eJPT - eLearnSecurity Junior Penetration Tester Scanning and Enumeration Questions and Answers

Question 1

A penetration tester runs an Nmap scan with the command `nmap -sS 192.168.1.10`. What is the primary characteristic of this type of scan?

Accepted Answer

It is a stealth scan that does not complete the TCP three-way handshake.

Answer

It uses UDP packets to identify open ports.

Answer

It completes the full TCP three-way handshake.

Answer

It aggressively queries all 65,535 TCP ports by default.

Question 2

During an engagement, you suspect a misconfigured DNS server might leak information about the internal network structure. Which technique would be most effective for attempting to retrieve all DNS records from the server?

Accepted Answer

Attempting a DNS Zone Transfer (AXFR).

Answer

Brute-forcing subdomains using a common wordlist.

Answer

Performing a TCP Connect scan on port 53.

Answer

Sending an ICMP echo request to the DNS server.

Question 3

A penetration tester needs to gather as much information as possible from a Windows host over SMB, including users, shares, and password policies. Which of the following tools is specifically designed for this purpose?

Accepted Answer

Enum4linux

Answer

Netcat

Answer

Wireshark

Answer

Hydra

Question 4

While scanning a target, you want to identify the specific version of the software running on an open port to search for known vulnerabilities. Which Nmap command-line option would you use to achieve this?

Accepted Answer

-sV

Answer

-O

Answer

-A

Answer

-p-

Question 5

A junior penetration tester is tasked with enumerating SNMP on a network device at 10.10.5.25. They discover that the default read community string is set to 'public'. What kind of information can they likely obtain?

Accepted Answer

System information such as routing tables, hostnames, and user accounts.

Answer

The private SSH keys for the device administrator.

Answer

The ability to modify the device's running configuration.

Answer

Encrypted password hashes from the /etc/shadow file.

Question 6

Which of the following describes the purpose of 'banner grabbing' during the enumeration phase?

Accepted Answer

To connect to an open port to receive the introductory text or 'banner' sent by the service, often revealing its type and version.

Answer

To capture and analyze network traffic packets.

Answer

To perform a denial-of-service attack by sending a malicious banner to a service.

Answer

To identify the physical location of a server based on its network banner.