QUESTION 61
A penetration tester has discovered sensitive files on a system. Assuming exfiltration of the files is part of the scope of the test, which of the following is most likely to evade DLP systems?
A. Encoding the data and pushing through DNS to the tester’s controlled server
B. Padding the data and uploading the files through an external cloud storage service
C. Obfuscating the data and pushing through FTP to the tester’s controlled server
D. Hashing the data and emailing the files to the tester’s company inbox
Correct Answer: A
QUESTION 62
A penetration tester is searching for vulnerabilities or misconfigurations on a container environment. Which of the following tools will the tester most likely use to achieve this objective?
A. Nikto
B. Trivy
C. Nessus
D. Nmap
Correct Answer: B
QUESTION 63
A penetration tester attempts to access an internet-facing web page while conducting research on site. However, the web page is no longer accessible. Which of the following is the best step for the tester to take to continue gathering details?
A. Change the proxy settings.
B. Try a different user agent in the browser.
C. Locate a cached version of the page.
D. Ask to have the site unblocked.
Correct Answer: C
QUESTION 64
During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?
A. Segmentation
B. Mobile
C. External
D. Web
Correct Answer: C
QUESTION 65
During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?
A. On-path
B. Logic bomb
C. Rootkit
D. Buffer overflow
Correct Answer: C
QUESTION 66
A penetration tester needs to use the native binaries on a system in order to download a file from the internet and evade detection. Which of the following tools would the tester most likely use?
A. netsh.exe
B. certutil.exe
C. nc.exe
D. cmdkey.exe
Correct Answer: B
QUESTION 67
A penetration tester plans to conduct reconnaissance during an engagement using readily available resources. Which of the following resources would most likely identify hardware and software being utilized by the client?
A. Cryptographic flaws
B. Protocol scanning
C. Cached pages
D. Job boards
Correct Answer: D
QUESTION 68
A tester wants to pivot from a compromised host to another network with encryption and the least amount of interaction with the compromised host. Which of the following is the best way to accomplish this objective?
A. Create a SSH tunnel using sshuttle to forward all the traffic to the compromised computer.
B. Configure a VNC server on the target network and access the VNC server from the compromised computer.
C. Set up a Metasploit listener on the compromised computer and create a reverse shell on the target network.
D. Create a Netcat connection to the compromised computer and forward all the traffic to the target network.
Correct Answer: A
QUESTION 69
A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked, and others) by the client’s current security tools. The threat-modeling team indicates the TTPs in the list might effect their internal systems and servers. Which of the following actions would the tester most likely take?
A. Use a BAS tool to test multiple TTPs based on the input from the threat-modeling team.
B. Perform an internal vulnerability assessment with credentials to review the internal attack surface.
C. Use a generic vulnerability scanner to test the TTPs and review the results with the threat-modeling team.
D. Perform a full internal penetration test to review all the possible exploits that could affect the systems.
Correct Answer: A
QUESTION 70
During a security audit, a penetration tester wants to run a process to gather information about a target network’s domain structure and associated IP addresses. Which of the following tools should the tester use?
A. Dnsenum
B. Nmap
C. Netcat
D. Wireshark
Correct Answer: A
QUESTION 71
A tester is finishing an engagement and needs to ensure that artifacts resulting from the test are safely handled. Which of the following is the best procedure for maintaining client data privacy?
A. Remove configuration changes and any tools deployed to compromised systems.
B. Securely destroy or remove all engagement-related data from testing systems.
C. Search through configuration files changed for sensitive credentials and remove them.
D. Shut down C2 and attacker infrastructure on premises and in the cloud.
Correct Answer: B
QUESTION 72
During an engagement, a penetration tester runs the following command against the host system:
host -t axfr domain.com dns.domain.com
Which of the following techniques best describes what the tester is doing?
A. Zone transfer
B. Host enumeration
C. DNS poisoning
D. DNS query
Correct Answer: A
QUESTION 73
A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?
A. Quality control
B. Methodology
C. Executive summary
D. Risk scoring
Correct Answer: C
QUESTION 74
During a security assessment, a penetration tester wants to compromise user accounts without triggering IDS/IPS detection rules. Which of the following is the most effective way for the tester to accomplish this task?
A. Crack user accounts using compromised hashes.
B. Brute force accounts using a dictionary attack.
C. Bypass authentication using SQL injection.
D. Compromise user accounts using a XSS attack.
Correct Answer: A
QUESTION 75
A penetration tester is testing a power plant’s network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?
A. Configure a network scanner engine and execute the scan.
B. Execute a testing framework to validate vulnerabilities on the devices.
C. Configure a port mirror and review the network traffic.
D. Run a network mapper tool to get an understanding of the devices.
Correct Answer: C
QUESTION 76
During an assessment, a penetration tester obtains a low-privilege shell and then runs the following command:
findstr /SIM /C: “pass” *.txt *.cfg *.xml
Which of the following is the penetration tester trying to enumerate?
A. Configuration files
B. Permissions
C. Virtual hosts
D. Secrets
Correct Answer: D
QUESTION 77
During a discussion of a penetration test final report, the consultant shows the following payload used to attack a system:
?/<sCRitP>aLeRt(“pwned”)</ScriPt>
Based on the code, which of the following options represents the attack executed by the tester and the associated countermeasure?
A. Arbitrary code execution; the affected computer should be placed on a perimeter network
B. SQL injection attack; should be detected and prevented by a web application firewall
C. Cross-site request forgery; should be detected and prevented by a firewall
D. XSS obfuscated; should be prevented by input sanitization
Correct Answer: D
QUESTION 78
A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application’s end users. Which of the following tools should the tester use for this task?
A. Browser Exploitation Framework
B. Maltego
C. Metasploit
D. theHarvester
Correct Answer: A
QUESTION 79
A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?
A. Shoulder surfing
B. Recon-ng
C. Social media
D. Password dumps
Correct Answer: C
QUESTION 80
Which of the following techniques is the best way to avoid detection by data loss prevention tools?
A. Encoding
B. Compression
C. Encryption
D. Obfuscation
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.