- All Exams Instant Download
Which of the following log files will show this activity?
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?A . /var/log/messagesB ....
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods usedB . Bill of materials including supplies, subcontracts, and costs incurred during...
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Which of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applicationsB . A list of all the risks of web applicationsC . The risks defined in order of importanceD . A web-application security standardE . A risk-governance and compliance frameworkF ....
Which of the following BEST describes why this would be necessary?
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?A . To meet PCI DSS testing requirementsB . For testing of the customer's SLA with the ISPC...
Which of the following commands should be used to accomplish the goal?
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPNB . VRFY and...
Which of the following types of attacks would MOST likely be used to avoid account lockout?
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?A ....
Which of the following is the MOST likely culprit?
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installationsB ....
Which of the following is the MOST likely reason for the lack of output?
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....
Which of the following social-engineering attacks was the tester utilizing?
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which...
Which of the following is the tester performing?
A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilitiesB . Trying to recover a lost bind shellC . Building a reverse shell listening on specified portsD . Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...
