Penetration Testing, Incident Response, and Forensics Quiz Answers

Penetration Testing, Incident Response, and Forensics Week 01 Quiz Answers

Quiz 01 – Planning and Discovery Knowledge Check ( Practice Quiz )

Q1. What type of scan can be conducted to determine what possible exploits exist given the client’s environment?

• Vulnerability Scan

Q2. What forms of discovery can be conducted offline?

• Dumpster Diving
• Social Engineering
• Shoulder Surfing

Q3. Network Mapping, Port Scanning, and Password Cracking are all forms of what type of discovery?

• Active

Q4. True or False: The Planning phase is considered a formality and can be skipped as long as you have the verbal agreement of the client.

• False

Attack and Reporting Knowledge Check ( Practice Quiz )

Q1. What level of access is ideal for a penetration tester to achieve in order to exploit a system?

• Admin/Root

Q2. Which of the following is NOT a common type of vulnerability?

• Phishing

Q3. Which portion of the pentest report gives a step-by-step account of how and why each exploit was conducted?

• Technical Review

Penetration testing tools ( Practice Quiz )

Q1. Which tool lets you log network traffic and analyze it?

• Wireshark

Q2. Which software serves as a toolbox, providing access to hundreds of other tools and resources?

• Kali Linux

Q3. Which tool is used primarily for password cracking?

• John the Ripper

Quiz 02 – Penetration Test Graded Quiz ( Main Quiz )

Q1. Which of the following is NOT a phase of a penetration test?

• Reviewing

Q2. In which phase of penetration testing do you recommend solutions to address any exploited vulnerabilities?

• Reporting

Q3. Which portion of the pentest report gives a high-level detail of how the test went and what goals were accomplished?

• Executive Summary

Q4. Throughout the attack phase of a pentest, you may need to revisit which other phase as you gain further access into a system? 

• Discovery

Q5. What method of gathering information can be used to get information about a website that is not readily available?

• Google Dorking

Q6. Which two (2) privacy laws do you need to take into consideration when potentially gaining access to private customer information?

• Health Insurance Portability and Accountability Act (HIPPA)
• General Data Protection Regulation (GDPR)

Q7. Guessing passwords or running a password cracking software engages in what type of attack to gain access to a system?

• Brute Force

Q8. What document would protect the privacy of your client and their customers?

• Non Disclosure Agreement (NDA)

Q9. Gaining access to a system can occur in which two phases?

• Discovery and Attack

Q10. Conducting a pentest as if you were an external hacker with no resources is known as what type of test?

• Black Box

Penetration Testing, Incident Response, and Forensics Week 02 Quiz Answers

Quiz 01 – Incident Response Knowledge Check

Q1. Which three (3) of the following are phases of incident response?

• Detection & Analysis
• Containment, Eradication & Recovery
• Preparation

Q2. Which statement is true about an event?

• An event may be totally benign, like receiving an email.

Q3. True or False: A robust automated incident response system should be able to detect and prevent loss from all incidents.

• False

Q4. Which three (3) are common Incident Response Team models?

• Central
• Coordinating
• Distributed

Q5. A well-automated Incident Response system should be able to detect which three (3) of these common attack vectors?

• An unauthorized removable drive being attached to the network.
• A brute force hacking attack.
• An email phishing attack.

Q6. Which three (3) of the following are components of an Incident Response Policy?

• IR Policy testing responsibility.
• Means, tools and resources available.
• Identity of IR team members.

Q7. Contact information, Smartphones, and Secure storage facilities all belong to which Incident Response resource category?

• Incident Handler Communications and Facilities.

Q8. Which three (3) of the following would be considered an incident detection precursor?

• An announced threat against your organization from an activist group.
• A vendor notice of a vulnerability to a product you own.
• Detecting the use of a vulnerability scanner

Q9. Which type of monitoring system detects anomalous network traffic but typically does not take action beyond sending an alert to an administrator?

• IDS

Q10. True or False: The Incident Response team should keep their documentation as concise as possible so only the most important facts take up the attention of the team leadership.

• False

Q11. What is the proper classification for a data breach that resulted in the exposure of sensitive personally identifiable information (PII)?

• Privacy Breach

Q12. What is the proper classification for the recovery effort from a breach if you can estimate the total effort required but it will require bringing in additional resources?

• Supplemented

Q13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Potential damage to and theft of resources, Need for evidence preservation, and Service availability?

• Containment

Q14. Which Post Incident activity would include ascertaining exactly what happened and at what times?

• Lessons learned meeting 

Quiz 02 – Incident Response Graded Quiz ( Main Quiz )

Q1. Select the missing phase of Incident Response: Preparation, _____, Containment, Eradication & Recovery, Post Incident Activity.

• Detection and Analysis

Q2. Which statement is true about an incident?

• An incident is an event that negatively affects IT systems.

Q3. True or False: A Coordinating Incidents Response Team provides advice and guidance to the Distributed IR teams in each department, but generally does not have specific authority over those teams.

