- All Exams Instant Download
Which of the following concerns would BEST support the software company’s request?
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has...
Which of the following is the BEST action for the tester to take?
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?A . Check the scoping document to determine if exfiltration is...
Which of the following methodologies should be used to BEST meet the client's expectations?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?A . OWASP Top 10 B. MITRE ATT&CK framework C....
Which of the following attack types is MOST concerning to the company?
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?A . Data flooding B. Session riding...
Which of the following would be the BEST command to use for further progress into the targeted network?
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use...
CORRECT TEXT
CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
Which of the following would a company's hunt team be MOST interested in seeing in a final report?A . Executive summary B. Attack TTPs C. Methodology D. Scope detailsView AnswerAnswer: B
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...
Which of the following tools would be BEST to use for this purpose?
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . Hashcat B. Mimikatz C. Patator D. John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/
Which of the following is the MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...
