- All Exams Instant Download
Which of the following represents the BEST course of action for the penetration testers?
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation. B. Allow the client to only view the information while in secure spaces. C....
Which of the following should be recommended to the client to remediate this issue?
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?A . Changing to Wi-Fi equipment that supports strong encryption B. Using directional...
CORRECT TEXT
CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Which of the following would BEST support this task?
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?A . Run nmap with the Co, -p22, and CsC options set against the target B. Run nmap with...
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?A . chmod u+x script.sh B. chmod u+e script.sh C. chmod o+e script.sh D. chmod o+x script.shView AnswerAnswer: A Explanation: Reference: https://newbedev.com/chmod-u-x-versus-chmod-x
Which of the following should the tester do AFTER delivering the final report?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?A . Delete the scheduled batch job. B. Close the reverse shell connection. C. Downgrade the svsaccount permissions. D. Remove the tester-created credentials.View AnswerAnswer: D
Based on the information in the SOW, which of the following behaviors would be considered unethical?
A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO)...
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?A . Analyze the malware to see what it does. B. Collect the proper evidence and then remove the malware. C. Do a root-cause analysis to find out...
Which of the following is the MOST important action to take before starting this type of assessment?
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this...
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . Wireshark B. EAPHammer C. Kismet D. Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...
