- All Exams Instant Download
A technician is reviewing the following report
DRAG DROP A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the “false positive” token to the “Confirmed” column for each vulnerability that is a false positive. View AnswerAnswer:
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)A . The tester discovers personally identifiable data on the systemB . The system shows evidence of prior unauthorized compromiseC . The system shows a lack of...
To exploit this vulnerability, which of the following criteria must be met?
While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria must be met?A . Permissions not disabled in the DLLB . Weak folder permissions of...
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple butter overflow?A . Stack pointer registerB . Index pointer registerC . Stack base pointerD . Destination index registerView AnswerAnswer: A
Which of the following methods would be MOST easily detected?
After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?A . Run a zero-day exploit.B . Create a new...
Which of the following is a Meterpreter command that is used to harvest locally stored credentials?
A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?A . backgroundB . hashdumpC . sessionD . getuidE . psexecView AnswerAnswer: B Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/meterpreter-shell
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).A . ShodanB . SETC . BeEFD . WiresharkE . MaltegoF . DynamoView AnswerAnswer: A,E Explanation: References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
Which of the following has MOST likely occurred?
A penetration tester is performing a validation scan after an organization remediated a vulnerability on port 443. The penetration tester observes the following output: Which of the following has MOST likely occurred?A . The scan results were a false positive.B . The IPS is blocking traffic to port 443C ....
Which of the following is the reason why a penetration tester would run the chkconfig --del service name command at the end of an engagement?
Which of the following is the reason why a penetration tester would run the chkconfig --del service name command at the end of an engagement?A . To remove the persistenceB . To enable penitenceC . To report persistenceD . To check for persistenceView AnswerAnswer: A
Which of the following is the MOST likely explanation of what happened?
After several attempts, an attacker was able to gain unauthorized access through a biometric sensor using the attacker's actual fingerprint without exploitation. Which of the following is the MOST likely explanation of what happened?A . The biometric device is tuned more toward false positivesB . The biometric device is configured...
