QUESTION 21
A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is funning a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?
A. Kiosk escape
B. Arbitrary code execution
C. Process hollowing
D. Library injection
Correct Answer: A
QUESTION 22
During a penetration test of a web application, the tester gains full access to the application’s source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?
A. Run TruffleHog against a local clone of the application.
B. Scan the live web application using Nikto.
C. Perform a manual code review of the Git repository.
D. Use SCA software to scan the application source code.
Correct Answer: A
QUESTION 23
While performing a penetration testing exercise, a tester executes the following command:
PS c:tools> c:hacksPsExec.exe \server01.comptia.org -accepteula cmd.exe
Which of the following best explains what the tester is trying to do?
A. Test connectivity using PSExec on the server01 using CMD.exe.
B. Perform a lateral movement attack using PsExec.
C. Send the PsExec binary file to the server01 using CMD.exe.
D. Enable CMD.exe on the server01 through PsExec.
Correct Answer: B
QUESTION 24
A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command:
nmap 10.10.1.0/24
Which of the following is the number of TCP ports that will be scanned?
A. 256
B. 1,000
C. 1,024
D. 65,535
Correct Answer: B
QUESTION 25
A penetration tester finished a security scan and uncovered numerous vulnerabilities on several hosts. Based on the targets’ EPSS and CVSS scores, which of the following targets is the most likely to get attacked?
A. Target 1: EPSS Score = 0.6 and CVSS score = 4
B. Target 2: EPSS Score = 0.3 and CVSS score = 2
C. Target 3: EPSS Score = 0.6 and CVSS Score = 1
D. Target 4: EPSS Score = 0.4 and CVSS Score = 4.5
Correct Answer: D
QUESTION 26
During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?
A. Burp Suite
B. Wireshark
C. Zed Attack Proxy
D. Metasplolt
Correct Answer: B
QUESTION 27
During a wireless penetration assessment for a small business client, a tester attempts to capture wireless packets. However, whenever the tester sets the capture device to monitor mode, it fails to see the client’s wireless network, as provided by the scope. Which of the following is the most likely reason for this issue?
A. The client’s network uses 6GHz and not 5GHz/2.4GHz.
B. The tester misconfigured the capture device.
C. The client provided the wrong SSID for the network.
D. The tester is not using Aircrack-ng.
Correct Answer: A
QUESTION 28
A penetration tester conducts reconnaissance and looks for ways to obtain administrator emails to use in a phishing campaign. Which of the following tools should the penetration tester use?
A. Dig
B. Nmap
C. WHOIS
D. Shodan
Correct Answer: C
QUESTION 29
A company hires a penetration tester to test the security implementation of its wireless networks. The main goal for this assessment is to intercept and get access to sensitive data from the company’s employees. Which of the following tools should the security professional use to best accomplish this task?
A. Metasploit
B. WiFi-Pumpkin
C. SET
D. theHarvester
E. WiGLE.net
Correct Answer: B
QUESTION 30
A penetration tester gains access to the target network and observes a running SSH server. Which of the following techniques should the penetration tester use to obtain the version of SSH running on the target server?
A. Network sniffing
B. IPscanning
C. Banner grabbing
D. DNS enumeration
Correct Answer: C
QUESTION 31
A penetration tester downloads a JAR file that is used in an organization’s production environment The tester evaluates the contents of the JAR file to identify potentially vulnerable components that can be targeted for exploit. Which of the following describes the tester’s activities?
A. SAST
B. SBOM
C. ICS
D. SCA
Correct Answer: D
QUESTION 32
Which of the following is a reason to use a template when creating a penetration testing report?
A. To articulate risks accurately
B. To enhance the testing approach
C. To contextualize collected data
D. To standardize needed information
E. To improve testing time
Correct Answer: D
QUESTION 33
A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester’s attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?
A. Apply UTF-8 to the data and send over a tunnel to TCP port 25.
B. Apply Base64 to the data and send over a tunnel to TCP port 80.
C. Apply 3DES to the data and send over a tunnel UDP port 53.
D. Apply AES-256 to the data and send over a tunnel to TCP port 443.
Correct Answer: D
QUESTION 34
A penetration tester successfully gained access to manage resources and services within the company’s cloud environment This was achieved by exploiting poorly secured administrative credentials that had extensive permissions across the network. Which of the following credentials was the tester able to obtain?
A. IAM credentials
B. SSH key for cloud instance
C. Cloud storage credentials
D. Temporary security credentials (STS)
Correct Answer: A
QUESTION 35
A penetration tester successfully gains access to a Linux system and then uses the following command:
find / -type f -ls > /tmp/recon.txt
Which of the following best describes the tester’s goal?
A. Permission enumeration
B. Secrets enumeration
C. User enumeration
D. Service enumeration
Correct Answer: A
QUESTION 36
Which of the following would most likely reduce the possibility of a client rejecting the final deliverable for a penetration test?
A. Goal reprioritization
B. Stakeholder alignment
C. Non-disclosure agreement
D. Business impact analysis
Correct Answer: B
QUESTION 37
A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org. Which of the following should the tester do to accomplish the assessment objective?
A. Perform information-gathering techniques to review internet-facing assets for the company.
B. Perform a phishing assessment to try to gain access to more resources and users’ computers.
C. Perform a physical security review to identify vulnerabilities that could affect the company.
D. Perform a vulnerability assessment over the main domain address provided by the client.
Correct Answer: A
QUESTION 38
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?
A. tcprelay
B. Bluecrack
C. Scapy
D. Tcpdump
Correct Answer: C
QUESTION 39
A penetration tester obtains network-level access to a hardened subnet that has no Windows-based hosts and needs to find credentials. The client mentioned that the SOC is only monitoring user endpoints and not servers. Which of the following commands should the tester use?
A. pwinspector -i <file_of_targets> -o <found_credentials> -m 8 -M 16 -l -u -n -p
B. responder -I eth0
C. nmap -sV -n -T3 -p 22 <targets> –reason
D. hydra -L root -p /path/to/wordlist -t 3 -M <file_of_targets>
Correct Answer: D
QUESTION 40
A company that uses an insecure corporate wireless network is concerned about security. Which of the following is the most likely tool a penetration tester could use to obtain initial access?
A. Responder
B. Metasploit
C. Netcat
D. Nmap
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.