Graded Quiz: Penetration Testing: Planning and Discovery Phases :Penetration Testing, Threat Hunting, and Cryptography (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
PCI-DSS compliance requires:
-
❌ Regular phishing tests
-
✅ Regular external and internal penetration testing
-
❌ Using cloud data storage
-
❌ MFA for all users (required only for certain roles, not “all users”)
Explanation:
PCI-DSS mandates annual external and internal penetration tests as part of maintaining cardholder data security.
2. Question 2
Best test to find vulnerabilities inside the mobile app:
-
❌ Network Pen Test
-
✅ Application Pen Test
-
❌ Hardware Pen Test
-
❌ Personnel Pen Test
Explanation:
Application penetration testing focuses on app logic, API calls, authentication flaws, and insecure data handling.
3. Question 3
Recommendation after finding chained vulnerabilities:
-
✅ Patch all identified vulnerabilities and implement strict access controls.
-
❌ Increase transactions
-
❌ Modify transaction records
-
❌ Ignore vulnerabilities
Explanation:
Chained vulnerabilities often allow privilege escalation. Fixing all of them and tightening access is essential.
4. Question 4
Critical step after gaining internal access via outdated Apache server:
-
❌ Deploy keyloggers
-
❌ Ignore system
-
❌ Fix Apache immediately
-
✅ Inform the network administrator of the breach immediately
Explanation:
Pen testers must maintain communication and follow the rules of engagement; immediate fixes are not their job.
5. Question 5
Testing scenario: former employee with partial insider knowledge → testers have some info.
-
✅ Gray-box Testing
-
❌ Blue-box Testing
-
❌ Black-box Testing
-
❌ White-box Testing
Explanation:
Gray-box = attacker has partial knowledge, similar to a disgruntled ex-employee.
6. Question 6
Discovery of high-risk vulnerabilities prompts a review of:
-
❌ Resource allocation
-
❌ Scope specification
-
❌ Communication plan
-
✅ Risk Assessment
Explanation:
High-risk findings must be re-evaluated in the risk assessment to adjust priorities and controls.
7. Question 7
To identify active devices and IP addresses, use:
-
❌ SSL certificate analysis
-
❌ Public forums
-
✅ Nmap network scan
-
❌ Domain registration assessment
Explanation:
Nmap is the standard tool for discovering live hosts and enumerating their IPs.
8. Question 8
Goal: gather personnel info without alerting anyone (passive recon).
-
✅ Use social media platforms to observe employee profiles
-
❌ Send phishing emails (active, alerting)
-
❌ Active directory enumeration (internal & noisy)
-
❌ Scan employee devices (illegal without approval)
Explanation:
Passive reconnaissance uses publicly available information without interacting with the target.
9. Question 9
To identify services running on open ports:
-
❌ Manual documentation
-
✅ Perform banner grabbing
-
❌ Vulnerability tool
-
❌ Network sniffer
Explanation:
Banner grabbing reveals service types and versions directly from open ports (e.g., via Nmap, Netcat).
10. Question 10
Best way to understand how a web application processes input:
-
❌ Network analysis
-
❌ Social engineering
-
❌ Reviewing source code (only possible in white-box tests)
-
✅ Analyze traffic patterns using a web proxy
Explanation:
Tools like Burp Suite or OWASP ZAP allow testers to inspect requests, responses, and user input handling.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Pen testing (internal + external) | PCI-DSS requirement |
| 2 | Application Pen Test | App-specific flaws |
| 3 | Patch vulnerabilities + access control | Chained vuln mitigation |
| 4 | Inform admin | Rules of engagement |
| 5 | Gray-box | Partial insider knowledge |
| 6 | Risk Assessment | Re-evaluating discovered risks |
| 7 | Nmap network scan | Host discovery |
| 8 | Social media recon | Passive info gathering |
| 9 | Banner grabbing | Service identification |
| 10 | Web proxy analysis | Input & data handling analysis |