• True

Q4. Which Incident Response Team model describes a team that has authority over all aspects of IR within the entire organization?

• Central

Q5. In what way will having a set of predefined baseline questions will help you in the event of an incident?

• Coordinate with other teams and the media.

Q6. Incident Response team resources can be divided into which three (3) of the following categories?

• Incident Handler Communications and Facilities
• Incident Analysis Resources
• Incident Analysis Hardware and Software

Q7. Port lists, Documentation, and Cryptographic hashes all belong to which Incident Response resource category?

• Incident Analysis Resources

Q8. Which three (3) of the following would be considered an incident detection indicator?

• An application log showing numerous failed login attempts from an unknown remote system.
• A significant deviation from typical network traffic flow patterns.
• The discovery of a file containing unusual characters by a system administrator.

Q9. Which type of monitoring system analyzes logs and events in real-time?

• SIEM

Q10. True or False: Highly detailed and thorough documentation is needed to support the analysis of current and future incidents.

• True
• False

Q11. What is the proper classification for a breach that results in sensitive or proprietary information being changed or deleted?

• Integrity Loss

Q12. What is the proper classification for the recovery effort from a breach if sensitive data was stolen and posted on a public website?

• Not Recoverable

Q13. During which stage of a comprehensive Containment, Eradication & Recovery strategy does NIST recommend considering the following: Eliminate components of the incident, Disable compromised accounts, and Identify and mitigate vulnerabilities?

• Eradication

Q14. Which Post Incident activity would include reviewing response times, which systems were impacted, and other metrics associated with the incident?

• Utilizing collected data

Penetration Testing, Incident Response, and Forensics Week 03 Quiz Answers

Quiz 01 – Forensic Course Overview Knowledge Check

Q1. Digital forensics can be defined as the application of science to the identification, collection, examination, and analysis of what?

• Data

Q2. According to NIST, the four (4) steps of the forensic process include which? (Select 4)

• Collection
• Examination
• Analysis
• Reporting

The Forensics Process Knowledge Check ( Practice Quiz )

Q1. According to NIST, a forensic analysis should include four elements, Places, Items, Events, and what?

• People

Q2. True or False. Digital forensics report must contain details of every test conducted, the methods and tools used, and the results.

• True

Q3. Which section of a digital forensics report would contain a list of the steps you have taken to ensure the integrity of the evidence?

• Forensic Acquisition & Examination Preparation

Q4. Network activity, Application usage, Logs, and Keystroke monitoring are all sources of what?

• Data

Q5. What are the three (3) main hurdles that must be overcome when examining data? (Select 3)

• Bypassing controls such as operating system and encryption passwords.
• Selecting the most effective tools to help with the searching and filtering of data.
• Dealing with a sea of data. A single hard drive will contains many thousands of files that are not relevant to our investigation.

Forensic Data Knowledge Check ( Practice Quiz )

Q1. True or False. Only data files can be effectively analyzed during a forensic analysis.

• False

Q2. Most data files are smaller than the number of blocks allocated to their storage by the file system, the unused spaces are known as what?

• Slack space

Q3. What does file metadata known as “MAC” data stand for in the context of a forensic analysis?

• Modification, Access and Creation times

Q4. Open files are considered which data type?

• Volatile

Q5. True or False. When collecting forensic data from a running system, you should always attempt to collect volatile data first.

• True

Q6. Which operating system has a “Target Disk Mode” that allows a forensic investigator to easily make a copy of the target hard drive?

• Mac OS X

Q7. Which three (3) of the following are application components? (Select 3)

• Supporting files
• Log files
• Configuration settings

Q8. Which of these applications would likely be of the most interest in forensic analysis?

• Email

Q9. What useful forensic data can be extracted from the Application layer of the TCP/IP protocol stack?

• HTTP addresses

Q10. Which device would you inspect if you were looking for failed attempts to penetrate your company’s network?

• Firewall

Quiz 02 – Digital Forensics Assessment ( Main Quiz )

Q1. Digital forensics is commonly applied to which of the following activities?

• All of the above

Q2. Does NIST include three (3) steps in collecting data? (Select 3)

• Develop a plan to aquire the data
• Acquire the data
• Verify the integrity of the data

Q3. What is the primary purpose of maintaining a chain of custody?

• To avoid allegations of mishandling or tampering of evidence.

Q4. True or False. Digital forensics had been used to solve a number of high-profile violent crimes.

• True

Q5. True or False. A digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.

• False

Q6. Which section of a digital forensics report would include using the best practices of taking lots of screenshots, using built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?

• Findings & Analysis

Q7. Which types of files are appropriate subjects for forensic analysis?

• All of the above

Q8. Deleting file results in what action by most operating systems?

• The memory registers used by the file are marked as available for new storage but are otherwise not changed.

Q9. Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?

• A logical backup

Q10. How does a forensic analysis use hash sets acquired from NIST’s Software Reference Library project?

