1 $Which of the following best describes the primary goal of the Executive Summary in a penetration test report?$

A.

To explain the high-level business risks and impact to non-technical stakeholders

B.

To provide raw scanning logs and exploit code to system administrators

C.

To provide a step-by-step guide on how to patch software vulnerabilities

D.

To list every specific command used during the engagement

2 $In the context of communication triggers, what constitutes a Critical Finding that requires immediate notification?$

A.

Locating a sub-domain that returns a 404 error

B.

Identifying an outdated version of jQuery with no known exploits

C.

Discovering a vulnerability that allows immediate remote code execution on a production server

D.

Finding a server that does not respond to ICMP ping requests

3 $Which tool is specifically designed to facilitate collaborative reporting and vulnerability management during a penetration test?$

A.

Wireshark

B.

John the Ripper

C.

Nmap

D.

Dradis

4 $When defining the Communication Path at the start of an engagement, what is the most important information to establish?$

A.

A contact list with primary and secondary contacts, including emergency numbers

B.

The preferred font size for the final PDF report

C.

The brand of router used by the ISP

D.

The specific Linux kernel versions of the targets

5 $Which section of a penetration test report is primarily intended for system administrators and developers?$

A.

Executive Summary

B.

Technical Findings and Remediation

C.

Statement of Scope

D.

Document Control

6 $What is the purpose of the'Methodology' section in a penetration test report?$

A.

To provide a biography of the penetration tester

B.

To list the prices of the tools used

C.

To describe the approach, standards (e.g., PTES, OWASP), and phases undertaken during the test

D.

To list the hardware specifications of the tester's laptop

7 $When recommending remediation, which of the following is considered a best practice ?$

A.

Suggesting the organization takes the server offline permanently

B.

Recommending the purchase of the tester's own software product exclusively

C.

Telling the client to 'Google the solution'

D.

Providing a prioritized list of fixes based on risk severity

8 $What is the primary function of a Proof of Concept (PoC) in a report?$

A.

To show the theoretical math behind an encryption algorithm

B.

To demonstrate the existence of a vulnerability with evidence (screenshots, code, logs)

C.

To increase the page count of the report

D.

To prove that the tester is skilled

9 $Which metric is commonly used in reports to objectively score the severity of a vulnerability?$

A.

MTBF (Mean Time Between Failures)

B.

CVSS (Common Vulnerability Scoring System)

C.

TTL (Time To Live)

D.

ROI (Return on Investment)

10 $What is the definition of'Cleanup' in the context of post-report delivery activities?$

A.

Wiping the client's database to ensure privacy

B.

Deleting the final report from the client's inbox

C.

Removing all artifacts, shells, user accounts, and tools created or uploaded during the test

D.

Formatting the tester's hard drive

11 $Why is encryption important when delivering the final penetration test report?$

A.

It is required by the HTTP protocol

B.

It prevents the client from printing the report

C.

The report contains sensitive vulnerability data that could be exploited if intercepted

D.

It compresses the file size significantly

12 $In an IoT environment, what is Binwalk primarily used for during the analysis phase?$

A.

Brute-forcing SSH passwords

B.

Performing SQL injection on the cloud dashboard

C.

Scanning for open WiFi networks

D.

Analyzing and extracting filesystem images from firmware binaries

13 $Which of the following describes a'de-confliction' communication trigger?$

A.

The client notices an attack signature and contacts the tester to confirm it is them

B.

The tester argues with the client about payment

C.

Two penetration testers attack the same IP simultaneously

D.

The report format conflicts with the printer settings

14 $When writing a report, avoiding False Positives is crucial because:$

A.

They prevent the use of automated scanning tools

B.

They are not supported by the CVSS scoring system

C.

They damage the credibility of the tester and waste the client's resources

D.

They make the report file size too large

15 $What is the correct LaTeX representation for a CVSS temporal score calculation where ?$

A.

Score == Base * TemporalMetric

B.

Score equals Base times TemporalMetric

C.

// Score = Base x TemporalMetric

D.

16 $Which IoT attack vector involves analyzing power consumption or electromagnetic emissions to extract cryptographic keys?$

A.

Buffer Overflow

B.

