Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
Answer : B
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Answer : C
HOTSPOT -
You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTION -
Giving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
Answer :
A penetration tester runs the unshadow command on a machine.
Which of the following tools will the tester most likely use NEXT?
Answer : A
A penetration tester obtained the following results after scanning a web server using the dirb utility:
Which of the following elements is MOST likely to contain useful information for the penetration tester?
Answer : B
A company has hired a penetration tester to deploy and set up a rogue access point on the network.
Which of the following is the BEST tool to use to accomplish this goal?
Answer : B
Reference:
https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.
Which of the following can be used to ensure the tester is able to maintain access to the system?
Answer : C
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
Answer : C
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:
Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
Answer : D
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
Answer : D
A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?
Answer : D
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)
Answer : BC
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
Answer : C
A penetration tester has prepared the following phishing email for an upcoming penetration test:
Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
Answer : B
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
Answer : B