QUESTION 41
A penetration tester is getting ready to conduct a vulnerability scan to evaluate an environment that consists of a container orchestration cluster. Which of the following tools would be best to use for this purpose?
A. NSE
B. Nessus
C. CME
D. Trivy
Correct Answer: D
QUESTION 42
During an assessment, a penetration tester runs the following command from a Linux machine:
GetUsersSPNs.py -dc -ip 172.16.1.1 DOMAIN.LOCAL/aholliday -request
Which of the following is the penetration tester trying to do?
A. Crack the user password for aholliday.
B. Download all TGS tickets for offline processing.
C. Perform a pass-the-hash attack using the hash for aholliday.
D. Perform password spraying.
Correct Answer: B
QUESTION 43
A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?
A. Configure and register a service.
B. Install and run remote desktop software.
C. Set up a script to be run when users log in.
D. Perform a kerberoasting attack on the host.
Correct Answer: A
QUESTION 44
A penetration tester reviews the findings from a recent engagement. The findings indicate that fuzzing tests caused customer data exposure. Which of the following remediations should the penetration tester recommend?
A. Input sanitization
B. Deny list
C. Text encoding
D. Data masking
Correct Answer: A
QUESTION 45
A penetration tester searches for an entry point into a clients network The tester focuses on publicly available devices that may have exploitable weaknesses. Which of the following should the penetration tester use?
A. Shodan
B. Hunter.io
C. WiGLE.net
D. theHarvester
Correct Answer: A
QUESTION 46
A company’s incident response team determines that a breach occurred because a penetration tester left a web shell. Which of the following should the penetration tester have done after the engagement?
A. Enable a host-based firewall on the machine.
B. Remove utilized persistence mechanisms on client systems.
C. Revert configuration changes made during the engagement.
D. Turn off command-and-control infrastructure.
Correct Answer: B
QUESTION 47
Which of the following components of a penetration test report most directly contributes to prioritizing remediations?
A. Proof of concept
B. Risk scoring
C. Attack narrative
D. Executive summary
Correct Answer: B
QUESTION 48
A penetration tester successfully clones a source code repository and then runs the following command:
find . -type f -exec egrep -i “token l key l login” {} ;
Which of the following is the penetration tester conducting?
A. Data tokenization
B. Secrets scanning
C. Password spraying
D. Source code analysis
Correct Answer: B
QUESTION 49
Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?
A. Use steganography and send the file over FTP.
B. Compress the file and send it using TFTP.
C. Split the file in tiny pieces and send it over dnscat
D. Encrypt and send the file over HTTPS.
Correct Answer: D
QUESTION 50
A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?
A. Initiate a social engineering campaign.
B. Perform credential dumping.
C. Compromise an endpoint.
D. Share enumeration.
Correct Answer: D
QUESTION 51
During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?
A. certutil.exe
B. bitsadmin.exe
C. msconfig.exe
D. netsh.exe
Correct Answer: D
QUESTION 52
During an engagement, a penetration tester found some weaknesses that were common across the customer’s entire environment. The weaknesses included the following:
1. Weaker password settings than the company standard
2. Systems without the company’s endpoint security software installed
3. Operating systems that were not updated by the patch management system
Which of the following recommendations should the penetration tester provide to address the root issue?
A. Add all systems to the vulnerability management system.
B. Implement a configuration management system.
C. Deploy an endpoint detection and response system.
D. Patch the out-of-date operating systems.
Correct Answer: B
QUESTION 53
A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption in order to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?
A. Bluejacking
B. SSID spoofing
C. Packet sniffing
D. ARP poisoning
Correct Answer: C
QUESTION 54
Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?
A. Creating registry keys
B. Installing a bind shell
C. Executing a process injection
D. Setting up a reverse SSH connection
Correct Answer: A
QUESTION 55
A penetration tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the penetration tester request to complete a review?
A. A generative Al assistant
B. The customers designated contact
C. A cybersecurity industry peer
D. A team member
Correct Answer: D
QUESTION 56
A penetration tester obtains password dumps associated with the target and identifies strict lockout policies. The tester does not want to lock out accounts when attempting access. Which of the following techniques should the tester use?
A. Credential stuffing
B. MFA fatigue
C. Dictionary attack
D. Brute-force attack
Correct Answer: A
QUESTION 57
A penetration tester attempts unauthorized entry to the company’s server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?
A. Plug spinner
B. Bypassing
C. Decoding
D. Raking
Correct Answer: D
QUESTION 58
During an assessment, a penetration tester runs the following command:
dnscmd.exe /config /serverlevelplugindll C:usersnetadmDocumentsaddusr.dll
Which of the following is the penetration tester trying to achieve?
A. DNS enumeration
B. Privilege escalation
C. Command injection
D. A list of available users
Correct Answer: B
QUESTION 59
Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?
A. Remove the persistence mechanisms.
B. Spin down the infrastructure.
C. Preserve artifacts.
D. Perform secure data destruction.
Correct Answer: A
QUESTION 60
In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?
A. IAM
B. Block storage
C. Virtual private cloud
D. Metadata services
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.