- All Exams Instant Download
Which of the following BEST characterizes the function performed by lines 5 and 6?
Given the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10B . Performs a single DNS query for www.comptia.org and prints the raw data outputC . Loops through variable b to...
Which of the following commands would allow the tester to save the results in an interchangeable format?
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100B . nmap 192.168.0.10-100 -O > resultsC . nmap -A 192.168.0.10-100 -oX...
Which of the following objectives is the tester attempting to achieve?
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?A . Determine active hosts on the network.B . Set the TTL of ping packets for stealth.C . Fill the ARP table of the networked devices.D . Scan the system on the most...
Which of the following methodologies does the client use?
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: ✑ Pre-engagement interaction (scoping and ROE) ✑ Intelligence gathering (reconnaissance) ✑ Threat modeling ✑ Vulnerability analysis ✑ Exploitation and post exploitation ✑ Reporting Which of the following methodologies does...
Which of the following BEST describes this attack?
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page...
Which of the following techniques should the tester select to accomplish this task?
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?A . SteganographyB . Metadata removalC . EncryptionD . Encode64View AnswerAnswer: B Explanation: All other answers are a...
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?A . DirBusterB . CeWLC . w3afD . PatatorView AnswerAnswer: B Explanation: CeWL, the Custom Word List Generator, is a Ruby application...
Which of the following would be the most appropriate NEXT step?
A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of...
Based on the information in the SOW, which of the following behaviors would be considered unethical?
A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO)...
