- All Exams Instant Download
Which of the following would be unique to a credentialed scan?
A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?A . Exploits for vulnerabilities foundB . Detailed service configurationsC . Unpatched third-party softwareD . Weak access control configurationsView AnswerAnswer: A
Which of the following attack strategies should be prioritized from the scan results above?
A penetration tester identifies the following findings during an external vulnerability scan: Which of the following attack strategies should be prioritized from the scan results above?A . Obsolete software may contain exploitable componentsB . Weak password management practices may be employedC . Cryptographically weak protocols may be interceptedD . Web...
Which of the following describes the scoping target information MOST likely needed before testing can begin?
A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?A . The physical location and network ESSIDs to be testedB . The number of wireless devices owned by the clientC . The client's preferred wireless access...
Which of the following methods is the correct way to validate the vulnerability?
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?A . Download the GHOST file to a Linux system and compile gcc -o GHOST test i: ./GHOSTB . Download the GHOST file...
Which of the following Nmap commands should the consultant run?
A consultant is identifying versions of Windows operating systems on a network. Which of the following Nmap commands should the consultant run?A . nmap -T4 -v -sU -iL /tmp/list.txt -Pn ―script smb-system-infoB . nmap -T4 -v -iL /tmp/list .txt -Pn ―script smb-os-disccveryC . nmap -T4 -v -6 -iL /tmp/liat.txt -Pn...
perform ARP spoofing while maintaining a reliable connection?
A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been placed on a general user subnet with an IP address of 192.168.1.13 and a gateway of 192.168.1.1. Immediately after running the...
Which of the following is the MOST comprehensive type of penetration test on a network?
Which of the following is the MOST comprehensive type of penetration test on a network?A . Black boxB . White boxC . Gray boxD . Red teamE . Architecture reviewView AnswerAnswer: A Explanation: Reference: https://purplesec.us/types-penetration-testing/
Which of the following has MOST likely occurred?
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of...
You are a penetration Inter reviewing a client's website through a web browser
DRAG DROP Performance based You are a penetration Inter reviewing a client's website through a web browser. Instructions: Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate source or cookies. View AnswerAnswer: Explanation: Step 1...
Which of the following can be used to escape the limited shell and create a fully functioning TTY?
After successfully exploiting a local file inclusion vulnerability within a web application a limited reverse shell is spawned back to the penetration tester's workstation. Which of the following can be used to escape the limited shell and create a fully functioning TTY?A . per1 -e ' : set shall=/bin/bash:shell'B ....
