Skip to main content

Cyber Security - Penetration Testing MCQs and Solutions

Hello everyone! 
These Multiple Choice Questions are based on Penetration Testing which is also known as pen-testing. Pen-testing is related to computer security where legal professionals try to find out vulnerabilities of the system by attacking it. Here are some of the important and frequently asked questions of penetration testing.

Q 1) Penetration testing __________.

a. Does not determine the critical vulnerabilities 
b. Cannot be used to identify the vulnerabilities left undetected by automated vulnerability scanners 
c. Can evaluate the security of system or network
d. Is an unauthorized attempt to exploit a computer system

Solution: c. Can evaluate the security of system or network

Q 2) Before performing any penetration test through legal procedure, which key points listed below is not mandatory?

a. Know the nature of the organization
b. System and network
c. Characteristics of work done in the firm
d. Type of broadband company used by the firm

Solution: d. Type of broadband company used by the firm

Q 3) A penetration tester must identify and keep in mind the _______ requirements of a firm while evaluating the security postures.

a. Privacy and security
b. Rules and regulations
c. Hacking techniques
d. Ethics to talk to sensors

Solution: a. Privacy and security

Q 4) Which of the following is a test where in the pen-tester has partial knowledge about the target system/network?

a. Black box testing
b. White box testing
c. Gray box testing
d. Blue box testing

Solution: c. Gray box testing

Q 5) Which of the following are ways to conduct penetration testing?

a. Black Box testing, White Box testing, Gray Box Testing
b. Black Box testing, Red Box Testing, Gray Box Testing
c. White Box testing, Brown Box Testing, Red Box Testing
d. None of the above

Solution: a. Black Box testing, White Box testing, Gray Box Testing

Q 6) Find the wrong statement about penetration testing.

a. It is an unintentional attack
b. Pen-testing is used for security assessment
c. Pen testing improves the security of the system
d. Pen testing does discovers security weaknesses

Solution: a. It is an unintentional attack

Q 7) Which of the following is one of the important documents to be signed before the penetration test to safeguard interest of the concerned parties?

a. Non-disclosure agreement
b. Legal agreement
c. Service level agreement
d. All of these

Solution: a. Non-disclosure agreement

Q 8) ______ remains the same in both internal and external testing.

a. Target
b. Attacker
c. Both target and attacker
d. None of them

Solution: a. Target

Q 9) Pen testers will use _____ to protect the possibility of data leakage and to add another layer of security.

a. Code review
b. Vulnerability scan
c. Manual testing
d. All of them

Solution: a. Code review

Q 10) __________ saves time and resources, but is not accurate or professional.

a. Automated pen-testing
b. Manual pen-testing
c. Both of them
d. None of them

Solution: a. Automated pen-testing

Q 11) Identify the benefits of using automated tools.
                A:Faster           B:Computerized
                C:Accurate      D:In-depth coverage

a. A and D
b. C and D
c. A and B
d. B and C

Solution: c. A and B

Q 12) Identify the disadvantages of using automated tools. 
                A: Fast             
                B: Dependency on the vendor’s database 
                C: Only tests technical flow 
                D: Computerized

a. Only B
b. Only D
c. A and C
d. B and C

Solution: d. B and C

Q 13) Manual pen-testing requires ______ .
            A:Less planning                  B:Schedule 
            C:Attack design                  D:Automated tools

a. Only B
b. Only D
c. C and D
d. B and C

Solution: d. B and C

Q 14) Pick out the merits of manual testing. 
             A: Dependency on the skill of the tester         
             B: Accuracy 
             C: Possibility of forgetting                             
             D: Familiarity with new threats

a. B and C
b. B and D
c. C and D
d. All of them

Solution: b. B and D

Q 15) What are the disadvantages of manual testing? 
                 A. Awareness to new attack vendors 
                 B. Tests for both technical and business/logic flow 
                 C. Does not cover the entire system 
                 D. Slow

a. Only A
b. Only C
c. C and D
d. A and C

Solution: c. C and D

Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

How to Download and Install Jenkins on Windows Operating System.

Hello Everyone, This is a tutorial about how to download and install Jenkins on Windows Operating System. Jenkins is an open-source automation tool written in Java with plugins built for Continuous Integration purposes. Jenkins is used to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build. PREREQUISITE- Java Development Kit (JDK) and Java Runtime Environment (JRE). Currently 1.8 and 1.11 versions are supported by Jenkins. If other versions are installed, kindly reinstall 1.8 or 1.11. DOWNLOADING JENKINS- Step 1) Go to the website https://www.jenkins.io/ and click on the download option. Step 2) In the Downloading Jenkins section, select the LTS (Long Term Support) version for Windows. It is a more stable version with new updates every 2 or 3 months. Step 3) The Jenkins windows installer will be dow...
Post a Comment
Read more

50 + Interview Questions/Experiences of TCS DCA April 2021

Hello Everyone! This post is dedicated to the Interview Questions asked in TCS DCA. DCA which is Digital Capability Assessment is usually conducted for the internal employees of TCS who are selected for the Ninja profile. If DCA is cleared successfully, then the candidates are offered Digital profile. That means the profile changes from Assistant System Engineer to System Engineer . This year i.e., in 2021, TCS conducted DCA for the candidates who have received offer letter but not joined TCS as an employee yet. The original DCA which is conducted for internal employees has a different pattern and is not discussed in this post. Rather this post is dedicated to the DCA conducted in March and April 2021 for 2021 recruits. The DCA was conducted on 19 th and 20 th March 2021. The test had two coding questions. To sucessfully clear DCA, all the test cases of both the codes must be passed. In March DCA, a lot of students faced compile...
Post a Comment
Read more

IoE (Internet of Everything) Question Paper Solution (MCQs) for 2020 Mumbai University Examination Information Technology Semester 8

Hello Everyone! This article is based on the Multiple Choice Questions asked in the University Exam for the subject Internet of Everything. These MCQs were asked in the 2020 Mumbai University-BE-Information Technology-Semester 8 Exam for the subject- Internet of Everything. The question paper for each cluster is different. These MCQs were asked in the examination of one cluster. The question paper had 25 MCQs of 2 marks each. Q 1) ________ involves making smaller and smaller things with the ability to connect and interact. a. Smart Tech b. Micro Tech c. RFID Tech d. Nano Tech Solution: d) Nano Tech Q 2) RFID stands for? a. Radio frequency identification b. Random frequency identification c. Random frequen...
Post a Comment
Read more