- All Exams Instant Download
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
Which of the following would a company's hunt team be MOST interested in seeing in a final report?A . Executive summary B. Attack TTPs C. Methodology D. Scope detailsView AnswerAnswer: B
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should be included as a recommendation in the remediation report?
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?A . Stronger algorithmic requirements B. Access controls on the server C. Encryption on the user passwords...
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...
Which of the following techniques would BEST accomplish this goal?
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?A . RFID cloning B. RFID tagging C. Meta tagging D. Tag nestingView AnswerAnswer: D Explanation: since vlan hopping requires 2...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?A . HTTPS communication B. Public and private keys C. Password encryption D. Sessions and cookiesView AnswerAnswer: D
Which of the following is the BEST technique to determine the known plaintext of the strings?
During an engagement, a penetration tester found the following list of strings inside a file: Which of the following is the BEST technique to determine the known plaintext of the strings?A . Dictionary attack B. Rainbow table attack C. Brute-force attack D. Credential-stuffing attackView AnswerAnswer: B
Which of the following actions, if performed, would be ethical within the scope of the assessment?
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position. Which of the following actions, if performed, would be ethical within...
