Vulnerability & Penetration Testing

Question 1

What are vulnerabilities?

Answer 1

Vulnerabilities are weaknesses in IT systems (software, hardware, networks, or processes) that attackers can exploit to gain unauthorized access, disrupt services, or steal data

Question 2

What are some methods to identify vulnerabilities?

Answer 2

Identifying vulnerabilities involves multiple methods:

• Automated scanning (matches assets to known vulnerabilities)
• Manual testing (finds hidden or novel weaknesses)
• Security bulletins (vendor advisories and patch releases)
• Penetration testing (simulates attacks to assess impact)

Question 3

What is the purpose of a vulnerability assessment?

Answer 3

Vulnerability assessment’s purpose is to identify weaknesses before they get exploited

This allows cybersecurity analysts to take action to mitigate risks.

Question 4

Vulnerability assessments are required for compliance with various security standards or regulations. True or False?

Answer 4

TRUE

Ongoing assessments help maintain compliance.

Question 5

What types of devices can be assessed during a vulnerability assessment?

Answer 5

• Firewall appliances
• Individual hosts (servers, desktops, laptops, mobile devices)
• Network perimeter devices (Wi-Fi routers, regular routers)

Each type of device needs periodic scanning to identify vulnerabilities.

Question 6

How do vulnerability assessments contribute to risk management?

Answer 6

Vulnerability assessments are the best tools for assessing risk

This assessment feeds directly into the overall risk management strategy.

Question 7

What types of applications can be evaluated through vulnerability assessments?

Answer 7

• Web applications
• Internal business processes

Applications should ideally be protected with security measures like web application firewalls.

Question 8

What common web attacks should web applications be protected against during a vulnerability assessment? List at least two.

Answer 8

• Injection attacks
• Cross-site scripting attacks
• Directory traversal attacks

These are examples of vulnerabilities that can be identified through assessments.

Question 9

Fill in the blank: Vulnerability assessments should be run _______.

Answer 9

periodically

Regular assessments help maintain security and compliance.

Question 10

Is a vulnerability assessment the same as a security audit? True or False?

Answer 10

FALSE

While both assess security, they have different scopes and purposes.

Question 11

What is penetration testing often called?

Answer 11

Pen testing or Active testing

Penetration testing is an active form of security scanning.

Question 12

How does penetration testing differ from vulnerability scanning?

Answer 12

• Penetration testing is active
• Vulnerability scanning is passive

Vulnerability scans seek vulnerabilities without trying to exploit them.

Question 13

What does penetration testing include before exploiting discovered weaknesses?

Answer 13

vulnerability scanning

This initial step helps identify weaknesses that can be exploited.

Question 14

True or false: A detected vulnerability guarantees success in breaking into a system during penetration testing.

Answer 14

FALSE

Just because a vulnerability is detected does not mean penetration tests will succeed.

Question 15

What tools are used in penetration testing?

Answer 15

Tools designed to exploit vulnerabilities are used in pen testing

These tools are specifically created to test security by exploiting weaknesses.

Question 16

What is the primary goal of a penetration test?

Answer 16

The primary goal is to uncover flaws, especially those that are easily exploitable

Mitigate those problems immediately.

Question 17

The red team in penetration testing is also known as what?

Answer 17

Offensive team

This team executes the penetration testing against various targets.

Question 18

What types of targets can a red team conduct penetration testing against?

Answer 18

• Network
• Databases
• Applications
• Specific devices

Pen tests can also involve non-technical methods like social engineering.

Question 19

What is the role of the blue team in penetration testing?

Answer 19

Defensive team

This team secures and monitors IT systems.

Question 20

What does the blue team monitor for?

Answer 20

Security events

This is a key responsibility of a cybersecurity analyst.

Question 21

True or false: The blue team aims to detect and prevent red team attacks.

Answer 21

TRUE

Ideally, the blue team can stop attacks while they are occurring.

Question 22

What can be learned from conducting penetration tests?

