Which of the following web-application security risks are part of the OWASP Top 10 v2017?

02/11/2022 – by Mod_GuideK 0

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.) A. Buffer overflows B. Cross-site scripting C. Race-condition attacks D. Zero-day attacks E. Injection flaws F. Ransomware attacks

Which of the following actions is the tester MOST likely performing?

02/11/2022 – by Mod_GuideK 0

A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch -r .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing? A.…

Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

02/11/2022 – by Mod_GuideK 0

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions? A. Aircrack-ng B. Wireshark C. Wifite D. Kismet

Which of the following behaviors would be considered unethical?

02/11/2022 – by Mod_GuideK 0

A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will…

Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

02/11/2022 – by Mod_GuideK 0

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header…

Which of the following recommendations would BEST address this situation?

02/11/2022 – by Mod_GuideK 0

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their…

Which of the following actions will this script perform?

02/11/2022 – by Mod_GuideK 0

A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform? A. Look for open ports. B. Listen for a reverse shell. C. Attempt to flood open ports. D.…

Which of the following tools would be BEST for the penetration tester to use to explore this site further?

02/11/2022 – by Mod_GuideK 0

A penetration tester is exploring a client’s website. The tester performs a curl command and obtains the following: * Connected to 10.2.11.144 (::1) port 80 (#0) > GET /readmine.html HTTP/1.1 > Host: 10.2.11.144 > User-Agent: curl/7.67.0 > Accept: */* >…

SIMULATION

02/11/2022 – by Mod_GuideK 0

SIMULATION You are a penetration tester running port scans on a server. INSTRUCTIONS Part 1: Given the output, construct the command that was used to generate this output from the available options. Part 2: Once the command is appropriately constructed,…

Which of the following techniques would BEST accomplish this goal?

02/11/2022 – by Mod_GuideK 0

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal? A. RFID cloning B. RFID tagging C. Meta tagging D.…