- All Exams Instant Download
Which of the following is the MOST likely culprit?
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installationsB ....
Which of the following is the BEST way to provide confidentiality for the client while using this connection?
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?A . Configure wireless access to use a AAA server.B . Use random MAC addresses on the...
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurationsB . Open web ports on a hostC . Supported HTTP methodsD . Listening web servers in a domainView AnswerAnswer:...
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...
Which of the following tools or techniques would BEST support additional reconnaissance?
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...
Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?A . Sniff and then crack the WPS PIN...
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A
Which of the following data structures is systems?
Given the following code: Which of the following data structures is systems?A . A tupleB . A treeC . An arrayD . A dictionaryView AnswerAnswer: C
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods usedB . Bill of materials including supplies, subcontracts, and costs incurred during...
Which of the following OSs would MOST likely return a packet of this type?
A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?A . WindowsB . AppleC . LinuxD . AndroidView AnswerAnswer: A Explanation: Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/
