لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
A. Wait for the next login and perform a downgrade attack on the server
B. Capture traffic using Wireshark
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement? A.Direct-to-origin B.Cross-site scripting C.Malware injection D.Credential harvesting
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM
عرض الإجابة
اجابة صحيحة: C
السؤال #3
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
A. Halt the penetration test
B. Contact law enforcement
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
A. nmap –p0 –T0 –sS 192
B. nmap –sA –sV --host-timeout 60 192
عرض الإجابة
اجابة صحيحة: B
السؤال #5
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
A. The CVSS score of the finding
B. The network location of the vulnerable device C
E. The name of the person who found the flaw
F. The tool used to find the issue
عرض الإجابة
اجابة صحيحة: D
السؤال #6
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?
A. Manually check the version number of the VoIP service against the CVE release
B. Test with proof-of-concept code from an exploit database C
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?
A. Phishing
B. Tailgating C
عرض الإجابة
اجابة صحيحة: A
السؤال #8
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
A. Test for RFC-defined protocol conformance
B. Attempt to brute force authentication to the service
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A. Edit the discovered file with one line of code for remote callback
B. Download
عرض الإجابة
اجابة صحيحة: A
السؤال #10
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. Add a dependency checker into the tool chain
B. Perform routine static and dynamic analysis of committed code
عرض الإجابة
اجابة صحيحة: A
السؤال #11
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
A. Forensically acquire the backdoor Trojan and perform attribution
B. Utilize the backdoor in support of the engagement C
عرض الإجابة
اجابة صحيحة: AB
السؤال #12
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
A. Cross-site request forgery
B. Server-side request forgery C
عرض الإجابة
اجابة صحيحة: D
السؤال #13
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports? A.OpenVAS B.Drozer C.Burp Suite D.OWASP ZAP
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports? A
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A penetration tester performs the following command: curl –I –http2 https://www.comptia.org Which of the following snippets of output will the tester MOST likely receive? A.Option A B.Option B C.Option C D.Option D
A penetration tester performs the following command: curl –I –http2 https://www. omptia
عرض الإجابة
اجابة صحيحة: CF
السؤال #15
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
A. iam_enum_permissions
B. iam_privesc_scan C
عرض الإجابة
اجابة صحيحة: A
السؤال #16
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
A. Immunity Debugger B
عرض الإجابة
اجابة صحيحة: C
السؤال #17
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
A. Acceptance by the client and sign-off on the final report
B. Scheduling of follow-up actions and retesting C
عرض الإجابة
اجابة صحيحة: B
السؤال #18
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal? A.VRFY and EXPN
B. VRFY and TURN C
عرض الإجابة
اجابة صحيحة: B
السؤال #19
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
A. Run nmap with the –o, -p22, and –sC options set against the target
B. Run nmap with the –sV and –p22 options set against the target C
عرض الإجابة
اجابة صحيحة: B
السؤال #20
A penetration tester runs the following command on a system: find / -user root –perm -4000 –print 2>/dev/null Which of the following is the tester trying to accomplish? A.Set the SGID on all files in the / directory
B. Find the /root directory on the system C
عرض الإجابة
اجابة صحيحة: E
السؤال #21
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following tools will help the tester prepare an attack for this scenario?
A. Hydra and crunch
B. Netcat and cURL C
عرض الإجابة
اجابة صحيحة: C
السؤال #22
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?
A. Enforce mandatory employee vacations
B. Implement multifactor authentication C
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat
A. Which of the following should the tester do with this information to make this a successful exploit? A
B. Conduct a watering-hole attack
عرض الإجابة
اجابة صحيحة: A
السؤال #24
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?
A. Determine active hosts on the network
B. Set the TTL of ping packets for stealth
عرض الإجابة
اجابة صحيحة: D
السؤال #25
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database? A.MD5 B.bcrypt C.SHA-1 D.PBKDF2
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database? A
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Which of the following would MOST likely be included in the final report of a static applicationsecurity test that was written with a team of application developers as the intended audience?
