- All Exams Instant Download
Which of the following can be used to ensure the tester is able to maintain access to the system?
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?A . schtasks /create /sc /ONSTART /tr C:TempWindowsUpdate.exeB . wmic startup get caption,commandC ....
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods usedB . Bill of materials including supplies, subcontracts, and costs incurred during...
Which of the following would be a recommendation for remediation?
A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following: Which of the following would be a recommendation for remediation?A . Deploy a user training programB . Implement a patch management planC . Utilize the secure software development life cycleD . Configure access controls...
Which of the following would be the BEST recommendation to prevent this type of activity in the future?
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type...
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?A . Clarify the statement of work.B . Obtain an asset inventory from the client.C . Interview all stakeholders.D . Identify...
Which of the following techniques would BEST support this objective?
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?A . Create a one-shot systemd service to establish a reverse shell.B . Obtain /etc/shadow and brute force the root password.C...
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?A . Analyze the malware to see what it does.B . Collect the proper evidence and then remove the malware.C . Do a root-cause analysis to find out...
Which of the following would be BEST to add to the recommendations section of the final report?
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: • The following request was intercepted going to the network device: GET /login HTTP/1.1 Host: 10.50.100.16 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language:...
