Podcast
Questions and Answers
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A penetration tester gains access to a system and establishes persistence, and then run the following commands:
Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then run the following commands:
Which of the following actions is the tester MOST likely performing?
A compliance-based penetration test is primarily concerned with:
A compliance-based penetration test is primarily concerned with:
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?
Signup and view all the answers
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:
Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
Signup and view all the answers
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?
Signup and view all the answers
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?
Signup and view all the answers
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
Which of the following commands should the penetration tester run post-engagement?
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
Which of the following commands should the penetration tester run post-engagement?
Signup and view all the answers
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
Signup and view all the answers
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees. Which of the following tools can help the tester achieve this goal?
Signup and view all the answers
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
Signup and view all the answers
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
Signup and view all the answers
A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
Signup and view all the answers
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?
Signup and view all the answers
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.
Which of the following MOST likely describes what happened?
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following MOST likely describes what happened?
Signup and view all the answers
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems. Which of the following is the penetration tester trying to accomplish?
Signup and view all the answers
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees’ numbers?
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should the penetration tester look FIRST for the employees’ numbers?
Signup and view all the answers
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
Signup and view all the answers
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?
Signup and view all the answers
A penetration tester has been given eight business hours to gain access to a client’s financial system.
Which of the following techniques will have the HIGHEST likelihood of success?
A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the HIGHEST likelihood of success?
Signup and view all the answers
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.
Which of the following is MOST vulnerable to a brute-force attack?
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack?
Signup and view all the answers
A penetration tester writes the following script:
Which of the following objectives is the tester attempting to achieve?
A penetration tester writes the following script:
Which of the following objectives is the tester attempting to achieve?
Signup and view all the answers
A penetration tester ran the following commands on a Windows server:
Which of the following should the tester do AFTER delivering the final report?
A penetration tester ran the following commands on a Windows server:
Which of the following should the tester do AFTER delivering the final report?
Signup and view all the answers
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host.
Which of the following utilities would BEST support this objective?
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?
Signup and view all the answers
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?
Signup and view all the answers
The following line-numbered Python code snippet is being used in reconnaissance:
Which of the following line numbers from the script MOST likely contributed to the script triggering a probable port scan
alert in the organization’s IDS?
The following line-numbered Python code snippet is being used in reconnaissance:
Which of the following line numbers from the script MOST likely contributed to the script triggering a probable port scan
alert in the organization’s IDS?
Signup and view all the answers
A consulting company is completing the ROE during scoping.
Which of the following should be included in the ROE?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?
Signup and view all the answers
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.
Which of the following is most important for the penetration tester to define FIRST?
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings. Which of the following is most important for the penetration tester to define FIRST?
Signup and view all the answers
A penetration tester logs in as a user in the cloud environment of a company.
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
Signup and view all the answers
A company becomes concerned when the security alarms are triggered during a penetration test.
Which of the following should the company do NEXT?
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
Signup and view all the answers
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support additional reconnaissance?
Signup and view all the answers
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.
Which of the following was captured by the testing team?
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?
Signup and view all the answers