NEW QUESTION 1
A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the following would MOST likely accomplish this goal?

• A. Using OpenVAS in default mode
• B. Using Nessus with credentials
• C. Using Nmap as the root user
• D. Using OWASP ZAP

Answer: B

Explanation:
Using credentials during a vulnerability scan allows the scanner to gather more detailed information about the target system, including installed software, patch levels, and configuration settings. This helps to reduce the likelihood of false positives and increase the true positives of the results. Nessus is a popular vulnerability scanner that supports credential-based scanning and can be used to accomplish this goal. OpenVAS and Nmap are also popular scanning tools, but using default mode or running as the root user alone may not provide the necessary level of detail for accurate vulnerability identification. OWASP ZAP is a web application scanner and may not be applicable for non-web-based targets.

NEW QUESTION 2
A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

• A. A handheld RF spectrum analyzer
• B. A mask and personal protective equipment
• C. Caution tape for marking off insecure areas
• D. A dedicated point of contact at the client
• E. The paperwork documenting the engagement
• F. Knowledge of the building's normal business hours

Answer: DE

Explanation:
Always carry the contact information and any documents stating that you are approved to do this.

NEW QUESTION 3
Which of the following factors would a penetration tester most likely consider when testing at a location?

• A. Determine if visas are required.
• B. Ensure all testers can access all sites.
• C. Verify the tools being used are legal for use at all sites.
• D. Establish the time of the day when a test can occur.

Answer: D

Explanation:
One of the factors that a penetration tester would most likely consider when testing at a location is to establish the time of day when a test can occur. This factor can affect the scope, duration, and impact of the test, as well as the availability and response of the client and the testers. Testing at different times of day can have different advantages and disadvantages, such as testing during business hours to simulate realistic scenarios and traffic patterns, or testing after hours to reduce disruption and interference. Testing at different locations may also require adjusting for different time zones and daylight saving times. Establishing the time of day when a test can occur can help plan and coordinate the test effectively and avoid confusion or conflict with the client or other parties involved in the test. The other options are not factors that a penetration tester would most likely consider when testing at a location.

NEW QUESTION 4
A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:

Which of the following represents what the penetration tester is attempting to accomplish?

• A. DNS cache poisoning
• B. MAC spoofing
• C. ARP poisoning
• D. Double-tagging attack

Answer: D

Explanation:
https://scapy.readthedocs.io/en/latest/usage.html

NEW QUESTION 5
A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?

• A. Tailgating
• B. Dumpster diving
• C. Shoulder surfing
• D. Badge cloning

Answer: D

NEW QUESTION 6
Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

• A. After detection of a breach
• B. After a merger or an acquisition
• C. When an organization updates its network firewall configurations
• D. When most of the vulnerabilities have been remediated

Answer: D

NEW QUESTION 7
A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root. During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks. To avoid disrupting this user’s work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?

• A. Add a web shell to the root of the website.
• B. Upgrade the reverse shell to a true TTY terminal.
• C. Add a new user with ID 0 to the /etc/passwd file.
• D. Change the password of the root user and revert after the test.

Answer: C

Explanation:
The best option for the penetration tester to maintain root-level persistence on this server during the test is to add a new user with ID 0 to the /etc/passwd file. This will allow the penetration tester to use the same user account as the other user, but with root privileges, meaning that it won’t disrupt the other user’s work. This can be done by adding a new line with the username and the numerical user ID 0 to the /etc/passwd file. For example, if the username for the other user is “johndoe”, the line to add would be “johndoe:x:0:0:John Doe:/root:/bin/bash”. After the user is added, the penetration tester can use the “su” command to switch to the new user and gain root privileges.

NEW QUESTION 8
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.
Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

• A. Sniff and then crack the WPS PIN on an associated WiFi device.
• B. Dump the user address book on the device.
• C. Break a connection between two Bluetooth devices.
• D. Transmit text messages to the device.

Answer: B

Explanation:
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos.

NEW QUESTION 9
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

• A. Aircrack-ng
• B. Wireshark
• C. Wifite
• D. Kismet

Answer: A

Explanation:
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

NEW QUESTION 10
An organization wants to identify whether a less secure protocol is being utilized on a wireless network. Which of the following types of attacks will achieve this goal?

• A. Protocol negotiation
• B. Packet sniffing
• C. Four-way handshake
• D. Downgrade attack

Answer: D

Explanation:
A downgrade attack is a type of attack that exploits a vulnerability in the protocol negotiation process between a client and a server to force them to use a less secure protocol than they originally intended. A downgrade attack can be used to identify whether a less secure protocol is being utilized on a wireless network by intercepting and modifying the messages exchanged during the protocol negotiation phase, such as the association request and response frames, and making the client and the server agree on a weaker protocol, such as WEP or WPA, instead of a stronger one, such as WPA2 or WPA3. A downgrade attack can also enable the attacker to perform other attacks, such as cracking the encryption keys or capturing the network traffic, more easily by taking advantage of the weaknesses of the less secure protocol. A downgrade attack can be performed by using tools such as Airgeddon, which is a multi-use bash script for Linux systems to audit wireless networks1.

NEW QUESTION 11
Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?

• A. NIST SP 800-53
• B. ISO 27001
• C. GDPR

Answer: C

Explanation:
GDPR is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten. GDPR stands for General Data Protection Regulation, and it is a law that applies to the European Union and the United Kingdom. GDPR gives individuals the right to request their personal data be deleted by data controllers and processors under certain circumstances, such as when the data is no longer necessary, when the consent is withdrawn, or when the data was unlawfully processed. GDPR also imposes other obligations and rights related to data protection, such as data minimization, data portability, data breach notification, and consent management. The other options are not regulatory compliance standards that focus on user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security and privacy controls for federal information systems and organizations in the United States. ISO 27001 is an international standard that specifies the requirements for an information security management system.

NEW QUESTION 12
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

• A. OpenVAS
• B. Nikto
• C. SQLmap
• D. Nessus

Answer: C

NEW QUESTION 13
A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

• A. Asset inventory
• B. DNS records
• C. Web-application scan
• D. Full scan

Answer: A

NEW QUESTION 14
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?

• A. nmap -iL results 192.168.0.10-100
• B. nmap 192.168.0.10-100 -O > results
• C. nmap -A 192.168.0.10-100 -oX results
• D. nmap 192.168.0.10-100 | grep "results"

Answer: C

NEW QUESTION 15
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

• A. Wait for the next login and perform a downgrade attack on the server.
• B. Capture traffic using Wireshark.
• C. Perform a brute-force attack over the server.
• D. Use an FTP exploit against the server.

Answer: B

NEW QUESTION 16
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

• A. Shodan
• B. Nmap
• C. WebScarab-NG
• D. Nessus

Answer: B

NEW QUESTION 17
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

• A. To remove hash-cracking registry entries
• B. To remove the tester-created Mimikatz account
• C. To remove tools from the server
• D. To remove a reverse shell from the system

Answer: B

NEW QUESTION 18
......