Review Questions
1. What is the purpose of a pen test?
A. To simulate methods that intruders take to gain escalated privileges
B. To see if you can get confidential network data
C. To test the security posture and policies and procedures of an organization
D. To get passwords
2. Security assessment categories include which of the following? (Choose all that apply.)
A. White-hat assessments
B. Vulnerability assessments
C. Penetration testing
D. Security audits
E. Black-hat assessments
3. What type of testing is the best option for an organization that can benefit from the experi-
ence of a security professional?
A. Automated testing tools
B. White-hat and black-hat testing
C. Manual testing
D. Automated testing
4. Which type of audit tests the security implementation and access controls in an organization?
A. A firewall test
B. A penetration test
C. An asset audit
D. A systems audit
5. What is the objective of ethical hacking from the hacker’s prospective?
A. Determine the security posture of the organization
B. Find and penetrate invalid parameters
C. Find and steal available system resources
D. Leave marks on the network to prove they gained access
6. What is the first step of a pen test?
A. Create a map of the network by scanning.
B. Locate the remote access connections to the network.
C. Sign a scope of work, NDA, and liability release document with the client.
D. Perform a physical security audit to ensure the physical site is secure.
7. Which tools are not essential in a pen tester’s toolbox?
A. Password crackers
B. Port scanning tools
C. Vulnerability scanning tools
D. Web testing tools
E. Database assessment tools
F. None of the above
8. What are not the results to be expected from a preattack passive reconnaissance phase?
(Choose all that apply.)
A. Directory mapping
B. Competitive intelligence gathering
C. Asset classification
D. Acquiring the target
E. Product/service offerings
F. Executing, implanting, and retracting
G. Social engineering
9. Once the target has been acquired, what is the next step for a company that wants to confirm
the vulnerability was exploited? (Choose all that apply.)
A. Use tools that will exploit a vulnerability and leave a mark.
B. Create a report that tells management where the vulnerability exists.
C. Escalate privileges on a vulnerable system.
D. Execute a command on a vulnerable system to communicate to another system on the
network and leave a mark.
10. An assessment report for management may include which of the following? (Choose all
that apply.)
A. Suggested fixes or corrective measures.
B. Names of persons responsible for security.
C. Extensive step by step countermeasures.
D. Findings of the penetration test.
11. What makes penetration testing different from hacking?
A. The tools in use
B. The location of the attack
C. Permission from the owner
D. Malicious intent
12. What documents should be signed prior to beginning a pen test? (Choose two.)
A. Liability release
B. Nondisclosure agreement
C. Hold harmless agreement
D. Contract agreement
13. What is another name for a pen test?
A. Compliance audit
B. Network audit
C. Security audit
D. Validation audit
14. What is the first part of the pen testing report?
A. Findings
B. Remediation
C. Compliance
D. Executive summary
15. What is a type of security assessment in which the test is performed as if the tester were an
employee working from within the organization?
A. Internal assessment
B. Black hat testing
C. Full-knowledge test
D. Organization audit
16. Which type of test involves a higher risk of encountering unexpected problems?
A. White-hat test
B. Black-hat test
C. Grey-hat test
D. Internal assessment
17. What is one reason to outsource a pen test?
A. Specific audit requirements
B. Less risky
C. More findings
D. Effective countermeasures
18. In which phase of a pen test is scanning performed?
A. Preattack phase
B. Information gathering phase
C. Attack phase
D. Fingerprinting phase
19. Which component of a pen testing scope of work defines actions to be taken in the event of
a serious service disruption?
A. Service requirements
B. Service-level agreement (SLA)
C. Minimum performance levels
D. Failback plan
20. Which automated pen testing tool can identify networked devices on the network, including
desktops, servers, routers/switches, firewalls, security devices, and application routers?
A. ISS Internet Scanner
B. Core Impact
C. Retina
D. Nessus
Answers to Review Questions
1. C. A penetration test is designed to test the overall security posture of an organization and
to see if it responds according to the security policies.
2. B, C, D. Security assessments can consist of security audits, vulnerability assessments, or
penetration testing.
3. C. Manual testing is best, because knowledgeable security professionals can plan, test
designs, and do diligent documentation to capture test results.
4. B. A penetration test produces a report of findings on the security posture of an organization.
5. A. An ethical hacker is trying to determine the security posture of the organization.
6. C. The first step of a pen test should always be to have the client sign a scope of work,
NDA, and liability release document.
7. F. All these tools must be used to discover vulnerabilities in an effective security assessment.
8. D, F. Acquiring the target and executing, implanting, and retracting are part of the active
reconnaissance preattack phase.
9. A, D. The next step after target acquisition is to use tools that will exploit a vulnerability
and leave a mark or execute a command on a vulnerable system to communicate to another
system on the network and leave a mark.
10. A, D. An assessment will include findings of the penetration test and may also include cor-
rective suggestions to fix the vulnerability.
11. C. Permission from the owner is the difference in hacking and pen testing.
12. A, B. A pen tester should have the client sign a liability release, a scope of work, and a non-
disclosure agreement prior to beginning the test.
13. C. Security audits are another name for pen tests.
14. D. An executive summary should be the first part of a pen testing report.
15. A. An internal assessment is performed on the network from within the organization, with
the tester acting as an employee with some access to the network.
16. B. A black-hat penetration test usually involves a higher risk of encountering unexpected
problems. The team is advised to make contingency plans in order to effectively utilize time
and resources.
17. A. You can outsource your penetration test if you don’t have qualified or experienced tes-
ters or if you’re required to perform a specific assessment to meet audit requirements such
as HIPAA.
18. A. Gathering data from Whois, DNS, and network scanning can help you map a target
network and provide valuable information regarding the operating system and applications
running on the systems during the preattack phase.
19. B. In the scope of work, a service-level agreement (SLA) should be defined to determine any
actions that will be taken in the event of a serious service disruption.
20. A. ISS Internet Scanner is an application-level vulnerability assessment. Internet Scanner
can identify more than 1,300 types of networked devices on the network, including desk-
tops, servers, routers/switches, firewalls, security devices, and application routers.