- All Exams Instant Download
Which of the following commands should the penetration tester consider?
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?A . inurl: B. link: C. site: D. intitle:View AnswerAnswer: C
Which of the following MOST likely explains the penetration tester's decision?
A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision?A...
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?A . MSA B. NDA C. SOW D. ROEView AnswerAnswer: B
Which of the following tools would be BEST to use for this purpose?
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . Hashcat B. Mimikatz C. Patator D. John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/
You are a penetration tester reviewing a client’s website through a web browser
DRAG DROP You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like...
Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?
The following line-numbered Python code snippet is being used in reconnaissance: Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?A . Line 01 B. Line 02 C. Line 07 D. Line 08View AnswerAnswer: D
Which of the following techniques can the tester use to gain physical access to the office?
A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following combinations of tools would the penetration tester use to exploit this script?
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following combinations of tools would the penetration tester use to exploit this script?A . Hydra and crunch B. Netcat...
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?A . To remove hash-cracking registry entries B. To remove the tester-created Mimikatz account C. To remove tools from the server D. To remove a...
