- All Exams Instant Download
Which of the following is MOST vulnerable to a brute-force attack?
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack?A ....
Which of the following would the tester MOST likely describe as a benefit of the framework?
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?A . Understanding the tactics of a security intrusion can help disrupt them. B. Scripts that are part of the...
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?A . Exploit-DB B. Metasploit C. Shodan D. RetinaView AnswerAnswer: A Explanation: "Exploit Database (ExploitDB) is a repository of exploits for the purpose of public security, and it explains what can be found on the...
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?A . Edit...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following methods would BEST support the objective?
A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of...
Which of the following is the MOST important action to take before starting this type of assessment?
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this...
Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...
Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?
Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?A . S/MIME B. FTPS C. DNSSEC D. AS2View AnswerAnswer: A Explanation: Reference: https://searchsecurity.techtarget.com/answer/What-are-the-most-important-email-security-protocols
Which of the following is the BEST option for the tester to take?
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?A ....
