- All Exams Instant Download
Which of the following is the BEST way to ensure this is a true positive?
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?A . Run another scanner to compare.B . Perform a manual test on the server.C . Check the...
CORRECT TEXT
CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53B . OWASP Top 10C . MITRE ATT&CK frameworkD . PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . WiresharkB . EAPHammerC . KismetD . Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...
Which of the following is the BEST action for the tester to take?
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?A . Check the scoping document to determine if exfiltration is...
Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?A . Test for RFC-defined protocol conformance.B . Attempt...
Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...
Which of the following is the BEST passive method of obtaining the technical contacts for the website?
A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign. Which of the following is the BEST passive method of obtaining the technical contacts for the website?A . WHOIS domain lookupB . Job listing and recruitment adsC . SSL certificate informationD . Public...
Which of the following log files will show this activity?
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?A . /var/log/messagesB ....
