PEN Testing Final Exam| (Answered) With Complete Verified Solution

PEN Testing Final Exam| (Answered) With Complete Verified Solution Ryan is conducting a penetration test and is targeting a database server. Which one of the following tools would best assist him in detecting vulnerabilities on that server? sqlmap Which of the following threat actors is the most dangerous based on the adversary tier list? APTs Joe is examining the logs for his web server and discovers that a user sent input to a web application that contained the string WAITFOR. What type of attack was the user likely attempting? Timing-based SQL injection During a penetration test, Mike uses double tagging to send traffic to another system. What technique is he attempting? VLAN hopping What does an MSA typically include? The terms that will govern future agreements. What type of legal assessment typically covers sensitive data and information that a penetration tester may encounter while performing an assessment? an NDA What penetration testing strategy is also known as "zero knowledge" testing? Black box testing Which one of the following protocols should never be used on a public network? Telnet Examine the following network diagram. What is the most appropriate location for a web application firewall (WAF) on this network? Location D Which of the following is a static code analysis tool? YASCA Which one of the following is NOT a password cracking utility? OWASP ZAP Chris runs an Nmap scan against the 10.10.0.0/16 network that his employer uses as an internal network range for the entire organization. If he uses the -T0 flag, what issue is he likely to encounter? The scan will progress at a very slow speed. Which one of the following values for the confidentiality, integrity, or availability CVSS metric would indicate the potential for a total compromise of a system? C Kevin recently identified a new security vulnerability and computed the CVSSv2 base score as 6.5. Which risk category would this vulnerability fall into? High Which of the following is NOT a reason to conduct periodic penetration tests of systems and applications? Cost What is required for Jason to conduce a cold-boot attack against a system? Physical access Which of the following is NOT a benefit of using an internal penetration test team. Independence Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred? False positive Jack is conducting a penetration test for a customer in Japan. What NIC is he most likely to need to check for information about his client's networks? APNIC Which one of the following activities assumes that an organization has already been compromised? Threat hunting Which one of the following tools is an exploitation framework commonly used by penetration testers? Metasploit Which of the following is a debugging tool compatible with Linux systems? GDB Beth recently conducted a phishing attack against a penetration testing target in an attempt to gather credentials that she might use in later attacks. What stage in the penetration testing process is Beth in? Attacking and Exploiting Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? Read-only Where are the LSA Secrets stored on a Windows system? The Registry During the scoping phase of a penetration test, Lauren is provided with the IP range of the systems she will test, as well as information about what the systems run, but she does not recieve a full network diagram. What type of assessment is she most likely conducting? A gray box assessment Which of the following tools provides information about a domain's registrar and physical location? WHOIS Rick wants to look at the advertised routes to his target. What type of service should he look for to do this? A BGP looking glass What technique is being used in the following command: host -t axfr Zone transfer Edward Snowden gathered a massive quantity of sensitive information from the National Security Agency and released it to the media. What type of attack did he wage? Disclosure In what type of attack does the attacker place more information in a memory location than is allocated for that use? Buffer overflow Tom's organization currently sues password-based authentication and would like to move to multifactor authentication. Which one of the following is an acceptable second factor? smartphone app What type of Bluetooth attack attempts to send unsolicited messages via Bluetooth devices? bluejacking What type of attack depends upon the fact that users are often logged into many websites simultaneously in the same browser? cross-site request forgery Steve is working from an un-privileged user account that was obtained as part of a penetration test. he has discovered that the host he is on has Nmap installed and wants to scan other hosts in his subnet to identify potential targets as part of a pivot attempt. What flag is he likely to use to successfully scan hosts from this account? -sT Which one of the following is not a common category of remediation activity? Testing Cameron runs the following command via an administrative shell on a Windows system he has compromised. What has he accomplished? $command = 'cmd /c -c Set-WSManQuickConfig -Force;Set-Item WSMAN:localhostServiceAuthBasic -Value $True;Set-Item WSMAn:localhostServiceAllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force He has set up PSRemoting Which one of the following security assessment tools is not commonly used during the Information Gathering and Vulnerability Identification phase of a penetration test? Metasploit Karen identifies TCP ports 8080 and 8443 open on a remote system during a port scan. What tool is her best option to manually validate what is running on these ports? A web browser Alan is creating a list of recommendations that his organization can follow to remediate issues identified during a penetration test. In what phase of the testing process is Alan participating? reporting and communicating results Mike wants to enter an organization's high-security data center. Which of the following techniques is most likely to stop his tailgating attempt? a mantrap Andrew know that the employees at his target company frequently visit a football discussion site popular in the local area. As part of his penetration testing, he successfully places malware on the site and takes over multiple PCs belonging to employees. What type of attack has he used? a watering hole attack After running an SNMP sweep, Greg finds that he didn't receive any results. If he knows there are not network protection devices in place and that there are devices that should respond to SNMP queries, what problem does he most likely have? There is an incorrect community string. During an Nmap scan, Casey uses the -O flag. The scan identified the host as follows: RunningL Linux 2.6.xOS CPE: cpe:/o:linux:linux_kernel:2.6OS Details: Linux 2.6.9 - 2.6.33 The system is running a Linux 2.6 kernel between .9 and .33 Which one of the following technologies, when used within an organization, is the LEAST likely to interfere with vulnerability scanning results achieved by external penetration testers? encryption Chris cross-compiles code for his exploit and deploys it. Why would he cross-compile code? to run it on a different architecture Angela wants to run John the Ripper against a hashed password file she acquired from a compromise. What information does she need to know to successfully crack the file? none of the above During a penetration test, Alex discovers that he is unable to scan a server that he was able to successfully scan earlier in the day from the same IP address. What has most likely happened? His IP address was blacklisted. Chris is conducting an onsite penetration test. The test is a gray box test, and he is permitted onsite but has not been given access to the wired or wireless networks. He knows he needs to gain access to both to make further progress. Which of the following NAC systems would be the easiest for Chris to bypass? a MAC address filter Which one of the following function calls is closely associated with Linux command injection attacks? system() Which of the following items is not appropriate for the executive summary of a penetration testing report? technical detail