Question 1

A security researcher has just purchased a new IoT door lock and wants to determine whether there are any vulnerabilities that the manufacturer may have missed. Which of the following might the researcher use to fully study this product?

A) Sandboxing
B) Reverse engineering
C) Fingerprinting
D) Operational control review

Reverse engineering

Accepted Answer

Reverse engineering is a process used to understand the technology and operation of a device by analyzing its structure, function, and operation. It is commonly used by security researchers to find vulnerabilities in hardware and software, including IoT devices like door locks.

Question 2

Penetration testers have made their way past a company's firewall by exploiting an unpatched vulnerability. They perform a quick ping sweep followed by a port scan so they can determine which services and operating systems may be in the company's environment. An hour into the breach, they get disconnected, and it appears that all of their traffic is being directed to another location when they try to reconnect. Which of the following roles did the penetration tester play in this exercise?

A) White team
B) Blue team
C) Green team
D) Red team

Red team

Accepted Answer

Penetration testers are part of the red team, which simulates attacks on an organization's security infrastructure to test its defenses.

Question 3

The CISO of an organization wants to determine what real attackers could do if they decided to attack his company. Which of the following types of tests would be the most appropriate to meet the CISO's goals?

A) White box
B) Red box
C) Black box
D) Blue box

Black box

Accepted Answer

A black box test simulates an external attack by someone with no prior knowledge of the system's internal workings, closely mirroring what real attackers would face when targeting the organization. This approach helps identify vulnerabilities that could be exploited by an attacker.

Question 4

The application development manager for an organization has suggested that the company hire a penetration tester to test a new application. The manager suggests that they give the penetration tester some information about the application, but not all of the details. Which of the following describes the type of testing the development manager is suggesting?

A) Gray box
B) Gray hat
C) Gray team
D) Gray scenario

Accepted Answer

Gray box testing involves providing some information about the system to the tester, but not full details, blending elements of both black box (no prior knowledge) and white box (full knowledge) testing approaches.

Question 5

A security researcher has just been sent a set of files from zero-day malware for analysis. The researcher is concerned about damage to hardware, as the hardware budget for the current fiscal year has been exhausted. Which of the following should the security researcher implement?

A) Trusted foundry
B) Fingerprinting
C) Decomposition
D) Sandboxing

Accepted Answer

Sandboxing is the correct choice because it allows the researcher to run and analyze the malware in a controlled, isolated environment. This prevents the malware from causing harm to the actual hardware or the wider network, addressing the researcher's concern about hardware damage.

Question 6

A security engineer has been brought onto a project for a new system containing several critical files that should never change. However, the team needs to be able to know if a file does change. Which of the following solutions would the security engineer most likely recommend?

A) Fingerprinting
B) White box
C) Sandboxing
D) Scoping

Accepted Answer

Fingerprinting, in the context of information security, involves creating a unique identifier (hash) for files or data. If a critical file changes, its fingerprint (hash value) will also change, alerting the team to the modification. This method is effective for monitoring the integrity of files that should not be altered.

Question 7

A systems administrator works for the U.S. Department of Defense (DoD). She is building out infrastructure to host a new application. Which of the following might she need to reference before ordering any of the hardware to ensure that the hardware and vendor are approved?

A) OEM documentation
B) Trusted foundry
C) Qualitative risk database
D) Vendor framework

Accepted Answer

The Trusted Foundry program is relevant for the U.S. Department of Defense (DoD) as it provides a list of approved semiconductor manufacturers. This ensures that the hardware meets specific security and reliability standards required for DoD projects.

Question 8

A security researcher purchases a discounted open-box item from a local electronics retailer, hoping to learn more about the device. After turning it on and launching the configuration application, he notices that several features appear to be missing, while other features are there that he hadn't heard about. Which of the following would best allow the researcher to verify whether this device has potentially been tampered with?

A) Trusted foundry
B) White box testing
C) OEM documentation
D) Operational control review

Accepted Answer

OEM (Original Equipment Manufacturer) documentation provides the official specifications, features, and functionalities of the device as intended by the manufacturer. By comparing the device's current state and available features with the OEM documentation, the researcher can identify any discrepancies that may indicate tampering or modifications.

Question 9

An outside consultant has been hired to perform a risk analysis for a company. As part of the report, he details the likelihood of certain events occurring as well as the impact they would have. Which of the following could he use to display this information in his report?

A) Risk matrix
B) Qualitative risk calculation
C) Impact analysis
D) Quantitative risk calculation

Accepted Answer

A risk matrix is a tool used to display the likelihood of events occurring against their potential impact, making it suitable for the consultant's report.

Question 10

A consultant is hired to analyze some of the most critical and confidential systems in an organization. Which of the following will most likely be necessary as part of the work?&#10;A) SLA&#10;B) NDA&#10;C) OLA&#10;D) HIPAA

Accepted Answer

An NDA (Non-Disclosure Agreement) is typically required when dealing with critical and confidential systems to ensure that sensitive information is not disclosed to unauthorized parties.

Question 11

A large international corporation has hired a penetration tester to determine the extent to which their infrastructure is vulnerable to attacks. In which of the following areas must this company put the most effort and thought, compared with smaller companies?

A) Communication
B) Timing
C) Authorization
D) Exploitation

Accepted Answer

The answer of A large international corporation has hired a...

Question 12

The CISO for an organization has called penetration testers that she met at an information security conference a few months ago. The penetration testers come to the office for a meeting and describe the process of how the test would proceed. The testers explain that before they can get started, they need written authorization from the company. Which of the following would outline the authorization, scope, and timing necessary for the penetration testers to begin?

A) NDA
B) Risk matrix
C) SLA
D) Rules for engagement

Accepted Answer

The answer of The CISO for an organization has called...

Question 13

A telecommunications company has split its security team into two teams. One of them is responsible for attacking the company's infrastructure while the other should do everything they can to stop the attack. The management team will coordinate activities with both teams and ensure that there are no ill-timed attacks from outside that are not caught. Which of the following describes the defending team?

A) Blue team
B) Gray team
C) Red team
D) White team

Accepted Answer

The answer of A telecommunications company has split its security...

Question 14

A threat actor has decided to get revenge on a company that overcharged him for a product he says didn't work. Upon completing a scan of their public-facing network, he finds a list of the services running on the server and decides to look for vulnerabilities in each of the services. He gets a copy of one of the programs he detected, but needs to examine the source code to look for unknown vulnerabilities. Which of the following might allow him to see the source code behind the program?

A) Decompiler
B) Fingerprinting
C) Sandboxing
D) Risk matrix

Accepted Answer

The answer of A threat actor has decided to get...

Question 15

The development manager wants to verify that a new application her team developed has been fully hardened. Which of the following might ensure that every part of the application has been tested?&#10;A) White box testing&#10;B) Black box testing&#10;C) Gray box testing&#10;D) Blue box testing

Accepted Answer

The answer of The development manager wants to verify that...

Deck 4: Exploring Penetration Testing