CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 55
1. Following are the commonly reported themes or issues in vulnerability scan results, select the issues which are not reported in vulnerability scan.
A) Vulnerabilities
B) Failure to apply industry best practices
C) Observations
D) Exploits
2. _________are not a security weakness category as maintained by CWE.
A) Research Concepts
B) Architectural Concepts
C) Programming Concepts
D) Development Concepts
3. Which of the following is an open-source command-line tool used for several penetration test-focused activities on both wired and wireless networks, such as surveying hosts for open ports, fingerprinting operating systems, and collecting service banners?
A) Nmap
B) Shodan
C) Theharvester
D) Aircrack-ng
4. What is the purpose of Social Engineering?
A) Reveal information from human beings
B) Extract information from compromised social networking sites
C) Reveal information about social networking sites
D) Compromise social accounts
5. Select an open-source suite of tools that is useful for conducting RF communication monitoring and security testing of wireless networks.
A) Aircrack-ng
B) Shodan
C) Theharvester
D) Nmap
A) Vulnerabilities
B) Failure to apply industry best practices
C) Observations
D) Exploits
2. _________are not a security weakness category as maintained by CWE.
A) Research Concepts
B) Architectural Concepts
C) Programming Concepts
D) Development Concepts
3. Which of the following is an open-source command-line tool used for several penetration test-focused activities on both wired and wireless networks, such as surveying hosts for open ports, fingerprinting operating systems, and collecting service banners?
A) Nmap
B) Shodan
C) Theharvester
D) Aircrack-ng
4. What is the purpose of Social Engineering?
A) Reveal information from human beings
B) Extract information from compromised social networking sites
C) Reveal information about social networking sites
D) Compromise social accounts
5. Select an open-source suite of tools that is useful for conducting RF communication monitoring and security testing of wireless networks.
A) Aircrack-ng
B) Shodan
C) Theharvester
D) Nmap
1. Right Answer: D
Explanation: The public reputation of the developers of software or an operating system are the concern of those developers alone; the job of the penetration tester is to test and verify system security.
2. Right Answer: C
Explanation: While it is common for a vulnerability scan to result to detail vulnerabilities specific to a system, a functional exploit, which takes advantage of that vulnerability is not going to be presented in the vulnerability scan results.
3. Right Answer: A
Explanation: Programming concepts are not a security weakness category as maintained by CWE. Be cautious with questions like this; programming-related weaknesses would likely be categorized as development concepts. Remember that the categories monitored by CWE are broad in scope.
4. Right Answer: A
Explanation: Nmap is an open-source command-line tool that is used for several penetration test-focused activities, such as surveying hosts for open ports, fingerprinting operating systems, and collecting service banners. Nmap provides effective enumeration of networks (and identification of targets within the same), hosts (such as OS fingerprinting with the -O or -A flag), and services (with the -sV or -A flag) with its default options. With the use of NSE (the Nmap Scripting Engine) Nmap can provide even greater level of details.
5. Right Answer: A
Explanation: Social Engineering in Information Security refers to the technique of psychological manipulation. This trick is used to gather information from directly or indirectly interfering human beings.
Explanation: The public reputation of the developers of software or an operating system are the concern of those developers alone; the job of the penetration tester is to test and verify system security.
2. Right Answer: C
Explanation: While it is common for a vulnerability scan to result to detail vulnerabilities specific to a system, a functional exploit, which takes advantage of that vulnerability is not going to be presented in the vulnerability scan results.
3. Right Answer: A
Explanation: Programming concepts are not a security weakness category as maintained by CWE. Be cautious with questions like this; programming-related weaknesses would likely be categorized as development concepts. Remember that the categories monitored by CWE are broad in scope.
4. Right Answer: A
Explanation: Nmap is an open-source command-line tool that is used for several penetration test-focused activities, such as surveying hosts for open ports, fingerprinting operating systems, and collecting service banners. Nmap provides effective enumeration of networks (and identification of targets within the same), hosts (such as OS fingerprinting with the -O or -A flag), and services (with the -sV or -A flag) with its default options. With the use of NSE (the Nmap Scripting Engine) Nmap can provide even greater level of details.
5. Right Answer: A
Explanation: Social Engineering in Information Security refers to the technique of psychological manipulation. This trick is used to gather information from directly or indirectly interfering human beings.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment