- All Exams Instant Download
Which of the following would a company's hunt team be MOST interested in seeing in a final report?
Which of the following would a company's hunt team be MOST interested in seeing in a final report?A . Executive summary B. Attack TTPs C. Methodology D. Scope detailsView AnswerAnswer: B
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...
Which of the following tools would be BEST to use for this purpose?
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . Hashcat B. Mimikatz C. Patator D. John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/
Which of the following is the MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...
Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVAS B. Drozer C. Burp Suite D. OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...
Which of the following is the MOST likely reason for the lack of output?
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....
Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?
A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?A . sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds....
Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?
A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of...
Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?A . Alternate data streams B. PowerShell...
Which of the following remediation techniques would be the BEST to recommend?
A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible. Which of the following remediation techniques would be the BEST to recommend? (Choose two.)A . Closing open services B. Encryption...
