- All Exams Instant Download
Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?
Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?A . MimikatzB . BeEFC . NiktoD . PatatorView AnswerAnswer: C Explanation: Reference: https://www.freecodecamp.org/news/an-introduction-to-web-server-scanning-with-nikto/
Which of the following commands should the tester run on the compromised system?
A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system. Which of the following commands should the tester run on the compromised system?A . nc looalhot 4423B . nc -nvlp 4423 -« /bin/bashC . nc 10.0.0.1...
Which of the following is MOST likely the issue?
A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly . Which of the following is MOST likely the issue?A . The penetration tester was not provided...
Which of the following Nmap switches will complete this task?
A constant wants to scan all the TCP Pots on an identified device . Which of the following Nmap switches will complete this task?A . -p-B . -p ALX,C . -p 1-65534D . -port 1-65534View AnswerAnswer: C
Which of the following would be the correct syntax to create a Netcat listener on the device?
A penetration tester has compromised a host . Which of the following would be the correct syntax to create a Netcat listener on the device?A . nc -lvp 4444 /bin/bashB . nc -vp 4444 /bin/bashC . nc -p 4444 /bin/bashD . nc -lp 4444 Ce /bin/bashView AnswerAnswer: A Explanation: Reference:...
When performing compliance-based assessments, which of the following is the MOST important Key consideration?
When performing compliance-based assessments, which of the following is the MOST important Key consideration?A . Additional rateB . Company policyC . Impact toleranceD . Industry typeView AnswerAnswer: D
Which of the following steps must the firm take before it can run a static code analyzer?
A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode . Which of the following steps must the firm take before it can run a static code analyzer?A . Run...
Which of the following hashes can the penetration tester use to perform a pass-the-hash attack?
A penetration tester successfully exploits a Windows host and dumps the hashes. Which of the following hashes can the penetration tester use to perform a pass-the-hash attack? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: D
Which of the following commands starts the Metasploit database?
Which of the following commands starts the Metasploit database?A . msfconsoleB . workspaceC . msfvenomD . db_initE . db_connectView AnswerAnswer: A Explanation: References: https://www.offensive-security.com/metasploit-unleashed/msfconsole/
Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)
Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)A . Configurations are user-customizable.B . End users have root access to devices by default.C . Push notification services require Internet access.D . Unsigned apps can be installed.E ....
