- All Exams Instant Download
Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?
Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?A . Executive summary B. Remediation C. Methodology D. Metrics and measuresView AnswerAnswer: B
Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?A . Aircrack-ng B. Wireshark C. Wifite D. KismetView AnswerAnswer: A Explanation: Reference: https://purplesec.us/perform-wireless-penetration-test/
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?A . iam_enum_permissions B. iam_privesc_scan C. iam_backdoor_assume_role D. iam_bruteforce_permissionsView AnswerAnswer: A Explanation: Reference: https://essay.utwente.nl/76955/1/Szabo_MSc_EEMCS.pdf (37)
Which of the following tools should the tester utilize to open and read the .pcap file?
A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?A . Nmap B. Wireshark C. Metasploit D. NetcatView AnswerAnswer: B
Which of the following tools would be BEST suited for this task?
A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDB B. Burp Suite C. SearchSpliot D. NetcatView AnswerAnswer: A
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power. B. devices are obsolete and are no longer available for replacement. C. protocols are more difficult to understand. D. devices may cause physical world effects.View...
Which of the following actions will this script perform?
A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?A . Look for open ports. B. Listen for a reverse shell. C. Attempt to flood open ports. D. Create an encrypted tunnel.View AnswerAnswer: A
Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?
Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?A . An unknown-environment assessment B. A known-environment assessment C. A red-team assessment D. A compliance-based assessmentView AnswerAnswer: B Explanation: A known environment test is often more complete, because testers can get...
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53 B. OWASP Top 10 C. MITRE ATT&CK framework D. PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework
Which of the following commands should the penetration tester use?
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?A . nmap sn 192.168.0.1/16 B. nmap sn 192.168.0.1-254 C. nmap sn 192.168.0.1 192.168.0.1.254 D. nmap sN 192.168.0.0/24View AnswerAnswer: B
