- All Exams Instant Download
Which of the following commands will accomplish this task?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?A . nmap Cf CsV Cp80 192.168.1.20 B. nmap...
Which of the following accounts should the tester use to return the MOST results?
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?A . Root user B. Local administrator C. Service D. Network administratorView AnswerAnswer: C
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?A . Edit...
Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/null B. Making a copy of...
Which of the following commands can be used to further attack the website?
A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?A . <script>var adr= ‘../evil.php?test=’ + escape(document.cookie);</script> B....
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following best describes the NEXT step in the engagement?
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?A . Acceptance by the client and sign-off on the final report B. Scheduling of follow-up actions and retesting C. Attestation of findings and delivery...
Which of the following methodologies does the client use?
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: ✑ Pre-engagement interaction (scoping and ROE) ✑ Intelligence gathering (reconnaissance) ✑ Threat modeling ✑ Vulnerability analysis ✑ Exploitation and post exploitation ✑ Reporting Which of the following methodologies does...
Which of the following should the tester do with this information to make this a successful exploit?
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?A . Perform XSC . Conduct a watering-hole attack.D . Use BeEF ....
Which of the following was captured by the testing team?
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?A . Multiple handshakesB . IP addressesC . Encrypted file transfersD . User hashes sent over SMBView...
