Which of the following BEST describes why an MSA is helpful?
Which of the following BEST describes why an MSA is helpful?A . It contractually binds both parties to not disclose vulnerabilities.B . It reduces potential for scope creep.C . It clarifies the business arrangement by agreeing to specific terms.D . It defines the timelines for the penetration test.View AnswerAnswer: C...
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method.
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:A . HTTP POST method.B . HTTP OPTIONS method.C ....
Which of the following attack vectors would the attacker MOST likely use?
An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK. Which of the following attack vectors would the attacker MOST likely use?A . Capture a three-way handshake and crack itB . Capture a mobile device and crack its encryptionC . Create a rogue wireless access...
Analyze the code segments to determine which sections are needed to complete a port scanning script
DRAG DROP Instructions: Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script. If at any time you would like to bring back the initial state of the simulation, please click the...
Which of the following will be returned?
A penetration tester runs the following on a machine: Which of the following will be returned?A . 1B . 3C . 5D . 6View AnswerAnswer: B
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).A . ShodanB . SETC . BeEFD . WiresharkE . MaltegoF . DynamoView AnswerAnswer: A,E Explanation: References: https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/#gref
Which of the following is an example of a spear phishing attack?
Which of the following is an example of a spear phishing attack?A . Targeting an executive with an SMS attackB . Targeting a specific team with an email attackC . Targeting random users with a USB key dropD . Targeting an organization with a watering hole attackView AnswerAnswer: B Explanation:...
Which of the following tools will perform the attack?
A penetration tester is required to exploit a WPS implementation weakness . Which of the following tools will perform the attack?A . KarmaB . KismetC . PixieD . NetStumblerView AnswerAnswer: D Explanation: Reference: https://en.wikipedia.org/wiki/NetStumbler
Which of the following should be performed to escalate the privileges?
A penetration tester has successfully exploited a Windows host with low privileges and found directories with the following permissions: Which of the following should be performed to escalate the privileges?A . KerberoastingB . Retrieval of the SAM databaseC . Migration of the shell to another processD . Writable servicesView AnswerAnswer:...
Which of the following can the tester attempt to do with these?
A penetration tester locates a few unquoted service paths during an engagement . Which of the following can the tester attempt to do with these?A . Attempt to crack the service account passwords.B . Attempt DLL hijacking attacks.C . Attempt to locate weak file and folder permissions.D . Attempt privilege...