If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?
Correct Answer: B
If you want to scan fewer ports than the default scan using the Nmap tool, you would use the -F option. The -F flag stands for 'Fast mode' and instructs Nmap to scan fewer ports, typically focusing on the most common 100 ports, instead of the default 1000 ports. This allows for a quicker scan which can be useful when time is a critical factor or when a quick overview of the network’s most common open ports is desired.
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
Correct Answer: D
The correct structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange is Public Key Infrastructure (PKI). PKI involves the use of digital certificates, encryption, and authentication mechanisms to ensure that the data being exchanged is secure and that the identities of the individuals involved are verified and authenticated.
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?
Correct Answer: A
The method used in the described scenario is social engineering. Social engineering involves manipulating individuals into performing actions or divulging confidential information. In this case, the attacker impersonated the receptionist's boss via email and manipulated her into opening malicious links. This technique relies not on technical vulnerabilities but on exploiting human behavior and trust, which is a classic example of social engineering.
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
Correct Answer: C
If a tester is trying to get a response from a host using TCP and ICMP is disabled, the most appropriate tool would be TCP ping. TCP ping is designed specifically to check the reachability of a host by attempting to connect to a specified TCP port, which aligns perfectly with the requirement to use TCP instead of ICMP. While tools like Hping can also be used to craft and send TCP packets, TCP ping is a straightforward tool explicitly designed for exactly this purpose.
Which is the first step followed by Vulnerability Scanners for scanning a network?
Correct Answer: D
In the context of vulnerability scanning, the first step is often to determine if the target or remote host is alive. This is crucial because there is no point in proceeding with further scanning activities like OS detection, firewall detection, or port scanning if the host is not active or does not respond. This initial step ensures that subsequent scans are only performed on hosts that are reachable and operational.