- All Exams Instant Download
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53 B. OWASP Top 10 C. MITRE ATT&CK framework D. PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework
Which of the following commands should the penetration tester use?
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?A . nmap sn 192.168.0.1/16 B. nmap sn 192.168.0.1-254 C. nmap sn 192.168.0.1 192.168.0.1.254 D. nmap sN 192.168.0.0/24View AnswerAnswer: B
CORRECT TEXT
CORRECT TEXT You are a penetration tester running port scans on a server. INSTRUCTIONS Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack...
Which of the following methods will MOST likely work?
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network. Which of the following methods will MOST likely work?A . Try to obtain the private key used for S/MIME from the CEO's account. B. Send...
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following should be included in the ROE?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?A . Cost ofthe assessment B. Report distribution C. Testing restrictions D. LiabilityView AnswerAnswer: B
Which of the following would be the BEST conclusion about this device?
The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?A . This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process...
Which of the following is the MOST likely reason for the error?
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...
Which of the following is the BEST action for the tester to take?
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?A . Check the scoping document to determine if exfiltration is...
Which of the following is the BEST method available to pivot and gain additional access to the network?
A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST...
