Pentest 2

Which of the following could be used to enhance the quality and reliability of a vulnerability scan report?. Risk analysis. Peer review. Root cause analysis. Client acceptance.

During a preengagement activity with a new customer, a penetration tester looks for assets to test. Which of the following is an example of a target that can be used for testing?. API. HTTP. IPA. ICMP.

Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?. Burp Suite. masscan. Nmap. hping.

Which of the following activities should be performed to prevent uploaded web shells from being exploited by others?. Remove the persistence mechanisms. Spin down the infrastructure. Preserve artifacts. Perform secure data destruction.

A penetration tester writes a Bash script to automate the execution of a ping command on a Class C network: Which of the following pieces of code should the penetration tester use in place of the --MISSING-TEXT-- placeholder?. crunch 1 254 loop. seq 1 254. echo 1-254. {1..254}.

Which of the following components should a penetration tester include in an assessment report?. User Activities. Customer remediation plan. Key Management. Attack Narrative.

A penetration tester writes the following script to enumerate a /24 network: The tester executes the script, but it fails with the following error: -bash: syntax error near unexpected token ‘ping’ Which of the following should the tester do to fix the error?. Add do after line 2. Replace {1..254} with $(seq 1 254). Replace bash with zsh. Replace $i with $[i].

A penetration tester launches an attack against company employees. The tester clones the company's intranet log-in page and sends the link via email to all employees. Which of the following best describes the objective and tool selected by the tester to perform this activity?. Gaining remote access using BeEF. Obtaining the list of email addresses using theHarvester. Harvesting credentials using SET. Launching a phishing campaign using Gophish.

Which of the following techniques is the best way to avoid detection by data loss prevention tools?. Encoding. Compression. Encryption. Obfuscation.

During host discovery, a security analyst wants to obtain GeoIP information and a comprehensive summary of exposed services. Which of the following tools is best for this task?. WiGLE.net. WHOIS. theHarvester. Censys.io.

A penetration tester is attempting to discover vulnerabilities in a company's web application. Which of the following tools would most likely assist with testing the security of the web application?. OpenVAS. Nessus. sqlmap. Nikto.

During a red-team exercise, a penetration tester obtains an employee's access badge. The tester uses the badge's information to create a duplicate for unauthorized entry. Which of the following best describes this action?. Smurfing. Credential stuffing. RFID cloning. Card skimming.

During an engagement, a penetration tester needs to break the key for the Wi-Fi network that uses WPA2 encryption. Which of the following attacks would accomplish this objective?. ChopChop. Replay. Initialization vector. KRACK.

A penetration tester is researching a path to escalate privileges. While enumerating current user privileges, the tester observes the following output: Which of the following privileges should the tester use to achieve the goal?. SeImpersonatePrivilege. SeCreateGlobalPrivilege. SeChangeNotifyPrivilege. SeManageVolumePrivilege.

During a routine penetration test, the client's security team observes logging alerts that indicate several ID badges were reprinted after working hours without the appropriate authorization. Which of the following is the penetration tester most likely trying to do?. Obtain long-term, valid access to the facility. Disrupt the availabilty of facility access systems. Change access to the facility for valid users. Revoke access to the facility for valid users.

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?. Establishing a reverse shell. Executing a process injection attack. Creating a scheduled task. Performing a credential-dumping attack.

A penetration tester needs to scan a remote infrastructure with Nmap. The tester issues the following command: nmap 10.10.1.0/24 Which of the following is the number of TCP ports that will be scanned?. 256. 1,000. 1024. 65,535.

During an assessment, a penetration tester gains access to one of the internal hosts. Given the following command: schtasks /create /tn "Windows Update" / sc onlogon /tr “cmd.exe /c update.exe” Which of the following is the penetration tester trying to do with this code?. Enumerate the scheduled tasks. Establish persistence. Deactivate the Windows Update functionality. Create a binary application for Windows System Updates.

Given the following statements: Implement a web application firewall. Upgrade end-of-life operating systems. Implement a secure software development life cycle. In which of the following sections of a penetration test report would the above statements be found?. Executive summary. Attack narrative. Detailed findings. Recommendations.

Which of the following is within the scope of proper handling and most crucial when working on a penetration testing report?. Keeping both video and audio of everything that is done. Keeping the report to a maximum of 5 to 10 pages in length. Basing the recommendation on the risk score in the report. Making the report clear for all objectives with a precise executive summary.