- All Exams Instant Download
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?A . NessusB . MetasploitC . Burp SuiteD . EthercapView AnswerAnswer: B
Which of the following is the MINIMUM frequency to complete the scan of the system?
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . WeeklyB . MonthlyC . QuarterlyD . AnnuallyView AnswerAnswer: C Explanation: https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration...
CORRECT TEXT
CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Which of the following commands should the penetration tester consider?
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?A . inurl:B . link:C . site:D . intitle:View AnswerAnswer: C
Which of the following vulnerabilities has the tester exploited?
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgeryB ....
Which of the following methods should the tester use to visualize the authorization information being transmitted?
A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?A . Decode the authorization header using UTF-8.B . Decrypt the authorization header using bcrypt.C . Decode the authorization header using Base64.D . Decrypt...
Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
A penetration tester has prepared the following phishing email for an upcoming penetration test: Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?A . Familiarity and likenessB . Authority and urgencyC . Scarcity and fearD . Social proof and greedView...
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?A . Analyze the malware to see what it does.B . Collect the proper evidence and then remove the malware.C . Do a root-cause analysis to find out...
Which of the following attacks is being attempted?
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted? A. SQL injection B. HTML injection C. Remote command injection D. DLL injectionView AnswerAnswer:...
Which of the following actions is the tester MOST likely performing?
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/nullB . Making a copy of...
