- All Exams Instant Download
Which of the following commands would allow the tester to save the results in an interchangeable format?
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100 B. nmap 192.168.0.10-100 -O > results C. nmap -A 192.168.0.10-100 -oX...
Which of the following is the MOST likely culprit?
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installations B....
Which of the following is the BEST way to provide confidentiality for the client while using this connection?
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?A . Configure wireless access to use a AAA server. B. Use random MAC addresses on the...
Which of the following steps should the tester take NEXT?
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps...
Which of the following approaches would BEST support the objective?
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration...
Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the...
During a penetration test, you gain access to a system with a limited user interface
DRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?A . chmod u+x script.sh B. chmod u+e script.sh C. chmod o+e script.sh D. chmod o+x script.shView AnswerAnswer: A Explanation: Reference: https://newbedev.com/chmod-u-x-versus-chmod-x
Which of the following is the BEST way to ensure this is a true positive?
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?A . Run another scanner to compare. B. Perform a manual test on the server. C. Check the...
Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?A . Test for RFC-defined protocol conformance. B. Attempt...
