- All Exams Instant Download
When performing compliance-based assessments, which of the following is the MOST important Key consideration?
When performing compliance-based assessments, which of the following is the MOST important Key consideration?A . Additional rateB . Company policyC . Impact toleranceD . Industry typeView AnswerAnswer: D
Which of the following techniques would be the MOST appropriate?
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization. Which of the following techniques would be the MOST appropriate? (Select TWO)A . Query an Internet WHOIS database.B . Search posted job listings.C . Scrape the company website.D . Harvest users...
Please Answer Questions Follow The Prompts Below
DRAG DROP Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once View AnswerAnswer: Explanation:
Which of the following formats is the correct hash type?
If a security consultant comes across a password hash that resembles the following b117 525b3454 7Oc29ca3dBaeOb556ba8 Which of the following formats is the correct hash type?A . KerberosB . NetNTLMvlC . NTLMD . SHA-1View AnswerAnswer: D
A software development team recently migrated to new application software on the on-premises environment Penetration test findings show that multiple vulnerabilities exist If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM Which of the following is MOST important for confirmation?
A software development team recently migrated to new application software on the on-premises environment Penetration test findings show that multiple vulnerabilities exist If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM Which...
Which of the following commands would BEST accomplish this?
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?A . dsrm -users "DN=compony.com; OU=hq CN=usera"B . dsuser -name -account -limit 3C ....
You are a penetration Inter reviewing a client's website through a web browser
DRAG DROP Performance based You are a penetration Inter reviewing a client's website through a web browser. Instructions: Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate source or cookies. View AnswerAnswer: Explanation: Step 1...
Which of the following registry changes would allow for credential caching in memory?
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz. Which of the following registry changes would allow for credential caching in memory?A . reg add HKLMSystemControlSet002ControlSecurityProvidersWDigest /v userLogoCredential...
Which of the following issues may be exploited now?
The following command is run on a Linux file system: Chmod 4111 /usr/bin/sudo Which of the following issues may be exploited now?A . Kernel vulnerabilitiesB . Sticky bitsC . Unquoted service pathD . Misconfigured sudoView AnswerAnswer: B
Which of the following would a malicious actor do to exploit this configuration setting?
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?A . Use path modification to escape the application's framework.B . Create a frame that overlays the application.C . Inject a malicious...
