Which of the following appendices gives detailed lists of all the technical terms used in the report?

A. Required Work Efforts

B. References

C. Research

D. Glossary

This is a group of people hired to give details of the vulnerabilities present in the system found after a penetration test. They are elite and extremely competent penetration testers and intrusion analysts. This team prepares a report on the vulnerabilities in the system, attack methods, and how to defend against them.

What is this team called?

A. Blue team

B. Tiger team

C. Gorilla team

D. Lion team

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/ Medium/Low risk issues.

What are the two types of `white-box' penetration testing?

A. Announced testing and blind testing

B. Blind testing and double blind testing

C. Blind testing and unannounced testing

D. Announced testing and unannounced testing

Information gathering is performed to:

i) Collect basic information about the target company and its network

ii) Determine the operating system used, platforms running, web server versions, etc.

iii) Find vulnerabilities and exploits Which of the following pen testing tests yields information about a company's technology infrastructure?

A. Searching for web page posting patterns

B. Analyzing the link popularity of the company's website

C. Searching for trade association directories

D. Searching for a company's job postings

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

A. Active/Passive Tools

B. Application-layer Vulnerability Assessment Tools

C. Location/Data Examined Tools

D. Scope Assessment Tools

Traffic on which port is unusual for both the TCP and UDP ports?

A. Port 81

B. Port 443

C. Port 0

D. Port21

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

A. Passive Assessment

B. Host-based Assessment

C. External Assessment

D. Application Assessment

John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.

Which one of the following Nmap commands will he use to find it?

A. nmap -sU 璸 389 10.0.0.7

B. nmap -sU 璸 123 10.0.0.7

C. nmap -sU 璸 161 10.0.0.7

D. nmap -sU 璸 135 10.0.0.7

Which of the following is not a condition specified by Hamel and Prahalad (1990)?

A. Core competency should be aimed at protecting company interests

B. Core competency is hard for competitors to imitate

C. Core competency provides customer benefits

D. Core competency can be leveraged widely to many products and markets

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

A. Web Services Footprinting Attack

B. Service Level Configuration Attacks

C. URL Tampering Attacks

D. Inside Attacks