A. Executive summary of the penetration-testing methods used
B. Bill of materials including supplies, subcontracts, and costs incurred during assessment C
عرض الإجابة
اجابة صحيحة: C
السؤال #27
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. nmap 192
B. nmap 192
عرض الإجابة
اجابة صحيحة: B
السؤال #28
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important dat
A. Which of the following was captured by the testing team?
A. Multiple handshakes
B. IP addresses C
عرض الإجابة
اجابة صحيحة: D
السؤال #29
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting Which of the following methodologies does the client use?
A. OWASP Web Security Testing Guide
B. PTES technical guidelines C
عرض الإجابة
اجابة صحيحة: D
السؤال #30
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
A. John the Ripper B
عرض الإجابة
اجابة صحيحة: A
السؤال #31
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal? A.<# B.<$ C.## D.#$ E.#!
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal? A
عرض الإجابة
اجابة صحيحة: D
السؤال #32
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A. Analyze the malware to see what it does
B. Collect the proper evidence and then remove the malware
E. Stop the assessment and inform the emergency contact
عرض الإجابة
اجابة صحيحة: B
السؤال #33
Which of the following tools provides Python classes for interacting with network protocols?
A. Responder
B. Impacket C
عرض الإجابة
اجابة صحيحة: A
السؤال #34
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system? A.Weekly
B. Monthly C
عرض الإجابة
اجابة صحيحة: D
السؤال #35
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
A. Whether the cloud service provider allows the penetration tester to test the environment
B. Whether the specific cloud services are being used by the application C
عرض الإجابة
اجابة صحيحة: A
السؤال #36
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to: Have a full TCP connection Send a "hello" payload Walt for a response Send a string of characters longer than 16 bytes Which of the following approaches would BEST support the objective
A. Run nmap –Pn –sV –script vuln
B. Employ an OpenVAS simple scan against the TCP port of the host
عرض الإجابة
اجابة صحيحة: D
السؤال #37
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
A. Alternate data streams
B. PowerShell modules C
عرض الإجابة
اجابة صحيحة: B
السؤال #38
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results? A.Root user
B. Local administrator C
عرض الإجابة
اجابة صحيحة: A
السؤال #39
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info: | Target Name: WEB3 | NetBIOS_Computer_Name: WEB3 | Product_Version: 6.3.9600 |_ System_Tim
A. ftp 192
B. smbclient \\\\WEB3\\IPC$ -I 192
E. nmap –-script vuln –sV 192
عرض الإجابة
اجابة صحيحة: C
السؤال #40
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
A. nmap –vv sUV –p 53, 123-159 10
B. nmap –vv sUV –p 53,123,161-162 10
عرض الإجابة
اجابة صحيحة: A
السؤال #41
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective? A.Socat
B. tcpdump C
عرض الإجابة
اجابة صحيحة: C
السؤال #42
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)
A. IP addresses and subdomains
B. Zone transfers C
E. Externally facing open ports
F. Shodan results
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment? A.Smurf
B. Ping flood C
عرض الإجابة
اجابة صحيحة: D
السؤال #44
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems: A.will reveal vulnerabilities in the Modbus protocol.
B. may cause unintended failures in control systems
عرض الإجابة
اجابة صحيحة: D
السؤال #45
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action? A.ROE B.SLA C.MSA D.NDA
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines
عرض الإجابة
اجابة صحيحة: B
السؤال #46
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?
A. Perform forensic analysis to isolate the means of compromise and determine attribution
B. Incorporate the newly identified method of compromise into the red team's approach
عرض الإجابة
اجابة صحيحة: A
السؤال #47
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
A. Clarify the statement of work
B. Obtain an asset inventory from the client
عرض الإجابة
اجابة صحيحة: B
السؤال #48
Which of the following is the MOST effective person to validate results from a penetration test?
A. Third party
B. Team leader C
عرض الإجابة
اجابة صحيحة: E
السؤال #49
A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap –O –A –sS –p- 100.100.100.50 Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
A. A firewall or IPS blocked the scan
B. The penetration tester used unsupported flags
عرض الإجابة
اجابة صحيحة: B
السؤال #50
A penetration tester ran the following command on a staging server: python –m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?
A. nc 10
B. powershell –exec bypass –f \\10
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: