Which of the following is a critical step in post-report delivery ?$

A.

Publicly tweeting the vulnerabilities found

B.

Sending the report to the client's competitors

C.

Securely destroying client data stored on tester machines according to the retention policy

D.

Keeping the VPN access open indefinitely

30 $Why should a report include a'Limitations' section?$

A.

To document constraints such as time limits, restricted scopes, or fragile systems that affected testing

B.

To complain about the client's network speed

C.

To list the tools the tester could not afford

D.

To explain why the tester is not liable for anything

31 $What is the best way to present statistical data regarding findings (e.g., 5 High, 10 Medium, 20 Low)?$

A.

Visual charts (Pie charts or Bar graphs)

B.

Hidden metadata in the PDF

C.

A long comma-separated string of text

D.

A complex algebraic equation

32 $When defining best practices for reports, the tone should be:$

A.

Humorous and sarcastic

B.

Subjective and emotional

C.

Objective, professional, and non-judgmental

D.

Accusatory toward the IT staff

33 $Which tool is commonly used to take screenshots and annotate them for reports?$

A.

Aircrack-ng

B.

Netcat

C.

Metasploit

D.

Greenshot or Snagit

34 $What is a'Lessons Learned' meeting?$

A.

A meeting where the client lectures the tester

B.

A post-engagement meeting to discuss what went well, what didn't, and how to improve future processes

C.

A session to install antivirus software

D.

A training session for the penetration tester

35 $In IoT security, what does'Firmware extraction' allow a tester to do?$

A.

Increase the device's Wi-Fi range

B.

Physically break the device

C.

Access the file system to look for hardcoded keys, configuration files, and binaries

D.

Bypass the need for electricity

36 $What is the formula often used to calculate Risk in a report context?$

A.

B.

C.

D.

37 $Which of the following is an example of an'Out-of-band' communication method?$

A.

Writing the report in the comments of the client's website

B.

Using an encrypted messaging app (Signal) or phone call instead of the client's corporate email

C.

Sending an email through the compromised mail server

D.

Using the client's internal chat server

38 $What is the primary security concern regarding Zigbee in IoT devices?$

A.

It is too fast for modern computers

B.

It uses excessive battery power

C.

It requires a fiber optic connection

D.

Replay attacks and lack of encryption in older implementations

39 $When presenting findings, what does'Reproducibility' ensure?$

A.

That the report can be printed on any printer

B.

That the vulnerability happens automatically every day

C.

That the client's technical team can follow the steps to trigger the vulnerability themselves

D.

That the vulnerability can never be fixed

40 $Which section of the report protects the penetration testing firm from legal liability ?$

A.

Statement of Scope and Authorization

B.

Executive Summary

C.

CVSS Calculator

D.

Tool Output

41 $What is a'Living Document' in the context of long-term security engagements?$

A.

A report that is continuously updated as new vulnerabilities are found and fixed (e.g., in Purple Teaming)

B.

A document that contains biological viruses

C.

A video recording of the test

D.

A report written on paper only

42 $Why is it important to version control the report (e.g., v0.1, v1.0)?$

A.

To track changes between the draft, review, and final release

B.

To use more hard drive space

C.

To confuse the client

D.

To increase the price of the report

43 $Which of the following is a Post-Exploitation activity that must be reported?$

A.

Data exfiltration and lateral movement

B.

Reading the privacy policy

C.

Checking IP address reputation

D.

Scanning ports

44 $What is the recommended file format for the final deliverable report?$

A.

Microsoft Word (.docx) and PDF (.pdf)

B.

Proprietary format requiring a paid viewer

C.

Plain Text (.txt) only

D.

Executable file (.exe)

45 $In IoT testing, what is'SPI' (Serial Peripheral Interface)?$

A.

Stateful Packet Inspection

B.

Standard Protocol for Internet

C.

Synchronous Serial Communication interface used for short-distance communication in embedded systems

D.

Security Policy Infrastructure

46 $What is the primary purpose of the'Strategic Recommendations' section?$

A.

To criticize the CEO

B.

To list specific code patches

C.

To suggest long-term improvements like architecture changes, training, or policy updates

D.

To sell hardware

47 $Identify the incorrect statement regarding Report Quality Assurance (QA) .$

A.

QA should check for grammar and spelling errors

B.

QA ensures the findings map to the scope

C.

QA is unnecessary if the tester is senior

D.

QA verifies that the severity ratings are consistent

48 $If a tester identifies a Zero-Day vulnerability in a third-party vendor product during a test, what is the best practice?$

A.

Follow Responsible Disclosure guidelines (notify vendor, wait for patch)

B.

Ignore it

C.

Post it on social media immediately

D.

Sell the exploit on the dark web

49 $What tool helps organize findings by mapping them to the MITRE ATT&CK framework in reports?$

A.

Paint

B.

Vectr

C.

Calculator

D.

Notepad

50 $When analyzing IoT network traffic, why might Bluetooth Low Energy (BLE) sniffing be required?$

A.

To speed up the internet connection

B.

To intercept communications between a smartphone app and the IoT device

C.

To decrypt SSL/TLS on the web server

D.

To hack the satellite connection

Unit 6 - Practice Quiz