- All Exams Instant Download
During a penetration test, you gain access to a system with a limited user interface
DRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...
Which of the following would the tester MOST likely describe as a benefit of the framework?
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?A . Understanding the tactics of a security intrusion can help disrupt them. B. Scripts that are part of the...
Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/null B. Making a copy of...
Which of the following BEST describes this attack?
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page...
Based on these results, which of the following attacks is MOST likely to succeed?
The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?A . A birthday attack on 64-bit ciphers (Sweet32) B. An attack that breaks RC4 encryption C. An attack on a session ticket extension (Ticketbleed) D....
Which of the following methodologies does the client use?
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: ✑ Pre-engagement interaction (scoping and ROE) ✑ Intelligence gathering (reconnaissance) ✑ Threat modeling ✑ Vulnerability analysis ✑ Exploitation and post exploitation ✑ Reporting Which of the following methodologies does...
Which of the following is the tester performing?
A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilities B. Trying to recover a lost bind shell C. Building a reverse shell listening on specified ports D. Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...
Which of the following BEST characterizes the function performed by lines 5 and 6?
Given the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10 B. Performs a single DNS query for www.comptia.org and prints the raw data output C. Loops through variable b to...
Which of the following commands would allow the tester to save the results in an interchangeable format?
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100 B. nmap 192.168.0.10-100 -O > results C. nmap -A 192.168.0.10-100 -oX...
Which of the following objectives is the tester attempting to achieve?
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?A . Determine active hosts on the network. B. Set the TTL of ping packets for stealth. C. Fill the ARP table of the networked devices. D. Scan the system on the most...
