- All Exams Instant Download
CORRECT TEXT
CORRECT TEXT You are a penetration tester running port scans on a server. INSTRUCTIONS Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack...
Which of the following methods will MOST likely work?
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network. Which of the following methods will MOST likely work?A . Try to obtain the private key used for S/MIME from the CEO's account. B. Send...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should be included in the ROE?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?A . Cost ofthe assessment B. Report distribution C. Testing restrictions D. LiabilityView AnswerAnswer: B
Which of the following would be the BEST conclusion about this device?
The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?A . This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process...
Which of the following is the MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...
Which of the following is the BEST action for the tester to take?
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?A . Check the scoping document to determine if exfiltration is...
Which of the following is the BEST method available to pivot and gain additional access to the network?
A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST...
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:A . will reveal vulnerabilities in the Modbus protocol. B. may cause unintended failures in control systems. C. may reduce the true positive rate of findings. D. will create a denial-of-service condition on...
Which of the following BEST describes what happened?
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following BEST describes what happened?A . The penetration tester was testing...
