- All Exams Instant Download
Which of the following is the BEST action for the penetration tester to take?
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?A . Utilize the...
Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?A . Alternate data streamsB . PowerShell...
Which of the following types of attacks would MOST likely be used to avoid account lockout?
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?A ....
Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools?
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...
Which of the following is the reason for the error?
A penetration tester created the following script to use in an engagement: However, the tester is receiving the following error when trying to run the script: Which of the following is the reason for the error?A . The sys variable was not defined.B . The argv variable was not defined.C...
In Python socket programming, SOCK_DGRAM type is:
In Python socket programming, SOCK_DGRAM type is:A . reliable.B . matrixed.C . connectionless.D . slower.View AnswerAnswer: C Explanation: Connectionless due to the Datagram portion mentioned so that would mean its using UDP.
Which of the following log files will show this activity?
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?A . /var/log/messagesB ....
Which of the following changes should the tester apply to make the script work as intended?
A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly. Which of the following changes should the tester apply to make the script work as intended?A . Change line 2 to $ip= 10.192.168.254;B . Remove...
Which of the following snippets of output will the tester MOST likely receive?
A penetration tester performs the following command: curl CI Chttp2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: A Explanation: Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
Which of the following would be the BEST command to use for further progress into the targeted network?
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use...
