- All Exams Instant Download
You are a security analyst tasked with hardening a web server
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...
Which of the following best describes the NEXT step in the engagement?
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?A . Acceptance by the client and sign-off on the final report B. Scheduling of follow-up actions and retesting C. Attestation of findings and delivery...
Which of the following methodologies does the client use?
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: ✑ Pre-engagement interaction (scoping and ROE) ✑ Intelligence gathering (reconnaissance) ✑ Threat modeling ✑ Vulnerability analysis ✑ Exploitation and post exploitation ✑ Reporting Which of the following methodologies does...
Which of the following should the tester do with this information to make this a successful exploit?
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?A . Perform XSC . Conduct a watering-hole attack.D . Use BeEF ....
Which of the following was captured by the testing team?
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?A . Multiple handshakesB . IP addressesC . Encrypted file transfersD . User hashes sent over SMBView...
Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVASB . DrozerC . Burp SuiteD . OWASP ZAPView AnswerAnswer: A Explanation: Reference:...
Which of the following tools provides Python classes for interacting with network protocols?
Which of the following tools provides Python classes for interacting with network protocols?A . ResponderB . ImpacketC . EmpireD . PowerSploitView AnswerAnswer: B Explanation: Reference: https://github.com/SecureAuthCorp/impacket
Which of the following snippets of output will the tester MOST likely receive?
A penetration tester performs the following command: curl CI Chttp2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: A Explanation: Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
Which of the following approaches would BEST support the objective?
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration...
?
A consultant is reviewing the following output after reports of intermittent connectivity issues: ? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] ? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet] ? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet] ? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet] ? (192.168.1.136) at 0a:d1:fa:b1:01:67 on...
