- All Exams Instant Download
Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?A . Aircrack-ng B. Wireshark C. Wifite D. KismetView AnswerAnswer: A Explanation: Reference: https://purplesec.us/perform-wireless-penetration-test/
Which of the following should the penetration tester consider BEFORE running a scan?
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
A compliance-based penetration test is primarily concerned with:
A compliance-based penetration test is primarily concerned with:A . obtaining Pll from the protected network. B. bypassing protection on edge devices. C. determining the efficacy of a specific set of security standards. D. obtaining specific information from the protected network.View AnswerAnswer: C
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53 B. OWASP Top 10 C. MITRE ATT&CK framework D. PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework
Which of the following snippets of output will the tester MOST likely receive?
A penetration tester performs the following command: curl CI Chttp2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A . Option A B. Option B C. Option C D. Option DView AnswerAnswer: A Explanation: Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
Which of the following combinations of tools would the penetration tester use to exploit this script?
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following combinations of tools would the penetration tester use to exploit this script?A . Hydra and crunch B. Netcat...
Which of the following BEST describes the action taking place?
A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?A . Maximizing the likelihood of finding vulnerabilities B. Reprioritizing...
Which of the following happens NEXT?
A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?A . The penetration tester conducts a retest. B. The penetration tester deletes all scripts from the client machines. C. The client applies...
