Jason is a penetration tester and after completing

This preview shows page 17 - 20 out of 20 pages.

55.Jason is a penetration tester, and after completing the initial penetration test, he wanted to create a final penetration test report that consists of all activities performed throughout the penetration testing process. Before creating the final penetration testing report, which of the following reports should Jason prepare in order to verify if any crucial information is missed from the report? A. Activity report B. Host report C. User report D. Draft report Answer:A 56.The penetration testers are required to follow predefined standard frameworks in making penetration testing reporting formats.
KillTestThe safer , easier way to help you pass any IT exams.17/ 18Which of the following standards does NOT follow the commonly used methodologies in penetration testing? 57.You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users complained they are not able to resolve domain names to IP addresses at certain times. What could be the probable reason? 58.Ross performs security test on his company’s network assets and creates a detailed report of all the findings. In his report, he clearly explains the methodological approach that he has followed in finding the loopholes in the network. However, his report does not mention about the security gaps that can be exploited or the amount of damage that may result from the successful exploitation of the loopholes. The report does not even mention about the remediation steps that are to be taken to secure the network. What is the type of test that Ross has performed? 59.JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Future group approached JUA for an internal pen test. Stanley performs various penetration testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names, users and groups, applications and banners. Identify the technique that gave Stanley this information. A. Enumeration B. Sniffing C. Ping sweeps D. Port scanning Answer:A 60.Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to determine whether the database is vulnerable to attacks
KillTestThe safer , easier way to help you pass any IT exams.18/ 18or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started database port scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command. nmap -sU p 1521 <client ip-address> Identify the database used by the company?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture