Skip to main content

Cyber Security - Penetration Testing MCQs and Solutions

Hello everyone! 
These Multiple Choice Questions are based on Penetration Testing which is also known as pen-testing. Pen-testing is related to computer security where legal professionals try to find out vulnerabilities of the system by attacking it. Here are some of the important and frequently asked questions of penetration testing.

Q 1) Penetration testing __________.

a. Does not determine the critical vulnerabilities 
b. Cannot be used to identify the vulnerabilities left undetected by automated vulnerability scanners 
c. Can evaluate the security of system or network
d. Is an unauthorized attempt to exploit a computer system

Solution: c. Can evaluate the security of system or network

Q 2) Before performing any penetration test through legal procedure, which key points listed below is not mandatory?

a. Know the nature of the organization
b. System and network
c. Characteristics of work done in the firm
d. Type of broadband company used by the firm

Solution: d. Type of broadband company used by the firm

Q 3) A penetration tester must identify and keep in mind the _______ requirements of a firm while evaluating the security postures.

a. Privacy and security
b. Rules and regulations
c. Hacking techniques
d. Ethics to talk to sensors

Solution: a. Privacy and security

Q 4) Which of the following is a test where in the pen-tester has partial knowledge about the target system/network?

a. Black box testing
b. White box testing
c. Gray box testing
d. Blue box testing

Solution: c. Gray box testing

Q 5) Which of the following are ways to conduct penetration testing?

a. Black Box testing, White Box testing, Gray Box Testing
b. Black Box testing, Red Box Testing, Gray Box Testing
c. White Box testing, Brown Box Testing, Red Box Testing
d. None of the above

Solution: a. Black Box testing, White Box testing, Gray Box Testing

Q 6) Find the wrong statement about penetration testing.

a. It is an unintentional attack
b. Pen-testing is used for security assessment
c. Pen testing improves the security of the system
d. Pen testing does discovers security weaknesses

Solution: a. It is an unintentional attack

Q 7) Which of the following is one of the important documents to be signed before the penetration test to safeguard interest of the concerned parties?

a. Non-disclosure agreement
b. Legal agreement
c. Service level agreement
d. All of these

Solution: a. Non-disclosure agreement

Q 8) ______ remains the same in both internal and external testing.

a. Target
b. Attacker
c. Both target and attacker
d. None of them

Solution: a. Target

Q 9) Pen testers will use _____ to protect the possibility of data leakage and to add another layer of security.

a. Code review
b. Vulnerability scan
c. Manual testing
d. All of them

Solution: a. Code review

Q 10) __________ saves time and resources, but is not accurate or professional.

a. Automated pen-testing
b. Manual pen-testing
c. Both of them
d. None of them

Solution: a. Automated pen-testing

Q 11) Identify the benefits of using automated tools.
                A:Faster           B:Computerized
                C:Accurate      D:In-depth coverage

a. A and D
b. C and D
c. A and B
d. B and C

Solution: c. A and B

Q 12) Identify the disadvantages of using automated tools. 
                A: Fast             
                B: Dependency on the vendor’s database 
                C: Only tests technical flow 
                D: Computerized

a. Only B
b. Only D
c. A and C
d. B and C

Solution: d. B and C

Q 13) Manual pen-testing requires ______ .
            A:Less planning                  B:Schedule 
            C:Attack design                  D:Automated tools

a. Only B
b. Only D
c. C and D
d. B and C

Solution: d. B and C

Q 14) Pick out the merits of manual testing. 
             A: Dependency on the skill of the tester         
             B: Accuracy 
             C: Possibility of forgetting                             
             D: Familiarity with new threats

a. B and C
b. B and D
c. C and D
d. All of them

Solution: b. B and D

Q 15) What are the disadvantages of manual testing? 
                 A. Awareness to new attack vendors 
                 B. Tests for both technical and business/logic flow 
                 C. Does not cover the entire system 
                 D. Slow

a. Only A
b. Only C
c. C and D
d. A and C

Solution: c. C and D

Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

Statistics - MCQs

STATISTICS  This article contains few statistics MCQs related to mean, median, mode and standard deviation, asked in TCS Freshers placements. Q 1) The mean of the median, the mode and the range of the following data: 15, 10, 17, 13, 25, 17, 11, 18, 14, 19, 12, 20 a. 15 b. 16(2/3) c. 16 d. 15(1/3) Solution: c) 16 Arrange the data in increasing order- 10,11,12,13,14,15,17,17,18,19,20,25 Median = (Sum of the middle two terms)/2 = (15+17) /2 = 16 Mode = Number repeating the most number of times = 17 Range =10 to 25 = 15 Mean of median, mode and range = (16+17+15) /3 =16 Q 2) What is the mean of the mode and the median on the following data? 12, 28, 26, 27, 17, 16, 22, 25, 15, 16,...
Post a Comment
Read more

IoE (Internet of Everything) Question Paper Solution (MCQs) for 2020 Mumbai University Examination Information Technology Semester 8

Hello Everyone! This article is based on the Multiple Choice Questions asked in the University Exam for the subject Internet of Everything. These MCQs were asked in the 2020 Mumbai University-BE-Information Technology-Semester 8 Exam for the subject- Internet of Everything. The question paper for each cluster is different. These MCQs were asked in the examination of one cluster. The question paper had 25 MCQs of 2 marks each. Q 1) ________ involves making smaller and smaller things with the ability to connect and interact. a. Smart Tech b. Micro Tech c. RFID Tech d. Nano Tech Solution: d) Nano Tech Q 2) RFID stands for? a. Radio frequency identification b. Random frequency identification c. Random frequen...
Post a Comment
Read more

Android Architecture Stack

Hello Everyone! In this article we are discussing about the android architecture. It is essential for all the android application developers to understand the android architecture to get a clearer idea about the structure on which the application is made. From the exam point of view, the android architecture stack question has been asked several times (sometimes along with the Dalvik Virtual Machine ). Android operating system is a stack of software components which is roughly divided into five sections and four layers. The five sections of android architecture are- Linux kernel Libraries Android Runtime Application Framework Applications This is a layered architecture with each section having a different functionality. A) Linux Kernel - It is the bottom most layer of the architecture. This is the kernel on which android is based. This layer provides a level of abstraction between the hardware devices. It also contains all the l...
Post a Comment
Read more