Question 11
SIMULATION -You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS -Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question 12
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.
Which of the following tools can help the tester achieve this goal?
A. Metasploit
B. Hydra
C. SET
D. WPScan
Question 13
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
A. Unsupported operating systems
B. Susceptibility to DDoS attacks
C. Inability to network
D. The existence of default passwords
Question 14
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
A. To remove hash-cracking registry entries
B. To remove the tester-created Mimikatz account
C. To remove tools from the server
D. To remove a reverse shell from the system
Question 15
A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
A. nmap 192.168.1.1-5 -PU22-25,80
B. nmap 192.168.1.1-5 -PA22-25,80
C. nmap 192.168.1.1-5 -PS22-25,80
D. nmap 192.168.1.1-5 -Ss22-25,80
Question 16
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?
A. The HTTP port is not open on the firewall.
B. The tester did not run sudo before the command.
C. The web server is using HTTPS instead of HTTP.
D. This URI returned a server error.
Question 17
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.
Which of the following MOST likely describes what happened?
A. The penetration tester was testing the wrong assets.
B. The planning process failed to ensure all teams were notified.
C. The client was not ready for the assessment to start.
D. The penetration tester had incorrect contact information.
Question 18
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?
A. Uncover potential criminal activity based on the evidence gathered.
B. Identify all the vulnerabilities in the environment.
C. Limit invasiveness based on scope.
D. Maintain confidentiality of the findings.
Question 19
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees' numbers?
A. Web archive
B. GitHub
C. File metadata
D. Underground forums
Question 20
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?
A. Run nmap with the -O, -p22, and -sC options set against the target.
B. Run nmap with the -sV and -p22 options set against the target.
C. Run nmap with the --script vulners option set against the target.
D. Run nmap with the -sA option set against the target.
