Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical
security assessment an example of?
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?
Which of the following attacks is commonly combined with cross-site scripting for session hijacking?
A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next
step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the
following would BEST meet this goal?
When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO)
A constant wants to scan all the TCP Pots on an identified device. Which of the following Nmap switches will complete this task?
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report. Which of the following is the MOST likely reason for the reduced severity?
Which of the following can be used to perform online password attacks against RDP?
An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK Which of the following attack vectors would the attacker MOST likely use?
A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO).
A security assessor completed a comprehensive penetration test of a company and its networks and systems.
During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's
intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor,
although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of
Which of the following documents BEST describes the manner in which a security assessment will be conducted?
Which of the following commands will allow a tester to enumerate potential unquoted services paths on a host?
Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimikatz to pull credentials?
Given the following Python script:
import socket as skt
for port in range (1,1024):
sox.connect ((‘127.0.0.1’, port))
print ‘%d:OPEN’ % (port)
Which of the following is where the output will go?
Which of the following CPU registers does the penetration tester need to overwrite in order to exploit a simple
If a security consultant comes across a password hash that resembles the following
b117 525b3454 7Oc29ca3dBaeOb556ba8
Which of the following formats is the correct hash type?
A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten
vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate
all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
In which of the following scenarios would a tester perform a Kerberoasting attack?
A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:
DEFAULT GATEWAY: 192.168.1.254
DNS: 192.168.10.10, 192.168.20.10
Which of the following commands should the malicious user execute to perform the MITM attack?
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions
during ingest into a Windows application. Before beginning to test the application, which of the following should
the assessor request from the organization?
During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?
A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?
Which of the following is the purpose of an NDA?
A company’s corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning. Which of the following should an employee abide by?
Click the exhibit button.
Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)