Domain registration information returned on a Whois search does not include which of the following?
Answer :
Domain administrator GPS coordinates
Open-source intelligence (OSINT) collection frameworks are used to effectively manage sources of collected information. Which of the following best describes open-source intelligence?
Answer :
Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes
What is the process by which large data sets are analyzed to reveal patterns or hidden anomalies?
Answer :
Data mining
What should be done next if the final set of security controls does not eliminate all of the risks in a given system?
Answer :
You should accept the risk if the residual risk is low enough
What is a legal contract outlining the confidential material or information that will be shared by
the pentester and the organization during an assessment?
Answer :
NDA
What is not an example of a type of support resource that a pentester might receive as part of a
white box assessment?
Answer :
PII of employees
What type of assessment seeks to validate a systems security posture against a particular
checklist?
Answer :
Compliance-based
If you are unable to ping a target because you are receiving no response or a response that
states the destination is unreachable, then ICMP may be disabled on the remote end. If you
wanted to try to elicit a response from a host using TCP, what tool would you use?
Answer :
Hping
What system contains a publicly available set of databases with registration contact
information for every domain name on the Internet?
Answer :
WHOIS
A penetration tester hired by a bank began searching for the bank’s IP ranges by performing
lookups on the bank's DNS servers, reading news articles online about the bank, monitoring
what times the bank’s employees came into and left work, searching job postings (with a
special focus on the bank’s information technology jobs), and even searching the corporate
office of the bank’s dumpster. Based on this description, what portion of the penetration test is
being conducted?
