- All Exams Instant Download
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following tools would be BEST to use for this purpose?
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . Hashcat B. Mimikatz C. Patator D. John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:A . will reveal vulnerabilities in the Modbus protocol. B. may cause unintended failures in control systems. C. may reduce the true positive rate of findings. D. will create a denial-of-service condition on...
Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?A . MD5 B. bcrypt C. SHA-1 D. PBKDF2View AnswerAnswer: A Explanation: Reference: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
Which of the following commands should the penetration tester use?
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?A . nmap sn 192.168.0.1/16 B. nmap sn 192.168.0.1-254 C. nmap sn 192.168.0.1 192.168.0.1.254 D. nmap sN 192.168.0.0/24View AnswerAnswer: B
Which of the following tools is the tester MOST likely to choose?
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?A . Nmap B. Nikto C. Cain and Abel D. EthercapView AnswerAnswer: B Explanation: https://hackertarget.com/nikto-website-scanner/
Which of the following should be included as a recommendation in the remediation report?
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?A . Stronger algorithmic requirements B. Access controls on the server C. Encryption on the user passwords...
Which of the following commands should be used to accomplish the goal?
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPN B. VRFY and...
Which of the following MOST likely occurred on the second scan?
A penetration tester ran an Nmap scan on an Internet-facing network device with the CF option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap CO CA CsS Cp- 100.100.100.50 Nmap returned that all 65,535 ports were filtered. Which of...
Which of the following is a technique the tester can use to gain access to the IT framework without being detected?
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?A . Pick a lock. B. Disable the cameras remotely. C....
