Typical enumeration targets on Windows vs Linux.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Typical enumeration targets on Windows vs Linux.

Explanation:
During enumeration, you gather the information that reveals how the target is structured and where weak points may lie. Windows environments are commonly probed for who has access, what resources are exposed on the network, and how security policies are enforced. That means looking at user accounts to see who can authenticate and what their privileges might be, SMB shares to discover accessible network resources and potential misconfigurations, and group policy settings to understand the security controls, password requirements, user rights, and auditing in place. In Linux, the focus shifts to privilege boundaries and configuration details that could be leveraged for escalation. Typical targets include system users to identify valid accounts and potential weak credentials, SUID binaries that can bypass normal permission checks, cron jobs that run with elevated privileges or at sensitive times, and installed packages to spot vulnerable software and known misconfigurations. This combination—Windows: user accounts, SMB shares, group policies; Linux: system users, SUID binaries, cron jobs, installed packages—captures the practical, real-world targets you’d enumerate to map security posture and plan further testing. Other options describe targets that aren’t representative of standard OS-level enumeration: kernel modules or BIOS aren’t the focus of initial enumeration, peripheral devices like printers or webcams aren’t central to typical OS security mapping, and DNS/DHCP details are network services rather than the core OS enumeration targets.

During enumeration, you gather the information that reveals how the target is structured and where weak points may lie. Windows environments are commonly probed for who has access, what resources are exposed on the network, and how security policies are enforced. That means looking at user accounts to see who can authenticate and what their privileges might be, SMB shares to discover accessible network resources and potential misconfigurations, and group policy settings to understand the security controls, password requirements, user rights, and auditing in place.

In Linux, the focus shifts to privilege boundaries and configuration details that could be leveraged for escalation. Typical targets include system users to identify valid accounts and potential weak credentials, SUID binaries that can bypass normal permission checks, cron jobs that run with elevated privileges or at sensitive times, and installed packages to spot vulnerable software and known misconfigurations.

This combination—Windows: user accounts, SMB shares, group policies; Linux: system users, SUID binaries, cron jobs, installed packages—captures the practical, real-world targets you’d enumerate to map security posture and plan further testing.

Other options describe targets that aren’t representative of standard OS-level enumeration: kernel modules or BIOS aren’t the focus of initial enumeration, peripheral devices like printers or webcams aren’t central to typical OS security mapping, and DNS/DHCP details are network services rather than the core OS enumeration targets.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy