PenTest+ Information Gathering & Vulnerability Identification

Question 1

What is the first step in information gathering during a penetration test?

Accepted Answer

Gathering OSINT information about the target

Answer

Identifying vulnerabilities.

Answer

Scanning the network for open ports.

Answer

Conducting brute-force attacks.

Question 2

What tool is commonly used for information gathering during a penetration test?

Accepted Answer

Nmap and Netcat

Answer

Wireshark

Answer

Metasploit

Answer

Aircrack-ng

Question 3

What is vulnerability identification in the context of penetration testing?

Accepted Answer

Scanning and identifying potential vulnerabilities in the systems

Answer

Finding software bugs.

Answer

Performing brute-force attacks.

Answer

Reducing network traffic.

Question 4

What is the importance of vulnerability scanning tools in penetration testing?

Accepted Answer

To automate the identification of known vulnerabilities

Answer

To discover unpatched systems.

Answer

To reduce the effectiveness of attacks.

Answer

To create phishing campaigns.

Question 5

What should be done after identifying vulnerabilities in a penetration test?

Accepted Answer

Report and assess risk for further testing

Answer

Immediately exploit the vulnerabilities.

Answer

Ignore the vulnerabilities.

Answer

Patch the systems without informing the client.

Question 6

How is social engineering used in information gathering?

Accepted Answer

By exploiting human behavior to gain information

Answer

By exploiting physical security systems.

Answer

By scanning networks.

Answer

By using brute-force tools.

Question 7

Why is information gathering critical for successful penetration testing?

Accepted Answer

It helps identify attack vectors and prioritize testing

Answer

It reduces the test duration.

Answer

It improves system security.

Answer

It eliminates the need for testing.

Question 8

What is the purpose of footprinting in penetration testing?

Accepted Answer

To gather information for identifying vulnerabilities

Answer

To conduct physical attacks.

Answer

To limit the test’s duration.

Answer

To assess security postures.

Question 9

What is the significance of a vulnerability assessment report?

Accepted Answer

To document vulnerabilities and suggest mitigation steps

Answer

To keep the vulnerabilities undisclosed.

Answer

To limit the number of systems tested.

Answer

To minimize the importance of vulnerabilities.