- All Exams Instant Download
Which of the following should the penetration tester consider BEFORE running a scan?
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any...
Which of the following vulnerabilities has the tester exploited?
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgeryB ....
Which of the following should be recommended to the client to remediate this issue?
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?A . Changing to Wi-Fi equipment that supports strong encryptionB . Using directional...
Which of the following methodologies should be used to BEST meet the client's expectations?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?A . OWASP Top 10B . MITRE ATT&CK frameworkC ....
Which of the following is the tester trying to accomplish?
A penetration tester runs the following command on a system: find / -user root Cperm -4000 Cprint 2>/dev/null Which of the following is the tester trying to accomplish?A . Set the SGID on all files in the / directoryB . Find the /root directory on the systemC . Find files...
In Python socket programming, SOCK_DGRAM type is:
In Python socket programming, SOCK_DGRAM type is:A . reliable.B . matrixed.C . connectionless.D . slower.View AnswerAnswer: C Explanation: Connectionless due to the Datagram portion mentioned so that would mean its using UDP.
Which of the following is the reason for the error?
A penetration tester created the following script to use in an engagement: However, the tester is receiving the following error when trying to run the script: Which of the following is the reason for the error?A . The sys variable was not defined.B . The argv variable was not defined.C...
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:
Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...
Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?A . Alternate data streamsB . PowerShell...
Which of the following commands would help the tester START this process?
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?A . certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exeB . powershell (New-Object...
