Comptia PENTEST + Review Questions Module 3 RECON / OSINT

Review Questions COMPTIA PENTEST +

1. Mika runs the following Nmap scan:
nmap -sU -sT -p 1-65535
What information will she NOT receive?
A. TCP services
B. The state of the service
C. UDP services

2. What technique is being used in the following command:
host -t axfr
A. DNS query
B. Nslookup
C. Dig scan
D. Zone transfer

3. After running an Nmap scan of a system, Lauren discovers that TCP ports 139, 443, and 3389 are open. What operating system is she most likely to discover running on the system?
A. Windows
B. Android
C. Linux
D. iOS

4. Charles runs an Nmap scan using the following command:
nmap -sT -sV -T2 -p 1-65535
After watching the scan run for over two hours, he realizes that he needs to optimize the scan. Which of the following is not a useful way to speed up his scan?
A. Only scan via UDP to improve speed.
B. Change the scan timing to 3 or faster.
C. Change to a SYN scan.
D. Use the default port list.

5. Karen identifies TCP ports 8080 and 8443 open on a remote system during a port scan.
What tool is her best option to manually validate running on these ports?
C. Telnet
D. A web browser

6. Angela recovered a PNG image during the early intelligence-gathering phase of a penetration test and wants to examine it for useful metadata. What tool could she most successfully use to do this?
A. ExifTool
B. Grep
C. PsTools
D. Nginx

7. During an Nmap scan, Casey uses the -O flag. The scan identifies the host as follows:
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 – 2.6.33
What can she determine from this information?
A. The Linux distribution installed on the target
B. The patch level of the installed Linux kernel
C. The date the remote system was last patched
D. That the system is running a Linux 2.6 kernel between .9 and .33

8. What is the full range of ports that a UDP service can run on?
A. 1–1024
B. 1–16,383
C. 1–32,767
D. 1–65,535

9. Steve is working from an un-privileged user account that was obtained as part of a penetration test. He has discovered that the host he is on has Nmap installed and wants to scan other hosts in his subnet to identify potential targets as part of a pivot attempt. What Nmap flag is he likely to have to use to successfully scan hosts from this account?
A. -sV
B. -u
C. -oA
D. -sT

10. Which of the following tools provides information about a domain’s registrar and physical location?
A. Nslookup
B. Host
D. Traceroute

11. Chris runs an Nmap scan of the network that his employer uses as an internal network range for the entire organization. If he uses the -T0 flag, what issue is he likely to encounter?
A. The scan will terminate when the host count reaches 0.
B. The scan will not scan IP addresses in the .0 network.
C. The scan will progress at a very slow speed.
D. The scan will only scan for TCP services.

12. Which of the following Nmap output formats is unlikely to be useful for a penetration tester?
A. -oA
B. -oS
C. -oG
D. -oX

13. During an early phase of his penetration test, Mike recovers a binary executable file that he wants to quickly analyze for useful information. Which of the following tools will quickly give him a view of potentially useful information in the binary?
B. strings
C. Hashmod
D. Eclipse

14. Jack is conducting a penetration test for a customer in Japan. What NIC is he most likely to need to check for information about his client’s networks?

15. After running an SNMP sweep, Greg finds that he didn’t receive any results. If he knows there are no network protection devices in place and that there are devices that should respond to SNMP queries, what problem does he most likely have?
A. The SNMP private string is set.
B. There is an incorrect community string.
C. SNMP only works on port 25.
D. SNMP sweeps require the network to support broadcast traffic.

16. Charles uses the following hping command to send traffic to a remote system.
hping -S -V -p 80
What type of traffic will the remote system see?
A. HTTP traffic to TCP port 80
B. TCP SYNs to TCP port 80
C. HTTPS traffic to TCP port 80
D. A TCP three-way handshake to TCP port 80

17. What does a result of * * * mean during a traceroute?
A. No route to host.
B. All hosts queried.
C. No response to the query, perhaps a timeout, but traffic is going through.
D. A firewall is blocking responses.

18. Rick wants to look at the advertised routes to his target. What type of service should he look for to do this?
A. A BGP looking glass
B. A RIP-off
C. An IGRP relay
D. A BGP tunnel

19. Why would a penetration tester look for expired certificates as part of an informationgathering and enumeration exercise?
A. They indicate improper encryption, allowing easy decryption of traffic.
B. They indicate services that may not be properly updated or managed.
C. Attackers install expired certificates to allow easy access to systems.
D. Penetration testers will not look for expired certificates; they only indicate procedural issues.

20. John has gained access to a system that he wants to use to gather more information about other hosts in its local subnet. He wants to perform a port scan but cannot install other tools to do so. Which of the following tools isn’t usable as a port scanner?
A. Hping

C. Telnet
D. ExifTool

Xem bài giải đáp tại đây

Tìm Comptia Pentest + Exam Review Module 3