Pentest Test 3

A penetration tester identifies an exposed corporate directory containing first and last names and phone number for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?. Smishing. Impersonation. Tailgaiting. Whaling.

A penetration tester currently conducts phishing reconnaissance using various tools and accounts for multiple intelligence-gathering platforms. The tester wants to consolidate some of the tools and accounts into one solution to analyze the output from the intelligence-gathering tools. Which of the following is the best tool for the penetration tester to use?. Caldera. SpiderFoot. Maltego. WiGLE.net.

A penetration tester is performing an assessment focused on attacking the authentication identity provider hosted within a cloud provider. During the reconnaissance phase, the tester finds that the system is using OpenID connect with OAuth and has dynamic registration enabled. Which of the following attacks should the tester try first?. A password-spraying attack against the authentication system. A brute-force attack against the authentication system. A replay attack against the authentication flow in the system. A mask attack against the authentication system.

A penetration tester is searching for vulnerabilities or misconfigurations on a container environment. Which of the following tools will the tester most likely use to achieve this objective?. Nikto. Trivy. Nessus. Nmap.

A penetration tester completed a report for a new client. Prior to sharing the report with the client, which of the following should the penetration tester request to complete a review?. A generative AI assistant. The customer's designated contact. A cybersecurity industry peer. A team member.

During a security assessment for an internal corporate network, a penetration tester wants to gain unauthorized access to internal resources by executing an attack that uses software to disguise itself as legitimate software. Which of the following host-based attacks should the tester use?. On-path. Logic bomb -. Rootkit. Buffer overflow.

A penetration tester is performing a network security assessment. The tester wants to intercept communication between two users and then view and potentially modify transmitted data. Which of the following types of on-path attacks would be best to allow the penetration tester to achieve this result?. DNS spoofing. ARP poisoning. VLAN hopping. SYN flooding.

A penetration tester successfully clones a source code repository and then runs the following command: find . -type f -exec egrep -i "token|key|login" {} \; Which of the following is the penetration tester conducting?. Data tokenization. Secrets scanning. Password spraying. Source code analysis.

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs: 2/10/2023 05:50AM C:\users\mgranite\schtasks /query 2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY Which of the following best explains the team's objective?. To enumerate current users. To determine the users' permissions. To view scheduled processes. To create persistence in the network.

A tester is finishing an engagement and needs to ensure that artifacts resulting from the test are safely handled. Which of the following is the best procedure for maintaining client data privacy?. Remove configuration changes and any tools deployed to compromised systems. Securely destroy or remove all engagement-related data from testing systems. Search through configuration files changed for sensitive credentials and remove them. Shut down C2 and attacker infrastructure on premises and in the cloud.

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?. Initiate a social engineering campaign. Perform credential dumping. Compromise an endpoint. Share enumeration.

During an external penetration test, a tester receives the following output from a tool: test.comptia.org info.comptia.org vpn.comptia.org exam.comptia.org Which of the following commands did the tester most likely run to get these results?. nslookup -type=SOA comptia.org. amass enum -passive -d comptia.org. nmap -Pn -sV -vv -A comptia.org. shodan host comptia.org.

A penetration tester is trying to get unauthorized access to a web application and execute the following command: Which of the following web application attacks is the tester performing?. Insecure direct object reference. Cross-site request forgery. Directory traversal. Local file inclusion.

A penetration tester has adversely affected a critical system during an engagement, which could have a material impact on the organization. Which of the following should the penetration tester do to address this issue?. Restore the configuration. Perform a BIA. Follow the escalation process. Select the target.

A penetration tester must identify vulnerabilities within an ICS that is not connected to the internet or enterprise network. Which of the following should the tester utilize to conduct the testing?. Channel scanning. Stealth scans. Source code analysis. Manual assessment.

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?. sqlmap -u www.example.com/?id=1 --search -T user. sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C cred. sqlmap -u www.example.com/?id=1 --tables -D accounts. sqlmap —u www.example.com/?id=1 --schema --current-user --current-db.

A penetration tester is compiling the final report for a recently completed engagement. A junior QA team member wants to know where they can find details on the impact, overall security findings, and high-level statements. Which of the following sections of the report would most likely contain this information?. Quality control. Methodology. Executive summary. Risk scoring.

Which of the following elements in a lock should be aligned to a specific level to allow the key cylinder to turn?. Latches. Pins. Shackle. Plug.

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to ensure that reverse shell payloads are no longer running?. Run scripts to terminate the implant on affected hosts. Spin down the C2 listeners. Restore the firewall settings of the original affected hosts. Exit from C2 listener active sessions.

