Page: 1
/ 8
Total 115 questions
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
- A. Clarify the statement of work.
- B. Obtain an asset inventory from the client.
- C. Interview all stakeholders.
- D. Identify all third parties involved.
Answer : A
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a companyג€™s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?
- A. Perform forensic analysis to isolate the means of compromise and determine attribution.
- B. Incorporate the newly identified method of compromise into the red teamג€™s approach.
- C. Create a detailed document of findings before continuing with the assessment.
- D. Halt the assessment and follow the reporting procedures as outlined in the contract.
Answer : C
A penetration tester writes the following script:
Which of the following objectives is the tester attempting to achieve?
- A. Determine active hosts on the network.
- B. Set the TTL of ping packets for stealth.
- C. Fill the ARP table of the networked devices.
- D. Scan the system on the most used ports.
Answer : A
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
- A. Whether the cloud service provider allows the penetration tester to test the environment
- B. Whether the specific cloud services are being used by the application
- C. The geographical location where the cloud services are running
- D. Whether the country where the cloud service is based has any impeding laws
Answer : C
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
- A. Perform XSS.
- B. Conduct a watering-hole attack.
- C. Use BeEF.
- D. Use browser autopwn.
Answer : A
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the companyג€™s web presence.
Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)
- A. IP addresses and subdomains
- B. Zone transfers
- C. DNS forward and reverse lookups
- D. Internet search engines
- E. Externally facing open ports
- F. Shodan results
Answer : AB
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
- A. Forensically acquire the backdoor Trojan and perform attribution
- B. Utilize the backdoor in support of the engagement
- C. Continue the engagement and include the backdoor finding in the final report
- D. Inform the customer immediately about the backdoor
Answer : C
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
- A. The CVSS score of the finding
- B. The network location of the vulnerable device
- C. The vulnerability identifier
- D. The client acceptance form
- E. The name of the person who found the flaw
- F. The tool used to find the issue
Answer : CF
A penetration tester performs the following command:
curl ג€"I ג€"http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
A.
B.
C.
D. [########################################################] 100%
Answer : A
Reference:
https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
- A. John the Ripper
- B. Hydra
- C. Mimikatz
- D. Cain and Abel
Answer : A
Reference:
https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software companyג€™s network. Which of the following accounts should the tester use to return the MOST results?
- A. Root user
- B. Local administrator
- C. Service
- D. Network administrator
Answer : C
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
- A. MD5
- B. bcrypt
- C. SHA-1
- D. PBKDF2
Answer : A
Reference:
https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employeeג€™s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
- A. Phishing
- B. Tailgating
- C. Baiting
- D. Shoulder surfing
Answer : C
A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std
3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?
- A. ftp 192.168.53.23
- B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 ג€"U guest
- C. ncrack ג€"u Administrator ג€"P 15worst_passwords.txt ג€"p rdp 192.168.53.23
- D. curl ג€"X TRACE https://192.168.53.23:8443/index.aspx
- E. nmap ג€"-script vuln ג€"sV 192.168.53.23
Answer : A
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target companyג€™s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
- A. Test for RFC-defined protocol conformance.
- B. Attempt to brute force authentication to the service.
- C. Perform a reverse DNS query and match to the service banner.
- D. Check for an open relay configuration.
Answer : C