Cross-Site Scripting

C.

Side-Channel Attack

D.

SQL Injection

17 $Who is the primary audience for the Scope section of the report?$

A.

Both technical and management stakeholders

B.

Only the external auditors

C.

The end-users of the application

D.

The marketing department

18 $Serpico (SimplE RePort wrIting and COllaboration) aids penetration testers by:$

A.

Automatically hacking the target

B.

Decrypting HTTPS traffic

C.

Generating report templates and managing findings databases

D.

Compiling C++ code

19 $Which of the following is an example of an IoT-specific communication protocol that might be analyzed during a test?$

A.

CSS (Cascading Style Sheets)

B.

MQTT (Message Queuing Telemetry Transport)

C.

PHP (Hypertext Preprocessor)

D.

HTML (HyperText Markup Language)

20 $During the presentation of findings, why is it important to begin with the Executive Summary?$

A.

It allows the tester to avoid answering technical questions

B.

It is the only part of the report that matters

C.

It sets the business context before diving into technical minutiae

D.

It allows the technical staff to leave early

21 $What is Retesting (or Verification) in the post-report phase?$

A.

Testing the fixes implemented by the client to ensure the vulnerabilities are closed

B.

Testing a different target that wasn't in the original scope

C.

Running the exact same scan immediately after the first one

D.

Verifying that the client has paid the invoice

22 $If a penetration tester finds default credentials (admin:admin) on an IoT device, how should this be categorized in the report?$

A.

High/Critical Risk - trivial exploitation

B.

Not a vulnerability - intended design

C.

Low Risk - hard to guess

D.

Informational - no risk

23 $Which component is NOT typically part of the Executive Summary?$

A.

Overall Security Posture

B.

Key Recommendations (High Level)

C.

Business Impact Analysis

D.

Full Hex Dumps of Network Packets

24 $What is the UART interface often used for in IoT penetration testing?$

A.

Serial communication for debugging and root shell access

B.

Displaying 4K video

C.

Wireless charging

D.

Connecting to the cloud via 5G

25 $When recommending remediation for a vulnerability that cannot be patched immediately (e.g., legacy system), what should be suggested?$

A.

Compensating controls (e.g., network segmentation, firewall rules)

B.

Ignore the risk

C.

Delete the data on the server

D.

Resign from the contract

26 $Which formatting feature helps improve the readability of technical reports?$

A.

Using a monospaced font for code snippets and command output

B.

Using yellow text on a white background

C.

Using complex vocabulary to sound more intelligent

D.

Writing the entire report in a single paragraph

27 $What is the primary risk associated with JTAG (Joint Test Action Group) ports on IoT devices?$

A.

They interfere with WiFi signals

B.

They are expensive to manufacture

C.

They consume too much electricity

D.

They allow direct access to the CPU and firmware memory

28 $In the context of reporting, what does'Attribution' refer to?$

A.

Assigning credit to the penetration tester who found the bug

B.

Linking a finding to a specific host, IP, or URL

C.

Identifying the specific hacker group responsible for an attack

D.

Listing the sources of open-source intelligence used

29 $Which of the following is a critical step in post-report delivery ?$

A.

Publicly tweeting the vulnerabilities found

B.

Keeping the VPN access open indefinitely

C.

Securely destroying client data stored on tester machines according to the retention policy

D.

Sending the report to the client's competitors

30 $Why should a report include a'Limitations' section?$

A.

To complain about the client's network speed

B.

To list the tools the tester could not afford

C.

To document constraints such as time limits, restricted scopes, or fragile systems that affected testing

D.

To explain why the tester is not liable for anything

31 $What is the best way to present statistical data regarding findings (e.g., 5 High, 10 Medium, 20 Low)?$

A.

Hidden metadata in the PDF

B.

Visual charts (Pie charts or Bar graphs)

C.

A long comma-separated string of text

D.

A complex algebraic equation

32 $When defining best practices for reports, the tone should be:$

A.

Humorous and sarcastic

B.

Objective, professional, and non-judgmental

C.

Subjective and emotional

D.

Accusatory toward the IT staff

33 $Which tool is commonly used to take screenshots and annotate them for reports?$

A.

