When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
Answer : A
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a companyג€™s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?
Answer : C
A penetration tester writes the following script:
Answer : A
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Answer : C
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?
Answer : A
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the companyג€™s web presence.
Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)
Answer : AB
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
Answer : C
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
Answer : CF
A penetration tester performs the following command:
curl ג€"I ג€"http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
A.
Answer : A
Reference:
https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
Answer : A
Reference:
https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software companyג€™s network. Which of the following accounts should the tester use to return the MOST results?
Answer : C
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
Answer : A
Reference:
https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employeeג€™s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
Answer : C
A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std
3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?
Answer : A
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target companyג€™s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
Answer : C