- All Exams Instant Download
Which of the following should the tester do AFTER delivering the final report?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?A . Delete the scheduled batch job. B. Close the reverse shell connection. C. Downgrade the svsaccount permissions. D. Remove the tester-created credentials.View AnswerAnswer: D
Which of the following methodologies does the client use?
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: ✑ Pre-engagement interaction (scoping and ROE) ✑ Intelligence gathering (reconnaissance) ✑ Threat modeling ✑ Vulnerability analysis ✑ Exploitation and post exploitation ✑ Reporting Which of the following methodologies does...
Which of the following operating systems is MOST likely installed on the host?
During the reconnaissance phase, a penetration tester obtains the following output: Reply from 192.168.1.23: bytes=32 time<54ms TTL=128 Reply from 192.168.1.23: bytes=32 time<53ms TTL=128 Reply from 192.168.1.23: bytes=32 time<60ms TTL=128 Reply from 192.168.1.23: bytes=32 time<51ms TTL=128 Which of the following operating systems is MOST likely installed on the host?A . Linux...
Which of the following commands should the penetration tester consider?
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?A . inurl: B. link: C. site: D. intitle:View AnswerAnswer: C
Which of the following types of attacks would MOST likely be used to avoid account lockout?
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?A ....
Which of the following vulnerabilities has the tester exploited?
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgery B....
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?A . Nessus B. Metasploit C. Burp Suite D. EthercapView AnswerAnswer: B
Which of the following snippets of output will the tester MOST likely receive?
A penetration tester performs the following command: curl CI Chttp2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A . Option A B. Option B C. Option C D. Option DView AnswerAnswer: A Explanation: Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
Which of the following is the tester trying to accomplish?
A penetration tester runs the following command on a system: find / -user root Cperm -4000 Cprint 2>/dev/null Which of the following is the tester trying to accomplish?A . Set the SGID on all files in the / directory B. Find the /root directory on the system C. Find files...
Which of the following is the tester performing?
A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilities B. Trying to recover a lost bind shell C. Building a reverse shell listening on specified ports D. Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...