• They can quickly eliminate known good operating system and application files from consideration.

Q11. Which three (3) of the following data types are considered non-volatile? (Select 3)

• Dump files
• Logs
• Swap files

Q12. Configuration files are considered which data type?

• Non-volatile

Q13. True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.

• False

Q14. Which three (3) of the following are application components? (Select 3)

• Application architecture
• Authentication mechanisms
• Data files

Q15. Which of these applications would likely be of the least interest in forensic analysis?

• Patch files

Q16. The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)

• ICMP
• IPv4 / IPv6

Q17. Which device would you inspect if you were looking at event data correlated across a number of different network devices?

• Remote access server

Q18. Which of these sources might require a court order in order to obtain the data for forensic analysis?

• ISP records

Penetration Testing, Incident Response, and Forensics Week 04 Quiz Answers

Quiz 01 – Scripting Overview Knowledge Check

Q1. Which organization is credited with creating the first scripting language?

• IBM Corporation

Q2. Which concept of a scripting language helps with repetitive tasks?

• Loops

Q3. Which three (3) of the following are scripting languages? (Select 3)

• PowerShell
• JavaScript
• JCL

Q4. True or False. JavaScript greatly improved the functionality of web pages.

• True

Q5. Which Scripting language uses 1s and 0s in a two symbol system?

• Binary

Python Scripting Knowledge Check

Q1. Python can be best described as what?

• A high-level scripting language.

Q2. True or False. Extensive free resources are available on the web to make it relatively easy to learn Python.

• True

Q3. Indentations are used in Python code for which reason?

• To define a block of code and are required.

Q4. What file type is commonly used to store Python code?

• .py

Q5.

In the Python statement 

 pi=3 

What is the data type of the variable pi?

• int

Q6. True or False. In the Python statements below 

     Example1=’A’ 

     Example2=”B” 

Example1 is a character variable type while Example2 is a string variable type.

• False

Q7.   What will be printed by this Python code block? 

     pi=3 

     pi3=3*pi 

     print(pi3)

• 9

Q8. True or False. A tuple in Python is similar to a list but it is an immutable data type so its values cannot be changed after they are first set.

• True

Q9. How many times will a while loop execute in Python?

• As long as the specified condition is true.

Q10. True or False. Python functions must be purchased or downloaded in libraries from Python development companies. You must have Python SDK in order to develop your own functions.

• False

Q11. Which two (2) of these Python libraries provide useful scientific computing functions? (Select 2)

• Pandas
• NumPy

Quiz 02 – Introduction to Scripting Assessment

Q1. What was considered to be the first scripting language?

• JCL

Q2. Which concept of a scripting language is a memory address paired with a symbolic name (or identifier) which contains a value?

• Variables

Q3. Which three (3) of the following are scripting languages? (Select 3)

• Bash
• Perl
• Hex

Q4. Which Scripting language is a task automation and configuration management framework from Microsoft?

• PowerShell

Q5. Which is an example of how scripts are commonly used today?

• Task automation

Q6. What scripting concept is widely used across different languages to process a set of instructions over and over again until a specified condition is met?

• Loops

Q7. Bash is a scripting language developed for use with which operating system?

• UNIX

Q8. Which Python command would print out “Hello World”?

• print(“Hello World”)

Q9. Why does Python often take fewer lines of code to accomplish a task than C or Java?

• Python can utilize extensive function libraries.

Q10. How many spaces must be used to indent a block of code in Python?

• Any number 1 or more as long as the same indentation is used within a code block.

Q11. What will Python do when it encounters the hash character “#”?

• Treat everything to the right of the hash on the current line as a comment.

Q12. What will be printed by this Python code block? 

pi=3.14159

pi=int(pi)

print(pi)

• 3

Q13. True or False. In the Python statements below 

Example1=”3″ 

Example1 is a string variable type.

• True

Q14. What will be printed by this Python code block? 

      pi=”3″ 

     pi3=3*pi 

     print(pi3)

• 333

Q15. How many times will the following Python for loop be executed assuming UNMembers is a list of the 193 members of the United Nations General Assembly? 

     for the country in UNMembers:

           print(country) 

• 193

Q16. What is one good reason to write your own function in Python?

• There is no library function already written that will do what you need

Q17. Which two (2) of these Python libraries provide useful graphics and visualization functions? (Select 2)

• Seaborn
• Matplotlib

All Course Quiz Answers of IBM Cybersecurity Analyst Professional Certificate

Course 01: Introduction to Cybersecurity Tools & Cyber Attacks

Course 02: Cybersecurity Roles, Processes & Operating System Security

Course 03: Cybersecurity Compliance Framework & System Administration

Course 04: Network Security & Database Vulnerabilities

Course 05: Penetration Testing, Incident Response, and Forensics

Course 06: Cyber Threat Intelligence

Course 07: Cybersecurity Capstone: Breach Response Case Studies

Course 08: IBM Cybersecurity Analyst Assessment