Question 61
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?
A. Shodan
B. Nmap
C. WebScarab-NG
D. Nessus
Question 62
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
A. Whether the cloud service provider allows the penetration tester to test the environment
B. Whether the specific cloud services are being used by the application
C. The geographical location where the cloud services are running
D. Whether the country where the cloud service is based has any impeding laws
Question 63
HOTSPOT -You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTION -Giving the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Hot Area:
Question 64
A penetration tester runs the unshadow command on a machine.
Which of the following tools will the tester most likely use NEXT?
A. John the Ripper
B. Hydra
C. Mimikatz
D. Cain and Abel
Question 65
A penetration tester obtained the following results after scanning a web server using the dirb utility:
Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. index.html
B. about
C. info
D. home.html
Question 66
A company has hired a penetration tester to deploy and set up a rogue access point on the network.
Which of the following is the BEST tool to use to accomplish this goal?
A. Wireshark
B. Aircrack-ng
C. Kismet
D. Wifite
Question 67
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop.
Which of the following can be used to ensure the tester is able to maintain access to the system?
A. schtasks /create /sc /ONSTART /tr C:\Temp|WindowsUpdate.exe
B. wmic startup get caption,command
C. crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
D. sudo useradd -ou 0 -g 0 user
Question 68
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A. PLCs will not act upon commands injected over the network.
B. Supervisors and controllers are on a separate virtual network by default.
C. Controllers will not validate the origin of commands.
D. Supervisory systems will detect a malicious injection of code/commands.
Question 69
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:
Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
A. Run an application vulnerability scan and then identify the TCP ports used by the application.
B. Run the application attached to a debugger and then review the application's log.
C. Disassemble the binary code and then identify the break points.
D. Start a packet capture with Wireshark and then run the application.
Question 70
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
A. security compliance regulations or laws may be violated.
B. testing can make detecting actual APT more challenging.
C. testing adds to the workload of defensive cyber- and threat-hunting teams.
D. business and network operations may be impacted.
