- All Exams Instant Download
Which of the following methodologies should be used to BEST meet the client's expectations?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?A . OWASP Top 10 B. MITRE ATT&CK framework C....
Which of the following attack types is MOST concerning to the company?
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?A . Data flooding B. Session riding...
Which of the following would be the BEST command to use for further progress into the targeted network?
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use...
CORRECT TEXT
CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
Which of the following would a company's hunt team be MOST interested in seeing in a final report?A . Executive summary B. Attack TTPs C. Methodology D. Scope detailsView AnswerAnswer: B
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...
Which of the following tools would be BEST to use for this purpose?
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . Hashcat B. Mimikatz C. Patator D. John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/
Which of the following is the MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...
Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVAS B. Drozer C. Burp Suite D. OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...
Which of the following is the MOST likely reason for the lack of output?
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....
