A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is using the IP address 127.212.31.17, which of the following should the tester use to verify a false positive?
A penetration tester runs the following on a machine:
Which of the following will be returned?
During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:
Which of the following file system vulnerabilities does this command take advantage of?
A system security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner working of these applications?
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?
A security consultant found a SCADA device in one of the VLANs in scope. Which of the following actions would BEST create a potentially destructive outcome against device?
A client gives a penetration tester a /8 network range to scan during a week-long engagement. Which of the following tools would BEST complete this task quickly?
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for the penetration tester to take?
A penetration tester discovers SNMP on some targets. Which of the following should the penetration tester try FIRST?
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
Given the following Python script:
Which of the following actions will it perform?
Which of the following BEST describes why an MSA is helpful?
A penetration tester is asked to scope an external engagement. Which of the following would be a valid target?
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?
During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:
Which of the following lines of code is causing the problem?
Which of Ihe following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in QUESTION NO: within the last 30 minutes. Which of the following has MOST likely occurred?
A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake. Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
When considering threat actor scoping prior to an engagement, which of the following characteristics makes an APT challenging to emulate?
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO)
A penetration tester entered the following information into the browser URL:
The server responded with the data contained in the server's sensitive data file. Which of the following types of vulnerabilities is MOST likely being exploited?
A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of
the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of
the following is the BEST method for a tester to confirm the vulnerability exists?
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?
While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?
A penetration testing company is performing a penetration test against Company A. Company A has provided the IP address range 10.0.0.0/24 as its in-scope network range. During the information gathering phase, the penetration tester is asked to conduct active information-gathering techniques. Which of the following is the BEST tool to use for active information gathering?
Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once
A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the
following parts of the report should the penetration tester place the code?
A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)
A penetration tester reported the following vulnerabilities:
Which of the following is the correct order to rate the vulnerabilities from critical to low considering the MOST immediate impact?
During an internal network penetration test the tester is able to compromise a Windows system and recover the NTLM hash for a local wrltsrnAdrain account Attempting to recover the plaintext password by cracking the hash has proved to be unsuccessful, and the tester has decided to try a pass-the-hash attack to see if the credentials are reused on other in-scope systems Using the Medusa tool the tester attempts to authenticate to a list of systems, including the originally compromised host, with no success Given the output below:
Which of the following Medusa commands would potentially provide better results?
At the information gathering stage, a penetration tester is trying to passively identify the technology running on
a clientâ€™s website. Which of the following approached should the penetration tester take?
A penetration tester has gained access to a marketing employee's device. The penetration tester wants to
ensure that if the access is discovered, control of the device can be regained. Which of the following actions
should the penetration tester use to maintain persistence to the device? (Select TWO.)
A penetration tester has successfully exploited an application vulnerability and wants to remove the command history from the Linux session. Which of the following will accomplish this successfully?
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?
An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?
Which of the following is an important stakeholder to notify when penetration testing has begun?