Quiz CompTIA-PT0-002

The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.

"A significant issue identified by Wiberg is that using active network scanners, such as Nmap, presents a weakness when attempting port recognition or service detection on SCADA devices. Wiberg states that active tools such as Nmap can use unusual TCP segment data to try and find available ports. Furthermore, they can open a massive amount of connections with a specific SCADA device but then fail to close them gracefully." And since SCADA and ICS devices are designed and implemented with little attention having been paid to the operational security of these devices and their ability to handle errors or unexpected events, the presence idle open connections may result into errors that cannot be handled by the devices. Reference: https://www.hindawi.com/journals/scn/2018/3794603/

As mentioned in question 1, the SOW describes the specific activities, deliverables, and schedules for a penetration tester. The other documents are not relevant for this purpose. An NDA is a non- disclosure agreement that protects the confidentiality of the client’s information. An MSA is a master service agreement that defines the general terms and conditions of a business relationship. An MOU is a memorandum of understanding that expresses a common intention or agreement between parties.

PLCs are programmable logic controllers that execute logic operations on input signals from sensors and output signals to actuators. They are often connected to supervisory systems that provide human-machine interfaces and data acquisition functions. If both systems are connected to the company intranet, they are exposed to potential attacks from internal or external adversaries. A valid assumption is that controllers will not validate the origin of commands, meaning that an attacker can send malicious commands to manipulate or sabotage the industrial process. The other assumptions are not valid because they contradict the facts or common practices.

According to the CompTIA PenTest+ Study Guide, Exam PT0-0021, a statement of work (SOW) is a document that defines the scope, objectives, deliverables, and terms of a penetration testing project. It is a formal agreement between the service provider and the client that specifies what is expected from both parties, including the timeline, budget, resources, and responsibilities. A SOW is essential for any penetration testing engagement, as it helps to avoid misunderstandings, conflicts, and legal issues. The CompTIA PenTest+ Study Guide also provides an example of a SOW template that covers the following sections1: Project overview: A brief summary of the project’s purpose, scope, objectives, and deliverables. Project scope: A detailed description of the target system, network, or application that will be tested, including the boundaries, exclusions, and assumptions. Project objectives: A clear statement of the expected outcomes and benefits of the project, such as identifying vulnerabilities, improving security posture, or complying with regulations. Project deliverables: A list of the tangible products or services that will be provided by the service provider to the client, such as reports, recommendations, or remediation plans. Project timeline: A schedule of the project’s milestones and deadlines, such as kickoff meeting, testing phase, reporting phase, or closure meeting. Project budget: A breakdown of the project’s costs and expenses, such as labor hours, travel expenses, tools, or licenses. Project resources: A specification of the project’s human and technical resources, such as team members, roles, responsibilities, skills, or equipment. Project terms and conditions: A statement of the project’s legal and contractual aspects, such as confidentiality, liability, warranty, or dispute resolution. The CompTIA PenTest+ Study Guide also explains why having a SOW is important before starting an assessment1: It establishes a clear and mutual understanding of the project’s scope and expectations between the service provider and the client. It provides a basis for measuring the project’s progress and performance against the agreed-upon objectives and deliverables. It protects both parties from potential risks or disputes that may arise during or after the project.

Https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download- malware-while-bypassing-av/ --- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk The certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities. However, it can also be abused by attackers to download files from remote servers using the –urlcache option. In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.

Option is correct. 1. Reflected XSS - Input sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. DOM XSS - Input Sanitization (<> ...) 4. Local File Inclusion - sandbox req 5. Command Injection - sandbox req 6. SQLi union - paramtrized queries 7. SQLi error - paramtrized queries 8. Remote File Inclusion - sandbox 9. Command Injection - input saniti $ 10. URL redirect - prevent external calls

S/MIME stands for Secure/Multipurpose Internet Mail Extensions and is a standard for encrypting and signing email messages. It uses public key cryptography to ensure the confidentiality, integrity, and authenticity of email communications. FTPS is a protocol for transferring files securely over SSL/TLS, but it is not used for emailing. DNSSEC is a protocol for securing DNS records, but it does not protect email content. AS2 is a protocol for exchanging business documents over HTTP/S, but it is not used for emailing. Reference: https://searchsecurity.techtarget.com/answer/What-are-the-most-important-email- security- protocols

The key findings indicate that the network device is vulnerable to several attacks, such as sniffing, brute-forcing, or exploiting the SSH daemon. To prevent these attacks, the best recommendations are to create an out-of-band network for management, which means a separate network that is not accessible from the production network, and to implement a better method for authentication, such as SSH keys or certificates. The other options are not as effective or relevant.

The ping –A command sends an ICMP echo request with a specified TTL value and displays the response. The TTL value indicates how many hops the packet can traverse before being discarded. Different OSs have different default TTL values for their packets. Windows uses 128, Apple uses 64, Linux uses 64 or 255, and Android uses 64. Therefore, a packet with a TTL of 128 is most likely from a v Windows OS. Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with- ping/