NEW QUESTION 1
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

• A. Add a dependency checker into the tool chain.
• B. Perform routine static and dynamic analysis of committed code.
• C. Validate API security settings before deployment.
• D. Perform fuzz testing of compiled binaries.

Answer: D

NEW QUESTION 2
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

• A. To provide feedback on the report structure and recommend improvements
• B. To discuss the findings and dispute any false positives
• C. To determine any processes that failed to meet expectations during the assessment
• D. To ensure the penetration-testing team destroys all company data that was gathered during the test

Answer: C

NEW QUESTION 3
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

• A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
• B. wmic startup get caption,command
• C. crontab –l; echo “@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null
• D. sudo useradd –ou 0 –g 0 user

Answer: B

NEW QUESTION 4
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

• A. John the Ripper
• B. Hydra
• C. Mimikatz
• D. Cain and Abel

Answer: A

NEW QUESTION 5
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

• A. Understanding the tactics of a security intrusion can help disrupt them.
• B. Scripts that are part of the framework can be imported directly into SIEM tools.
• C. The methodology can be used to estimate the cost of an incident better.
• D. The framework is static and ensures stability of a security program overtime.

Answer: A

NEW QUESTION 6
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

• A. Cross-site request forgery
• B. Server-side request forgery
• C. Remote file inclusion
• D. Local file inclusion

Answer: B

NEW QUESTION 7
Appending string values onto another string is called:

• A. compilation
• B. connection
• C. concatenation
• D. conjunction

Answer: C

NEW QUESTION 8
Which of the following tools provides Python classes for interacting with network protocols?

• A. Responder
• B. Impacket
• C. Empire
• D. PowerSploit

Answer: B

NEW QUESTION 9
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

• A. Socat
• B. tcpdump
• C. Scapy
• D. dig

Answer: A

NEW QUESTION 10
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

• A. NDA
• B. MSA
• C. SOW
• D. MOU

Answer: C

NEW QUESTION 11
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?

• A. nmap -sn 10.12.1.0/24
• B. nmap -sV -A 10.12.1.0/24
• C. nmap -Pn 10.12.1.0/24
• D. nmap -sT -p- 10.12.1.0/24

Answer: A

NEW QUESTION 12
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

• A. Shodan
• B. Nmap
• C. WebScarab-NG
• D. Nessus

Answer: B

NEW QUESTION 13
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

• A. Alternate data streams
• B. PowerShell modules
• C. MP4 steganography
• D. PsExec

Answer: D

NEW QUESTION 14
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency). Not shown: 998 filtered ports Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/. Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

• A. Network device
• B. Public-facing web server
• C. Active Directory domain controller
• D. IoT/embedded device
• E. Exposed RDP
• F. Print queue

Answer: AB

NEW QUESTION 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?

• A. Metasploit
• B. Hydra
• C. SET
• D. WPScan

Answer: A

NEW QUESTION 16
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

• A. Create a one-shot systemd service to establish a reverse shell.
• B. Obtain /etc/shadow and brute force the root password.
• C. Run the nc -e /bin/sh <...> command.
• D. Move laterally to create a user account on LDAP

Answer: A

Explanation:
https://hosakacorp.net/p/systemd-user.html

NEW QUESTION 17
Which of the following are the MOST important items to include in the final report for a penetration test?
(Choose two.)

• A. The CVSS score of the finding
• B. The network location of the vulnerable device
• C. The vulnerability identifier
• D. The client acceptance form
• E. The name of the person who found the flaw
• F. The tool used to find the issue

Answer: CF

NEW QUESTION 18
......