INT 245 Penetration Testing MCQs For MTE and CA
Penetration Testing may be a crucial component of any organization’s security methodology. By conducting a recreated assault on their claim frameworks, organizations can recognize and address vulnerabilities before assailants can abuse them. In the event that you want to test your information check out the Beat 30 Penetration Testing MCQs that we have arranged below for your reference.
 |
| INT 245 Penetration Testing MCQs For MTE and CA |
Q1. While performing penetration testing for an organization, which of the following goals should be considered?
a. To test and validate the efficiency of security protections and controls
b. To enable vulnerability perspectives for the organization, internally and externally
c. To provide usable information to audit teams gathering data for regulatory compliance
d. All of the above
Q2. Which of the following entities should be tested during a penetration test?
a. Mail servers
b. DNS servers
c. E-mail gateways
d. All of the above
Q3. Which of the following entities should not be tested during a penetration test?
a. Websites
b. Login forms
c. Customer feedback
d. None of the above
Q4. Which of the following should be the characteristics of a good penetration test?
a. Establishing parameters for penetration test
b. Choosing the penetration testing tools ignoring the cost.
c. Performing penetration test without the consent of client
d. None of the above
Q5. Which of the following should not be the characteristic of a good penetration test?
a. Hiring highly skilled professionals
b. Appointing a legal penetration tester
c. Performing test following the planning and scheduling document
d. None of the above
Q6. Which of the following could be a tool used for information gathering?
a. Dirbuster
b. LOIC
c. Recon-ng
d. None of the above
Q7. Which of the following is not a common penetration testing technique?
a. Network mapping
b. OS fingerprinting
c. Spoofing
d. Distributed data base transactions
Q8. Which of the following is a common penetration testing technique?
a. Trojan attack
b. Brute force attack
c. Vulnerability scanning
d. All of the above
Q9. Which of the following is an initial activity while starting a penetration test?
a. Defining the scope of test
b. Performing information gathering
c. Reporting
d. None of the above
Q10. Which of the following is not a type of penetration test?
a. White box test
b. Black box test
c. Grey box test
d. Red box test
Q11. Which the following information is provided by the client organization while performing white box testing?
a. Company infrastructure information
b. Network type information
c. Firewall information
d. All of the above
Q12. Identify the incorrect penetration testing strategy.
a. Back haul testing
b. Wireless testing
c. Application security testing
d. None of the above
Q13. Which of the following entities shall be focused upon while performing external penetration testing?
a. Web servers
b. Firewalls
c. Mail servers
d. All of the above
Q14. During the internal penetration testing, the test highlights which of the following vulnerabilities?
a. Protocol and network infrastructure vulnerabilities
b. Server operating system and application vulnerabilities, internal controls, and procedures
c. Unsuitable user privileges
d. All of the above
Q15. Which of the following is not an important component of application testing?
a. Source code review
b. Authorization setting
c. Packet header testing
d. none of the above
Q16. Which of the following techniques is not used to test Web applications?
a. XSS
b. XSRF
c. AD pentesting
d. Weak authentication
Q17. Which of the following is not a preffered test to be conducted on systems?
a. Source code exposure
b. DOS
c. SSRF
d. None of the above
Q18. Which of the following things are checked during network security testing?
a. Port scanning
b. Router testing
c. Trusted system testing
d. All of the above
Q19. The methodology of penetration testing should not include which of the following?
a. Wireless security
b. Communication testing
c. Social security
d. None of the above
Q20. Identify the correct full form of the abbreviation OSSTMM
a. Open Source Security Testing Methodology Manual
b. Open Source Software Testing Methodology Manual
c. Open Source System Testing Methodology Manual
d. All of the above
Q21. During a penetration test, which of the following activities involve obtaining information like rules of engagement, budget and technical constraints.
a. Reconnaisance
b. Scanning
c. Planning and scoping
d. Maintaining access
Q22. Which of the following is identified during the scanning?
a. Live hosts
b. Open ports
c. Running Services
d. All of the above
Q23. While covering the tracks, which of the following evidences are removed by the attacker?
a. Rootkits
b. dll files
c. Executable files
d. None of the above
Q24. Which of the following recon-ng modules identify the subdomains for a given domain?
a. Whois_pocs
b. Brute_hosts
c. Brute_ip
d. None of the above
Q25. Which of the following information is identified by the Mx_SPF_IP module in recon-ng?
a. Emails
b. Domain name
c. Mail exchange records
d. none of the above
Q26. Which of the following information is retrieved by Maltego?
a. Ip addresses
b. Open ports
c. Running services
d. none of the above
Q27. Which of the following tools recover mail exchange records, domains, and ASN number related to a target?
a. Harvester
b. Maltego
c. Sublister
d. None of the above
Q28. Which of the following google dork is used to find information whithin the webpage contents?
a. Incontent
b. Inurl
c. Site
d. None of the above
Q29. Which of the following information is not identified by the Harvester?
a. Domain names
b. Ip addresses
c. Alias Domain names
d. None of the above
Q30. Which of the following tools does not provide the whois information related to the target?
a. Recon-ng
b. Maltego
c. The Harvester
d. None of the above
