- All Exams Instant Download
Which of the following is a relevant approach to test this?
An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?A . Null sessionsB . Xmas scanC . ICMP floodD . SYN floodView AnswerAnswer: C
Based on the response, which of the following vulnerabilities exists?
A penetration tester is assessing the security of a web form for a client and enters “;id” in one of the fields. The penetration tester observes the following response: Based on the response, which of the following vulnerabilities exists?A . SQL injectionB . Session hijackingC . Command injectionD . XSS/XSRFView...
Which of the following file system vulnerabilities does this command take advantage of?
During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command: c: creditcards.db>c:winitsystem32calc.exe:creditcards.db Which of the following file system vulnerabilities does this command take advantage of?A . Hierarchical file systemB . Alternate data streamsC . Backdoor successD . Extended...
Which of the following conditions should a penetration tester specifically test for when performing an assessment?
A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).A . Cleartext exposure of SNMP trap dataB . Software bugs...
Which of the following types of attacks is likely occurring?
A senior employee received a suspicious email from another executive requesting an urgent wire transfer. Which of the following types of attacks is likely occurring?A . Spear phishingB . Business email compromiseC . VishingD . WhalingView AnswerAnswer: A Explanation: Reference: https://www.welivesecurity.com/2020/03/13/415pm-urgent-message-ceo-fraud/
Which of the following excerpts would come from a corporate policy?
Which of the following excerpts would come from a corporate policy?A . Employee passwords must contain a minimum of eight characters, with one being alphanumeric.B . The help desk can be reached at 800-passwd1 to perform password resets.C . Employees must use strong passwords for accessing corporate assets.D . The...
Which of the following social engineering techniques is the penetration tester using?
A penetration tester calls human resources and begins asking open-ended questions. Which of the following social engineering techniques is the penetration tester using?A . InterrogationB . ElicitationC . ImpersonationD . Spear phishingView AnswerAnswer: B
Which of the following BEST describes the technique that was used to obtain this information?
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain...
Which of the following BEST describes the reasoning for this?
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?A . Manufacturers developing IoT devices are less concerned with security.B . It is difficult for administrators to implement the same security standards across the board.C ....
Which of the following actions should the penetration tester take?
An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack. Which of the...
