CompTIA CySA+ Practice Tests. Mike Chapple
Читать онлайн книгу.
ports: 22, 80, 443, 515, 631, and 9100. If Adam needs to guess what type of device this is based on these ports, what is his best guess?A web serverAn FTP serverA printerA proxy server
64 In his role as the SOC operator, Manish regularly scans a variety of servers in his organization. After two months of reporting multiple vulnerabilities on a Windows file server, Manish recently escalated the issue to the server administrator's manager.At the next weekly scan window, Manish noticed that all the vulnerabilities were no longer active; however, ports 137, 139, and 445 were still showing as open. What most likely happened?The server administrator blocked the scanner with a firewall.The server was patched.The vulnerability plug-ins were updated and no longer report false positives.The system was offline.
65 While conducting reconnaissance, Piper discovers what she believes is an SMTP service running on an alternate port. What technique should she use to manually validate her guess?Send an email via the open port.Send an SMTP probe.Telnet to the port.SSH to the port.
66 What two pieces of information does nmap need to estimate network path distance?IP address and TTLTTL and operating systemOperating system and BGP flagsTCP flags and IP address
67 Helen is using the Lockheed Martin Cyber Kill Chain to analyze an attack that took place against her organization. During the attack, the perpetrator attached a malicious tool to an email message that was sent to the victim. What phase of the Cyber Kill Chain includes this type of activity?WeaponizationDeliveryExploitationActions on objectives
68 During an on-site penetration test of a small business, Ramesh scans outward to a known host to determine the outbound network topology. What information can he gather from the results provided by Zenmap?There are two nodes on the local network.There is a firewall at IP address 96.120.24.121.There is an IDS at IP address 96.120.24.121.He should scan the 10.0.2.0/24 network.Use the following network diagram and scenario to answer questions 69–71.
69 Marta is a security analyst who has been tasked with performing nmap scans of her organization's network. She is a new hire and has been given this logical diagram of the organization's network but has not been provided with any additional detail.Marta wants to determine what IP addresses to scan from location A. How can she find this information?Scan the organization's web server and then scan the other 255 IP addresses in its subnet.Query DNS and WHOIS to find her organization's registered hosts.Contact ICANN to request the data.Use traceroute to identify the network that the organization's domain resides in.
70 If Marta runs a scan from location B that targets the servers on the datacenter network and then runs a scan from location C, what differences is she most likely to see between the scans?The scans will match.Scans from location C will show no open ports.Scans from location C will show fewer open ports.Scans from location C will show more open ports.
71 Marta wants to perform regular scans of the entire organizational network but only has a budget that supports buying hardware for a single scanner. Where should she place her scanner to have the most visibility and impact?Location ALocation BLocation CLocation D
72 Andrea needs to add a firewall rule that will prevent external attackers from conducting topology gathering reconnaissance on her network. Where should she add a rule intended to block this type of traffic?The firewallThe routerThe distribution switchThe Windows server
73 Brandon wants to perform a WHOIS query for a system he believes is located in Europe. Which NIC should he select to have the greatest likelihood of success for his query?AFRINICAPNICRIPELACNIC
74 While reviewing Apache logs, Janet sees the following entries as well as hundreds of others from the same source IP. What should Janet report has occurred?[ 21/Jul/2020:02:18:33 -0500] - - 10.0.1.1 "GET /scripts/sample.php" "-" 302 336 0 [ 21/Jul/2020:02:18:35 -0500] - - 10.0.1.1 "GET /scripts/test.php" "-" 302 336 0 [ 21/Jul/2020:02:18:37 -0500] - - 10.0.1.1 "GET /scripts/manage.php" "-" 302 336 0 [ 21/Jul/2020:02:18:38 -0500] - - 10.0.1.1 "GET /scripts/download.php" "-" 302 336 0 [ 21/Jul/2020:02:18:40 -0500] - - 10.0.1.1 "GET /scripts/update.php" "-" 302 336 0 [ 21/Jul/2020:02:18:42 -0500] - - 10.0.1.1 "GET /scripts/new.php" "-" 302 336 0A denial-of-service attackA vulnerability scanA port scanA directory traversal attack
75 Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will most easily provide the most useful information if they are all possible to conduct on the network he is targeting?DNS record enumerationZone transferReverse lookupDomain brute-forcing
76 Geoff wants to perform passive reconnaissance as part of an evaluation of his organization's security controls. Which of the following techniques is a valid technique to perform as part of a passive DNS assessment?A DNS forward or reverse lookupA zone transferA WHOIS queryUsing maltego
77 Mike's penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?WiresharknmapnetcatAngry IP Scanner
78 While gathering DNS information about an organization, Ryan discovered multiple AAAA records. What type of reconnaissance does this mean Ryan may want to consider?Second-level DNS queriesIPv6 scans Cross-domain resolutionA CNAME verification
79 After Carlos completes a topology discovery scan of his local network, he sees the Zenmap topology shown here. What can Carlos determine from the Zenmap topology view?There are five hosts with port security enabled.DemoHost2 is running a firewall.DemoHost4 is running a firewall.There are four hosts with vulnerabilities and seven hosts that do not have vulnerabilities.
80 Scott is part of the white team who is overseeing his organization's internal red and blue teams during an exercise that requires each team to only perform actions appropriate to the penetration test phase they are in. During the reconnaissance phase, he notes the following behavior as part of a Wireshark capture. What should he report?The blue team has succeeded.The red team is violating the rules of engagement.The red team has succeeded.The blue team is violating the rules of engagement.
81 Jennifer analyzes a Wireshark packet capture from a network that she is unfamiliar with. She discovers that a host with IP address 10.11.140.13 is running services on TCP ports 636 and 443. What services is that system most likely running?LDAPS and HTTPSFTPS and HTTPSRDP and HTTPSHTTP and Secure DNS
82 Kai has identified a privilege escalation flaw on the system she targeted in the first phase of her penetration test and is now ready to take the next step. According to the NIST 800-115 standard, what is step C that Kai needs to take, as shown in this diagram?System browsingScanningRootingConsolidation
83 When Scott performs an nmap scan with the -T flag set to 5, what variable is he changing?How fast the scan runsThe TCP timeout flag it will setHow many retries it will performHow long the scan will take to start up
84 While conducting a port scan of a remote system, Henry discovers TCP port 1433 open. What service can he typically expect to run on this port?OracleVNCIRCMicrosoft SQL
85 While application vulnerability scanning one of her target organizations web servers, Andrea notices that the server's hostname is resolving to a cloudflare.com host. What does Andrea know about her scan?It is being treated like a DDoS attack.It is scanning a CDN-hosted copy of the site.It will not return useful information.She cannot determine anything about the site based on this information.
86 While tracking a potential APT on her network, Cynthia discovers a network flow for her company's central file server. What does this flow entry most likely show if 10.2.2.3 is not a system on her network?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2017-07-11 13:06:46.343 21601804 TCP 10.1.1.1:1151->10.2.2.3:443 9473640 9.1 G 1 2017-07-11 13:06:46.551 21601804 TCP 10.2.2.3:443->10.1.1.1:1151 8345101 514 M 1A web browsing sessionData exfiltrationData infiltrationA vulnerability scan
87 Part of Tracy's penetration testing assignment is to evaluate the WPA2 Enterprise protected wireless networks of her target organization. What major differences exist between reconnaissances of a wired network versus a wireless network?Encryption and physical accessibilityNetwork access control and encryptionPort security and physical accessibilityAuthentication and encryption
88 Ian's company has an internal policy requiring that