A penetration tester needs to identify all vulnerable input fields on a customer website. Which of the following tools would be best suited to complete this request?. DAST. SAST. IAST. SCA.

A penetration tester runs a network scan but has some issues accurately enumerating the vulnerabilities due to the following error: OS identification failed - Which of the following is most likely causing this error?. The scan did not reach the target because of a firewall block rule. The scanner database is out of date. The scan is reporting a false positive. The scan cannot gather one or more fingerprints from the target.

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?. Network configuration errors in Kubernetes services. Weaknesses and misconfigurations in the Kubernetes cluster. Application deployment issues in Kubernetes. Security vulnerabilities specific to Docker containers.

During a security assessment, a penetration tester wants to compromise user accounts without triggering IDS/IPS detection rules. Which of the following is the most effective way for the tester to accomplish this task?. Crack user accounts using compromised hashes. Brute force accounts using a dictionary attack. Bypass authentication using SQL injection. Compromise user accounts using a XSS attack.

During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?. certutil.exe. bitsadmin.exe. msconfig.exe. netsh.exe.

During an engagement, a penetration tester runs the following command against the host system: host -t axfr domain.com dnsl.domain.com Which of the following techniques best describes what the tester is doing?. Zone transfer. Host enumeration. DNS poisoning. DNS query.

Which of the following are valid reasons for including base, temporal, and environmental CVSS metrics in the findings section of a penetration testing report? (Choose two.). Providing details on how to remediate vulnerabilities. Helping to prioritize remediation based on threat context. Including links to the proof-of-concept exploit itself. Providing information on attack complexity and vector. Prioritizing compliance information needed for an audit. Adding risk levels to each asset.

During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?. EXIF. GIF. COFF. ELF.

A penetration tester needs to exploit a vulnerability in a wireless network that has weak encryption in order to perform traffic analysis and decrypt sensitive information. Which of the following techniques would best allow the penetration tester to have access to the sensitive information?. Bluejacking. SSID spoofing. Packet sniffing. ARP poisoning.

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?. Phishing. Tailgaiting. Whaling. Spear Phishing.

During a penetration test, a tester compromises a Windows computer. The tester executes the following command and receives the following output: mimikatz # privilege::debug mimikatz # lsadump::cache -Output--- lapsUser 27dh9128361tsg264592101387541j --OutputEnd-- Which of the following best describes what the tester plans to do by executing the command?. The tester plans to perform the first step to execute a Golden Ticket attack to compromise the Active Directory domain. The tester plans to collect application passwords or hashes to compromise confidential information within the local computer. The tester plans to use the hash collected to perform lateral movement to other computers using a local administrator hash. The tester plans to collect the ticket information from the user to perform a Kerberoasting attack on the domain controller.

During an assessment, a penetration tester obtains an NTLM hash from a legacy Windows machine. Which of the following tools should the penetration tester use to continue the attack?. Responder. Hydra. Bloodhound. CrackMapExec.

An external legal firm is conducting a penetration test of a large corporation. Which of the following would be most appropriate for the legal firm to use in the subject line of a weekly email update?. Privileged & Confidential Status Update. Action Required Status Update. Important Weekly Status Update. Urgent Status Update.

A penetration tester needs to evaluate the security of example.com and gather stealthy information using DNS. Which of the following is the best tool for the tester to use?. Nikto. InSSIDer. masscan. Recon-ng.

A penetration tester gains access to a chrooted environment and runs service -- status-all on a target host. The tester reviews the following output: [ + ] cron [ + ] dhcp [ - ] tomcat [ - ] xserver [ + ] ssh The only other commands that the tester can execute are ps, nc, tcpdump, and crontab. Which of the following is the best method to maintain persistence?. Validate write access to crontab and add a reverse shell. Capture credentials to use with tcpdump. Scan the X11 server from the outside for unauthenticated connectivity. Check access to the tomcat default manager page and use an LFI payload.

A penetration tester completes a scan and sees the following output on a host: Nmap scan report for victim (10.10.10.10) Host is up (0.0001s latency) PORT STATE SERVICE - 161/udp open|filtered snmp 445/tcp open microsoft-ds 3389/tcp open microsoft-ds Running Microsoft Windows 7 - OS CPE: cpe./o.microsoft.windows_7_sp0 The tester wants to obtain shell access. Which of the following related exploits should the tester try first?. exploit/windows/smb/psexec. exploit/windows/smb/ms08_067_netapi. exploit/windows/smb/ms17_010_eternalblue. auxillary/scanner/snmp/snmp_login.

A company hires a penetration tester to test the security implementation of its wireless networks. The main goal for this assessment is to intercept and get access to sensitive data from the company's employees. Which of the following tools should the security professional use to best accomplish this task?. Metasploit. WiFi-Pumpkin. SET. theHarvester. WiGLE.net.