Answer 22

• Enhance security awareness
• New mitigation strategies and techniques
• High-level overview of vulnerabilities

Information from pen tests can be used in training materials for staff.

Question 23

What is a potential benefit of analyzing the results of penetration testing?

Answer 23

The potential benefit is to make improvements based on testing results

This can lead to better security practices and awareness.

Question 24

What does critical infrastructure refer to?

Answer 24

Critical infrastructure refers to the physical and virtual infrastructure needed by society

This includes IT systems that provide overall health and safety for societies and economies.

Question 25

What is **operational technology** (OT)?

Answer 25

***OT*** hardware and software used to control industrial processes ## Footnote OT is essential for securing critical infrastructure.

Question 26

What are **industrial control systems** (ICS)?

Answer 26

***ICS*** automate and control industrial processes ## Footnote ICS includes equipment like robotics, sensors, and control systems.

Question 27

What is the purpose of **Supervisory Control and Data Acquisition** (SCADA)?

Answer 27

**SCADA** describes the equipment that controls industrial processes.

Question 28

What types of operating systems might be used in a SCADA environment?

Answer 28

* OS-9 * VxWorks * Linux variants * Windows variants ## Footnote Different devices may run specialized operating systems.

Question 29

Name some **targets of attackers** in critical infrastructure.

Answer 29

* Power grids * Fuel pipelines * Cellular services * Water supply systems * Hospitals (ransomware) ## Footnote These attacks can disrupt essential services.

Question 30

What are **programmable logic controllers** (PLCs)?

Answer 30

***PLCs*** physical firmware devices that execute *SCADA instructions* ## Footnote PLCs communicate with industrial devices and transmit telemetry data.

Question 31

What is a **distributed control system** (DCS)?

Answer 31

***DCS*** a system consisting of interconnected components controlling industrial processes ## Footnote DCS includes PLCs, sensors, and control stations.

Question 32

What is an **air-gapped network**?

Answer 32

**Air-gapped network** is a netowork with *no external connections to the Internet* ## Footnote Air-gapped networks enhance security for industrial control environments.

Question 33

Why is it important to consider the **device supply chain** in industrial control networks?

Answer 33

**Device supply chain** is important to *ensure components are not sourced from hostile nations* ## Footnote Supply chain security is crucial for maintaining the integrity of the network.

Question 34

True or false: **USB thumb drives** are recommended for use in air-gapped industrial control networks.

Answer 34

FALSE ## Footnote USB drives can introduce malware or security breaches.

Question 35

Which nmap command line parameter attempts to identify the OS?

Answer 35

***nmap -O***

Question 36

Which command allows you to interact with the **Metasploit framework**?

Answer 36

***msfconsole***

Question 37

Which threat hunting model takes the ***proactive*** approach?

Answer 37

***Hypothesis-based***

Question 38

How do *vulnerability scanning tools* **differ** from *network scanning tools*?

Answer 38

* **Network scanners** map what exists Network scanning = discovery “What hosts, ports, services, and pathways exist on this network?” * **Vulnerability scanners** judge what’s weak | Vulnerability scanning = assessment “Given what exists, what is misconfigured, outdated, or exploitable?” ## Footnote They operate in the same terrain but answer completely different questions |complementary but not interchangeable

Question 39

What type of attack is in effect when *malicious actors use* **Burpsuite**?

Answer 39

Man-in-the-Middle attack (MiTM)

Question 40

Which **documented set of procedures** helps an *organization detect, respond to, and limit the consequences of a cybersecurity incident*?

Answer 40

***Incident Response Plan***

Question 41

Which **phase of the incident response process** *focuses on limiting the scope and magnitude of an incident and preventing it from spreading further through the environment*?

Answer 41

***Containment***

Question 42

Which **final stage of the incident response process** involves a review of the incident to identify areas for improvement in future responses and update existing plans and policies?

Answer 42

***Lessons Learned***