MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?
Question2: A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.Which of the following attack types is MOST concerning to the company?
Question3: In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
Question4: A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.Which of the following is the BEST way to ensure this is a true positive?
Question5: A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.Which of the following should be included as a recommendation in the remediation report?
Question6: A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
Question7: A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
Question8: A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?
Question9: A penetration tester conducted a discovery scan that generated the following:Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
Question10: Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Question11: A penetration tester conducts an Nmap scan against a target and receives the following results:Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
Question12: A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router.Which of the following is MOST vulnerable to a brute-force attack?
Question13: Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Question14: A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:* Connected to 10.2.11.144 (::1) port 80 (#0)> GET /readmine.html HTTP/1.1> Host: 10.2.11.144> User-Agent: curl/7.67.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 200< Date: Tue, 02 Feb 2021 21:46:47 GMT< Server: Apache/2.4.41 (Debian)< Content-Length: 317< Content-Type: text/html; charset=iso-8859-1<<!DOCTYPE html><html lang="en"><head><meta name="viewport" content="width=device-width" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>WordPress › ReadMe</title><link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css" /></head>Which of the following tools would be BEST for the penetration tester to use to explore this site further?
Question15: A tester who is performing a penetration test on a website receives the following output:Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?
Question16: A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
Question17: A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?
Question18: Given the following output:User-agent:*Disallow: /author/Disallow: /xmlrpc.phpDisallow: /wp-adminDisallow: /page/During which of the following activities was this output MOST likely obtained?
Question19: A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
Question20: A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
Question21: A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
Question22: A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
Question23: Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Question24: A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
Question25: A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?
Question26: A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.Which of the following describes the scope of the assessment?
Question27: A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:Which of the following would be a recommendation for remediation?
Question28: During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONSAnalyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question29: A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?
Question30: A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.Which of the following tools can help the tester achieve this goal?
Question31: A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
Question32: A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
Question33: You are a penetration tester reviewing a client's website through a web browser.INSTRUCTIONSReview all components of the website through the browser to determine if vulnerabilities are present.Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question34: User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
Question35: A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
Question36: In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?
Question37: A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?
Question38: A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.Which of the following should the tester verify FIRST to assess this risk?
Question39: A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.Which of the following can be done with the pcap to gain access to the server?
Question40: A consultant is reviewing the following output after reports of intermittent connectivity issues:? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?
Question41: The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a"probable port scan" alert in the organization's IDS?
Question42: A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
Question43: A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
Question44: A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?