CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 53
1. Select the public, vendor-neutral forum and mailing list that publishes vulnerability analysis details, exploitation techniques, and other relevant information for the security community.
A) NIST
B) Full Disclosure
C) US-CERT
D) MITRE
2. By using the Common Vulnerability Scoring System (CVSS), The National Institute of Standards and Technology (NIST) select public resource for analysis on vulnerabilities published to the CVE dictionary
A) Full Disclosure
B) CWE
C) National Vulnerability Database (NVD)
D) OWASP
3. In Nmap, what is the outcome of the -PS flag?
A) Triggers TCP SYN discovery to named ports
B) Triggers UDP discovery to named ports
C) Triggers TCP ACK discovery to named ports
D) Triggers SCTP discovery to named ports
4. Which of the following is an active scanning technique used to aid in the process of information gathering, with the objective of identifying hosts that are alive and listening on the network?
A) Stumbling
B) Host Discovery
C) Port Scanning
D) Wardriving
5. Which type of tool allows analysts and pen testers to examine links between data using graphs and link analysis?
A) Cain & Abel
B) Maltego
C) Metasploit
D) Wireshark
A) NIST
B) Full Disclosure
C) US-CERT
D) MITRE
2. By using the Common Vulnerability Scoring System (CVSS), The National Institute of Standards and Technology (NIST) select public resource for analysis on vulnerabilities published to the CVE dictionary
A) Full Disclosure
B) CWE
C) National Vulnerability Database (NVD)
D) OWASP
3. In Nmap, what is the outcome of the -PS flag?
A) Triggers TCP SYN discovery to named ports
B) Triggers UDP discovery to named ports
C) Triggers TCP ACK discovery to named ports
D) Triggers SCTP discovery to named ports
4. Which of the following is an active scanning technique used to aid in the process of information gathering, with the objective of identifying hosts that are alive and listening on the network?
A) Stumbling
B) Host Discovery
C) Port Scanning
D) Wardriving
5. Which type of tool allows analysts and pen testers to examine links between data using graphs and link analysis?
A) Cain & Abel
B) Maltego
C) Metasploit
D) Wireshark
1. Right Answer: B
Explanation: The Japan Computer Emergency Response Team, or JPCERT, is a cybersecurity information-sharing organization backed by the Japanese government, rather than a specific resource provided by such an organization.
2. Right Answer: C
Explanation: Full Disclosure is a public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques. It also provides tools, papers, news, and events of interest to the cybersecurity community.
3. Right Answer: A
Explanation: NIST maintains the National Vulnerability Database (NVD) because Full Disclosure is a public forum and is not managed by NIST, nor does it strictly provide analysis on vulnerabilities published to the CVE dictionary. Vulnerabilities are regularly found on Full Disclosure before they are assigned a CVE number, because the CWE is maintained by MITRE, and it provides a community-developed list of common software security weaknesses, and the OWASP, or Open Web Application Security Project, is an open community designed to enable organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. OWASP is managed by the OWASP Foundation.
4. Right Answer: B
Explanation: The -PS flag is used for TCP SYN discovery to declared ports because SCTP discovery is the result of the -PY flag, TCP ACK discovery is the result of the -PA flag, and UDP discovery is the result of the -PU flag.
5. Right Answer: D
Explanation: Host discovery is an active scanning technique used to aid in the process of information gathering, with the goal of identifying hosts that are live and listening on the network. The simplest method of host discovery is a discovery scan, which is typically a ping-only scan. A caveat must be given here, however, often a target network will automatically drop all ICMP requests. In cases such as these, a stealth connection attempt to a common port or service such as SSH on port 22 or HTTP on port 80 can be an effective method of determining which hosts are up and available on a network.
Explanation: The Japan Computer Emergency Response Team, or JPCERT, is a cybersecurity information-sharing organization backed by the Japanese government, rather than a specific resource provided by such an organization.
2. Right Answer: C
Explanation: Full Disclosure is a public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques. It also provides tools, papers, news, and events of interest to the cybersecurity community.
3. Right Answer: A
Explanation: NIST maintains the National Vulnerability Database (NVD) because Full Disclosure is a public forum and is not managed by NIST, nor does it strictly provide analysis on vulnerabilities published to the CVE dictionary. Vulnerabilities are regularly found on Full Disclosure before they are assigned a CVE number, because the CWE is maintained by MITRE, and it provides a community-developed list of common software security weaknesses, and the OWASP, or Open Web Application Security Project, is an open community designed to enable organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. OWASP is managed by the OWASP Foundation.
4. Right Answer: B
Explanation: The -PS flag is used for TCP SYN discovery to declared ports because SCTP discovery is the result of the -PY flag, TCP ACK discovery is the result of the -PA flag, and UDP discovery is the result of the -PU flag.
5. Right Answer: D
Explanation: Host discovery is an active scanning technique used to aid in the process of information gathering, with the goal of identifying hosts that are live and listening on the network. The simplest method of host discovery is a discovery scan, which is typically a ping-only scan. A caveat must be given here, however, often a target network will automatically drop all ICMP requests. In cases such as these, a stealth connection attempt to a common port or service such as SSH on port 22 or HTTP on port 80 can be an effective method of determining which hosts are up and available on a network.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment