- All Exams Instant Download
Which of the following protocols is being exploited?
A penetration tester is exploiting the use of default public and private community strings. Which of the following protocols is being exploited?A . SMTPB . DNSC . SNMPD . HTTPView AnswerAnswer: A
Which of the following techniques is suitable to attempt this?
A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box . Which of the following techniques is suitable to attempt this?A . Employ NBNS poisoning.B . Perform ARP spoofing.C . Conduct a phishing...
Which of the following types of files could the tester BEST use for privilege escalation?
A penetration tester has access to a local machine running Linux, but the account has limited privileges . Which of the following types of files could the tester BEST use for privilege escalation?A . Binaries stored in /usr/binB . Files with permission 4xxxC . Files stored in /root directoryD ....
Which of the following commands would be BEST to return results?
A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command: nmap 100.100/1/0-125 Which of the following commands would be BEST to return results?A . nmap -Pn...
In which of the following scenarios would a tester perform a Kerberoasting attack?
In which of the following scenarios would a tester perform a Kerberoasting attack?A . The tester has compromised a Windows device and dumps the LSA secrets.B . The tester needs to retrieve the SAM database and crack the password hashes.C . The tester has compromised a limited-privilege user and needs...
Which of the following steps would BEST help with the passive-information-gathering process?
A penetration tester has been assigned to perform an external penetration assessment of a company . Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)A . Wait outside of the company’s building and attempt to tailgate behind an employee.B . Perform a vulnerability scan against...
Which of the following should the penetration tester spoof to get the MOST information?
A penetration tester is performing ARP spoofing against a switch . Which of the following should the penetration tester spoof to get the MOST information?A . MAC address of the clientB . MAC address of the domain controllerC . MAC address of the web serverD . MAC address of the...
CORRECT TEXT
CORRECT TEXT You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like...
Which of the following are possible ways to do so?
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5 . Which of the following...
Which of the following registry changes would allow for credential caching in memory?
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz. Which of the following registry changes would allow for credential caching in memory?A . reg add HKLMSystemControlSet002ControlSecurityProvidersWDigest /v userLogoCredential...
