- All Exams Instant Download
Which of the following would be BEST to recommend?
A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?A . Transition the application to another portB . Filter port 443 to specific IP addressesC...
Which of the following is the BEST recommendation that would mitigate the vulnerability?
A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?A . Randomize the credentials used to log inB . Install host-based intrusion...
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?A . To remove the persistenceB . To enable persistenceC . To report persistenceD . To check for persistence View AnswerAnswer: A
Under such circumstances which of the following would be the BEST suggestion for the client?
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the remediate to immediately remediate all vulnerabilities. Under such circumstances which of the following would be the BEST suggestion for...
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select Two)
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select Two)A . The tester discovers personally identifiable data on the system.B . The system shows evidence of prior unauthorized compromiseC . The system shows a lack of...
Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?A . Stored XSSB . Full path disclosureC . Expired certificateD . Clickjacking View AnswerAnswer: A
Which of the following is a local host vulnerability that the attacker is exploiting?
A penetration tester executes the following commands: C: >userprofile%jtr exe This program has been blocked by group policy. C:>accesschk.exe -w -s -q -u Users C:Windows rw C:WindowsTracing C:>copy %userprofilejtr.exe C:WindowsTracing C:WindowsTracingjtr.exe jtr version 3.2… jtr> Which of the following is a local host vulnerability that the attacker is exploiting?A ....
Which of the following is the MOST likely command to exploit the NETBIOS name service?
A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?A . arpspoofB . nmapC . responderD . burpsuite View AnswerAnswer: C
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO)
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO)A . ShodanB . SETC . BeEFD . WiresharkE . MaltegoF . Dynamo View AnswerAnswer: A E
Black box penetration testing strategy provides the tester with
Black box penetration testing strategy provides the tester withA . a target list.B . a network diagram.C . source codeD . privileged credentials View AnswerAnswer: A