While conducting a reconnaissance activity, a penetration tester extracts the following information: Emails: - [email protected] - [email protected] - [email protected] Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?. Unauthorized access to the network. Exposure of sensitive servers to the internet. Likelihood of SQL injection attacks. Indication of a data breach in the company.

A penetration tester is preparing a password-spraying attack against a known list of users for the company "example." The tester is using the following list of commands: 1. pw-inspector -i $allwords | tee $pass 2. spray365.py spray -ep $plan 3. users="~/user.txt"; allwords="~/words.txt"; pass="~/passwords.txt"; plan="~/ spray.plan" 4. spray365.py generate --password_file $pass --user file $user --domain "example.com" --execution_plan $plan 5. cewl -m 5 "http://www.example.com" -w $allwords Which of the following is the correct order for the list of the commands?. 3, 4, 1, 2, 5. 3, 1, 2, 5, 4. 2, 3, 1, 4, 5. 3, 5, 1, 4, 2.

During a penetration testing exercise, a team decides to use a watering hole strategy. Which of the following is the most effective approach for executing this attack?. Compromise a website frequently visited by the organization's employees. Launch a DDoS attack on the organization's website. Create fake social media profiles to befriend employees. Send phishing emails to the organization's employees.

During a testing engagement, a penetration tester compromises a host and locates data for exfiltration. Which of the following are the best options to move the data without triggering a data loss prevention tool? (Choose two.). Move the data using a USB flash drive. Compress and encrypt the data. Rename the file name extensions. Use FTP for exfiltration. Encode the data as Base64. Send the data to a commonly trusted service.

Which of the following will reduce the possibility of introducing errors or bias in a penetration test report?. Secure distribution. Peer review. Use AI. Goal reprioritization.

A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did penetration tester most likely use?. Shoulder surfing. Dumpster diving. Spear phishing. Tailgating.

During an assessment, a penetration tester obtains access to an internal server and would like to perform further reconnaissance by capturing LLMNR traffic. Which of the following tools should the tester use?. Burp Suite. Netcat. Responder. Nmap.

A penetration tester needs to obtain sensitive data from several executives who regularly work while commuting by train. Which of the following methods should the tester use for this task?. Shoulder surfing. Credential harvesting. Bluetooth spamming. MFA fatigue.

While performing reconnaissance, a penetration tester attempts to identify publicly accessible ICS and IoT systems. Which of the following tools is most effective for this task?. theHarvester. Shodan. Amass. Nmap.

A penetration tester successfully gained access to manage resources and services within the company’s cloud environment. This was achieved by exploiting poorly secured administrative credentials that had extensive permissions across the network. Which of the following credentials was the tester able to obtain?. IAM credentials. SSH key for cloud instance. Cloud storage credentials. Temporary security credentials (STS).

Which of the following frameworks can be used to classify threats?. PTES. STRIDE. OSSTMM. OCTAVE.

A penetration tester is enumerating a Linux system. The goal is to modify the following script to provide more comprehensive system information: #!/bin/bash ps aux >> linux enum.txt Which of the following lines would provide the most comprehensive enumeration of the system?. cat /etc/passwd >> linux_enum.txt netstat -tulr >> linux_enum.txt cat /etc/bash.bashrc >> linux_enum. txt. whoami >> linux_enum.txt uname -a >> linux_enum.txt ifconfig >> linux_enum.txt. hostname >> linux_enum.txt echo $USER >> linux_enum.txt curl ifconfig.me >> linux_enum.txt. lsof -i >> linux_enum.txt uname -a >> linux_enum.txt ls /home/ >> linux_enum.txt.

During an assessment, a penetration tester sends the following request: POST /services/v1/users/create HTTP/1.1 Host: target-application.com - Content-Type: application/json - Content-Length: [dynamic] Authorization: Bearer [FUZZE] Which of the following attacks is the penetration tester performing?. Directory traversal. API abuse. Server-side request forgery. Privilege escalation.

During a penetration test, the tester identifies several unused services that are listening on all targeted internal laptops: Which of the following technical controls should the tester recommend to reduce the risk of compromise?. Multifactor authentication. Patch management. System hardening. Network segmentation.

Which of the following elements of a penetration test report can be used to most effectively prioritize the remediation efforts for all the findings?. Methodology. Detailed findings list. Risk score. Executive summary.

A penetration tester observes the following output from an Nmap command while attempting to troubleshoot connectivity to a Linux server. Which of the following is the most likely reason for the connectivity issue?. The SSH service is running on a different port. The SSH service is blocked by a firewall. The SSH service requires certificate authentication. The SSH service is not active.