Greenshot or Snagit

B.

Metasploit

C.

Aircrack-ng

D.

Netcat

34 $What is a'Lessons Learned' meeting?$

A.

A meeting where the client lectures the tester

B.

A training session for the penetration tester

C.

A session to install antivirus software

D.

A post-engagement meeting to discuss what went well, what didn't, and how to improve future processes

35 $In IoT security, what does'Firmware extraction' allow a tester to do?$

A.

Bypass the need for electricity

B.

Access the file system to look for hardcoded keys, configuration files, and binaries

C.

Increase the device's Wi-Fi range

D.

Physically break the device

36 $What is the formula often used to calculate Risk in a report context?$

A.

B.

C.

D.

37 $Which of the following is an example of an'Out-of-band' communication method?$

A.

Sending an email through the compromised mail server

B.

Using an encrypted messaging app (Signal) or phone call instead of the client's corporate email

C.

Using the client's internal chat server

D.

Writing the report in the comments of the client's website

38 $What is the primary security concern regarding Zigbee in IoT devices?$

A.

It is too fast for modern computers

B.

It uses excessive battery power

C.

It requires a fiber optic connection

D.

Replay attacks and lack of encryption in older implementations

39 $When presenting findings, what does'Reproducibility' ensure?$

A.

That the client's technical team can follow the steps to trigger the vulnerability themselves

B.

That the vulnerability happens automatically every day

C.

That the report can be printed on any printer

D.

That the vulnerability can never be fixed

40 $Which section of the report protects the penetration testing firm from legal liability ?$

A.

Tool Output

B.

CVSS Calculator

C.

Executive Summary

D.

Statement of Scope and Authorization

41 $What is a'Living Document' in the context of long-term security engagements?$

A.

A video recording of the test

B.

A report that is continuously updated as new vulnerabilities are found and fixed (e.g., in Purple Teaming)

C.

A report written on paper only

D.

A document that contains biological viruses

42 $Why is it important to version control the report (e.g., v0.1, v1.0)?$

A.

To increase the price of the report

B.

To track changes between the draft, review, and final release

C.

To confuse the client

D.

To use more hard drive space

43 $Which of the following is a Post-Exploitation activity that must be reported?$

A.

Scanning ports

B.

Checking IP address reputation

C.

Reading the privacy policy

D.

Data exfiltration and lateral movement

44 $What is the recommended file format for the final deliverable report?$

A.

Executable file (.exe)

B.

Microsoft Word (.docx) and PDF (.pdf)

C.

Proprietary format requiring a paid viewer

D.

Plain Text (.txt) only

45 $In IoT testing, what is'SPI' (Serial Peripheral Interface)?$

A.

Stateful Packet Inspection

B.

Synchronous Serial Communication interface used for short-distance communication in embedded systems

C.

Security Policy Infrastructure

D.

Standard Protocol for Internet

46 $What is the primary purpose of the'Strategic Recommendations' section?$

A.

To suggest long-term improvements like architecture changes, training, or policy updates

B.

To criticize the CEO

C.

To list specific code patches

D.

To sell hardware

47 $Identify the incorrect statement regarding Report Quality Assurance (QA) .$

A.

QA ensures the findings map to the scope

B.

QA is unnecessary if the tester is senior

C.

QA verifies that the severity ratings are consistent

D.

QA should check for grammar and spelling errors

48 $If a tester identifies a Zero-Day vulnerability in a third-party vendor product during a test, what is the best practice?$

A.

Follow Responsible Disclosure guidelines (notify vendor, wait for patch)

B.

Sell the exploit on the dark web

C.

Ignore it

D.

Post it on social media immediately

49 $What tool helps organize findings by mapping them to the MITRE ATT&CK framework in reports?$

A.

Paint

B.

Calculator

C.

Vectr

D.

Notepad

50 $When analyzing IoT network traffic, why might Bluetooth Low Energy (BLE) sniffing be required?$

A.

To speed up the internet connection

B.

To decrypt SSL/TLS on the web server

C.

To hack the satellite connection

D.

To intercept communications between a smartphone app and the IoT device

Unit 6 - Practice Quiz