QUESTION 81
During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?
A. Golden Ticket
B. Kerberoasting
C. DCShadow
D. LSASS dumping
Correct Answer: B
QUESTION 82
In a file stored in an unprotected source code repository, a penetration tester discovers the following line of code:
sshpass -p donotchange ssh admin 192.168.6.14
Which of the following should the tester attempt to do next to take advantage of this information? (Select two).
A. Use Nmap to identify all the SSH systems active on the network.
B. Take a screen capture of the source code repository for documentation purposes.
C. Investigate to find whether other files containing embedded passwords are in the code repository.
D. Confirm whether the server 192.168.6.14 is up by sending ICMP probes.
E. Run a password-spraying attack with Hydra against all the SSH servers.
F. Use an external exploit through Metasploit to compromise host 192.168.6.14.
Correct Answer: AD
QUESTION 83
A penetration tester is attempting to discover vulnerabilities in a company’s web application. Which of the following tools would most likely assist with testing the security of the web application?
A. OpenVAS
B. Nessus
C. sqlmap
D. Nikto
Correct Answer: D
QUESTION 84
A penetration tester is performing a cloud-based penetration test against a company. Stakeholders have indicated the priority is to see if the tester can get into privileged systems that are not directly accessible from the internet. Given the following scanner information:
1. Server-side request forgery vulnerability in test.comptia.org
2. Reflected cross-site scripting vulnerability in test2.comptia.org
3. Publicly accessible storage system named static_comptia_assets
4. SSH port 22 open to the internet on test3.comptia.org
5. Open redirect vulnerability in test4.comptia.org
Which of the following of the attack paths should the tester prioritize first?
A. Synchronize all the information from the public bucket and scan it with Trufflehog.
B. Run Pacu to enumerate permissions and roles within the cloud-based systems.
C. Perform a full dictionary brute-force attack against the open SSH service using Hydra.
D. Use the reflected cross-site scripting attack within a phishing campaign to attack administrators.
E. Leverage the SSRF to gain access to credentials from the metadata service.
Correct Answer: E
QUESTION 85
A penetration tester is conducting a wireless security assessment for a client with 2.4GHz and 5GHz access points. The tester places a wireless USB dongle in the laptop to start capturing WPA2 handshakes. Which of the following steps should the tester take next?
A. Enable monitoring mode using Aircrack-ng-
B. Use Kismet to automatically place the wireless dongle in monitor mode and collect handshakes.
C. Run KARMA to break the password.
D. Research WiGLE.net for potential nearby client access points.
Correct Answer: A
QUESTION 86
During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?
A. SQL injection
B. SSRF
C. XSS
D. Server-side template injection
Correct Answer: C
QUESTION 87
During an internal penetration test, a tester compromises a windows OS-based endpoint and bypasses the defensive mechanism on that system. The tester also discovers the endpoint is part of an Active Directory local domain. The testers main goal is to leverage credentials to authenticate into other systems within the Active Directory environment. Which of the following steps should the tester take to complete the goal?
A. Use Mimikatz to collect information about the accounts and try to authenticate in other systems.
B. Use hashcat to crack a password for the local user on the compromised endpoint.
C. Use Evil-WinRM to access other systems in the network within the endpoint credentials.
D. Use Metasplolt to create and execute a payload and try to upload the payload into other systems.
Correct Answer: A
QUESTION 88
Which of the following technologies is most likely used with badge cloning? (Select two).
A. NFC
B. RFID
C. Bluetooth
D. Modbus
E. Zigbee
F. CAN bus
Correct Answer: AB
QUESTION 89
A penetration tester gains shell access to a Windows host. The tester needs to permanently turn off protections in order to install additional payload. Which of the following commands is most appropriate?
A. sc config <svc_name> start=disabled
B. sc query state=all
C. pskill <pid_svc_name>
D. net config <svc_name>
Correct Answer: A
QUESTION 90
A penetration tester obtained a shell on a Windows system. Which of the following would the tester use to gather more information about the host?
A. mnmc.exe
B. icacls.exe
C. nltest.exe
D. winver.exe
Correct Answer: C
QUESTION 91
During a routine penetration test, the client’s security team observes logging alerts that indicate several ID badges were reprinted after working hours without the appropriate authorization. Which of the following is the penetration tester most likely trying to do?
A. Obtain long-term, valid access to the facility.
B. Disrupt the availability of facility access systems.
C. Change access to the facility for valid users.
D. Revoke access to the facility for valid users.
Correct Answer: A
QUESTION 92
A penetration tester is developing the rules of engagement for a potential client. Which of the following would most likely be specified in the rules of engagement?
A. Testing window
B. Terms of service
C. Authorization letter
D. Shared responsibilities
Correct Answer: A
QUESTION 93
A penetration tester gains access to a Linux computer system. The tester then attempts to enumerate user accounts, including the directories and user default shell. Which of the following commands should the tester use to enumerate user accounts?
A. cat /etc/shadcw
B. is /var/usr
C. is /home
D. cat /etc/passwd
Correct Answer: A
QUESTION 94
A penetration tester launches an attack against company employees. The tester clones the company’s intranet log-in page and sends the link via email to all employees. Which of the following best describes the objective and tool selected by the tester to perform this activity?
A. Gaining remote access using BeEF
B. Obtaining the list of email addresses using theHarvester
C. Harvesting credentials using SET
D. Launching a phishing campaign using Gophish
Correct Answer: C
QUESTION 95
A penetration testing company is defining the rules of engagement with a client. Which of the following should the company include?
A. Non-disclosure agreement
B. Escalation process
C. URL list
D. Authorization letter
Correct Answer: B
QUESTION 96
A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client’s offices. Which of the following techniques should the penetration tester leverage?
A. Port mirroring
B. Sidecar scanning
C. ARP poisoning
D. Channel scanning
Correct Answer: D
QUESTION 97
A client recently hired a penetration testing firm to conduct an assessment of their consumer-facing web application. Several days into the assessment, the client’s networking team observes a substantial increase in DNS traffic. Which of the following would most likely explain the increase in DNS traffic?
A. Covert data exfiltration
B. URL spidering
C. HTML scrapping
D. DoS attack
Correct Answer: B
QUESTION 98
Which of the following describes the process of determining why a vulnerability scanner is not providing results?
A. Root cause analysis
B. Secure distribution
C. Peer review
D. Goal reprioritization
Correct Answer: A
QUESTION 99
During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?
A. ChopChop
B. Replay
C. Initialization vector
D. KRACK
Correct Answer: D
QUESTION 100
A penetration tester identifies an exposed corporate directory containing first and last names and phone number for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?
A. Smishing
B. Impersonation
C. Tailgating
D. Whaling
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.