A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?
#181
Answer: B✅ Correct❌ Incorrect
A penetration tester successfully gains access to a Linux system and then uses the following command:find / -type f -ls > /tmp/recon.txtWhich of the following best describes the tester's goal?
#182
Answer: A✅ Correct❌ Incorrect
Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?
#183
Answer: D✅ Correct❌ Incorrect
During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?
#184
Answer: A✅ Correct❌ Incorrect
A penetration tester wants to download sensitive files stored on the client's file server and runs the following scan:Which of the following TCP ports should the penetration tester target as a next step?
#185
Answer: D✅ Correct❌ Incorrect
A penetration tester enters an invalid user ID on the login page of a web application. The tester receives a message indicating the user is not found. Then, the tester tries a valid user ID but an incorrect password, but the web application indicates the password is invalid. Which of the following should the tester attempt next?
#186
Answer: C✅ Correct❌ Incorrect
After completing vulnerability scans for a given test, a penetration tester needs to prioritize which potential assets are in scope and should be exploited first. Given the following scanner output:Which of the following findings should the tester prioritize first based upon a consideration of risk to the organization?
#187
Answer: C✅ Correct❌ Incorrect
A penetration tester uses a Python script to enumerate open ports across a list of IP addresses. The current script runs sequentially, which slows it down during larger engagements. The tester wants to improve the script’s performance so it can handle multiple targets simultaneously.Which of the following changes is the best way to achieve this goal?
#188
Answer: B✅ Correct❌ Incorrect
A penetration tester sets up a C2 server to manage and control payloads deployed in the target network.Which of the following tools is the most suitable for establishing a robust and stealthy connection?
#189
Answer: B✅ Correct❌ Incorrect
A penetration tester obtains a regular domain user’s set of credentials. The tester wants to attempt a dictionary attack by creating a custom word list based on the Active Directory password policy.Which of the following tools should the penetration tester use to retrieve the password policy?
#190
Answer: B✅ Correct❌ Incorrect
A penetration tester is ready to add shellcode for a specific remote executable exploit. The tester is trying to prevent the payload from being blocked by anti-malware that is running on the target.Which of the following commands should the tester use to obtain shell access?
#191
Answer: A✅ Correct❌ Incorrect
A penetration tester is investigating a buffer overflow on the myfile binary. The tester wants to send a payload to help identify the exact offset to inject the memory address to take control of the buffer.Which of the following would allow the penetration tester to quickly identify the offset?
#192
Answer: D✅ Correct❌ Incorrect
A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client’s blue team.Which of the following exfiltration methods most likely remain undetected?
#193
Answer: C✅ Correct❌ Incorrect
A penetration tester reviews the following output:Which of the following most likely describes the function of this system?
#194
Answer: D✅ Correct❌ Incorrect
During a penetration test for a client that has a diverse infrastructure, the tester scans the network using Nmap and observes the following output:Which of the following would most likely be the target device?
#195
Answer: C✅ Correct❌ Incorrect
A tester compromises a shared host that is manually audited every week due to the absence of a SIEM.Which of the following is the best way to reduce the chances of being detected?
#196
Answer: C✅ Correct❌ Incorrect
A penetration tester wants to verify whether passwords from a leaked password list can be used to access an SSH server as a legitimate user.Which of the following is the most appropriate tool for this task?
#197
Answer: D✅ Correct❌ Incorrect
A penetration tester discovers a deprecated directory in which files are accessible to anyone.Which of the following would most likely assist the penetration tester in finding sensitive information without raising suspicion?
#198
Answer: A✅ Correct❌ Incorrect
A penetration tester gains initial access to a Windows workstation on a client’s network. The tester wants to determine the next target but does not want to install software on the workstation.Which of the following is the best tool to list potential targets? E. CME
#199
Answer: A✅ Correct❌ Incorrect
A penetration tester completes an authenticated vulnerability scan of a host and receives the following results:Which of the following is most likely to cause stability when a session is created on a target machine?
#200
Answer: C✅ Correct❌ Incorrect
A penetration tester uses the Intruder tool from the Burp Suite Community Edition while assessing a web application. The tester notices the test is taking too long to complete.Which of the following tools can the tester use to accelerate the test and achieve similar results?