Comptia Pentest+ 2023 Questions and answer - Part 10
1. David is conducting a black box penetration test against an organization and a vulnerability scanning result is being gathered for use in his tests. Which one of the following scans provide him with helpful information within the boundary of his test?
A) Stealth Internal Scan
B) Full External Scan
C) Stealth External Scan
D) Full Internal Scan
2. Which one of the given example is not a vulnerability scanning tool?
A) OpenVAS
B) Nessus
C) QualysGuard
D) Snort
3. A regulatory requirement is most likely to be faced by which type of organization to conduct vulnerability scans?
A) Hospital
B) Doctor-s Office
C) Government Agency
D) Bank
4. Gary is reviewing a vulnerability scan report and one of the servers on his network is suffering from an internal IP address disclosure vulnerability. The use of which protocol on this network resulted in this vulnerability?
A) TLS
B) VPN
C) SSH
D) NAT
5. What is the attack type called in which the attacker places more information in a location of memory than it is allocated for that use?
A) LDAP Injection
B) Buffer Overflow
C) SQL Injection
D) Cross-site Scripting
A) Stealth Internal Scan
B) Full External Scan
C) Stealth External Scan
D) Full Internal Scan
2. Which one of the given example is not a vulnerability scanning tool?
A) OpenVAS
B) Nessus
C) QualysGuard
D) Snort
3. A regulatory requirement is most likely to be faced by which type of organization to conduct vulnerability scans?
A) Hospital
B) Doctor-s Office
C) Government Agency
D) Bank
4. Gary is reviewing a vulnerability scan report and one of the servers on his network is suffering from an internal IP address disclosure vulnerability. The use of which protocol on this network resulted in this vulnerability?
A) TLS
B) VPN
C) SSH
D) NAT
5. What is the attack type called in which the attacker places more information in a location of memory than it is allocated for that use?
A) LDAP Injection
B) Buffer Overflow
C) SQL Injection
D) Cross-site Scripting
1. Right Answer: B
Explanation: Useful and actionable results are most likely to be provided with full scan because more tests are included in it. In the scenario there is no requirement that Gary should avoid detection so it is not necessary to perform a stealth scan. It would not be appropriate for Gary to have access to scans conducted on the internal network as it is a black box test.
2. Right Answer: D
Explanation: Snort is an intrusion detection system while, QualysGuard, Nessus, and OpenVAS are all examples of vulnerability scanning tools.
3. Right Answer: C
Explanation: Government agencies conduct vulnerability scans that are according to The Federal Information Security Management Act (FISMA). Neither HIPAA governing hospitals and doctors- offices include a vulnerability scanning requirement nor does GLBA, which covers financial institutions.
4. Right Answer: D
Explanation: All of these protocols are supported by network. When a network uses Network Address Translation (NAT) to map public and private IP addresses, it results in the occurrence of internal IP disclosure vulnerabilities but a server inadvertently discloses its private IP address to remote systems.
5. Right Answer: B
Explanation: When an attacker manipulates a program into placing more data, the Buffer Overflow attack occurs. This data is placed into an area of memory than is allocated for that program-s use. Other information in memory with instructions is written specifically, which may be executed by a different process running on the system.
Explanation: Useful and actionable results are most likely to be provided with full scan because more tests are included in it. In the scenario there is no requirement that Gary should avoid detection so it is not necessary to perform a stealth scan. It would not be appropriate for Gary to have access to scans conducted on the internal network as it is a black box test.
2. Right Answer: D
Explanation: Snort is an intrusion detection system while, QualysGuard, Nessus, and OpenVAS are all examples of vulnerability scanning tools.
3. Right Answer: C
Explanation: Government agencies conduct vulnerability scans that are according to The Federal Information Security Management Act (FISMA). Neither HIPAA governing hospitals and doctors- offices include a vulnerability scanning requirement nor does GLBA, which covers financial institutions.
4. Right Answer: D
Explanation: All of these protocols are supported by network. When a network uses Network Address Translation (NAT) to map public and private IP addresses, it results in the occurrence of internal IP disclosure vulnerabilities but a server inadvertently discloses its private IP address to remote systems.
5. Right Answer: B
Explanation: When an attacker manipulates a program into placing more data, the Buffer Overflow attack occurs. This data is placed into an area of memory than is allocated for that program-s use. Other information in memory with instructions is written specifically, which may be executed by a different process running on the system.
Comments
0
CA Foundation Business Economics Questions 2023 - Part 32
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 29
03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 28
03 Mar 2023
