Q. What is the purpose of tools like Empire, Mimikatz, and BloodHound for penetration testers?

View solution

Q. What is an important task for penetration testers who gain access to their targets?

View solution

Q. What is the significance of creating and maintaining a foothold in penetration testing?

View solution

Q. What is an important aspect of avoiding detection?

View solution

Q. What does covering your tracks involve in penetration testing?

View solution

Q. Alice discovers a rating that her vulnerability scanner lists as 9.3 out of 10 on its severity scale. The service that is identified runs on TCP 445. What type of exploit is Alice most likely to use on this service?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
Which of the entries should Charles prioritize from this list if he wants to gain access to the system?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles wants to build a list of additional system user accounts, which of the vulnerabilities
is most likely to deliver that information?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles selects the Ruby on Rails vulnerability, which of the following methods cannot be
used to search for an existing Metasploit vulnerability?

View solution

Q. Matt wants to pivot from a Linux host to other hosts in the network but is unable to install additional tools beyond those found on a typical Linux server. How can he leverage the system he is on to allow vulnerability scans of those remote hosts if they are firewalled against inbound connections and protected from direct access from his penetration testing workstation?

View solution

Q. After gaining access to a Windows system, Fred uses the following command:
SchTasks /create /SC Weekly /TN "Antivirus" /TR "C:\Users\SSmith\av.exe" /ST 09:00

What has he accomplished?

View solution

Q. After gaining access to a Linux system through a vulnerable service, Cassandra wants to list all of the user accounts on the system and their home directories. Which of the following locations will provide this list?

View solution

Q. A few days after exploiting a target with the Metasploit Meterpreter payload, Robert loses access to the remote host. A vulnerability scan shows that the vulnerability that he used to exploit the system originally is still open. What has most likely happened?

View solution

Q. Angela wants to exfiltrate data from a Windows system she has gained access to during a penetration test. Which of the following exfiltration techniques is least likely to be detected?

View solution

Q. Ian’s penetration test rules of engagement specify that he cannot add tools to the systems he compromises in a specific target environment. What techniques will he have to use to meet this requirement?

View solution

Q. Tina has acquired a list of valid user accounts but does not have passwords for them. If she has not found any vulnerabilities but believes that the organization she is targeting has poor password practices, what type of attack can she use to try to gain access to a target system where those usernames are likely valid?

View solution

Q. What built-in Windows server administration tool can allow command-line PowerShell access from other systems?

View solution

Q. John wants to retain access to a Linux system. Which of the following is not a common method of maintaining persistence on Linux servers?

View solution

Q. Tim has selected his Metasploit exploit and set his payload as cmd/unix/generic.
After attempting the exploit, he receives the following output. What went wrong?

View solution

Q. Cameron runs the following command via an administrative shell on a Windows system he has compromised. What has he accomplished?

$command = 'cmd /c powershell.exe -c Set-WSManQuickConfig -Force;Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True;SetItem WSMan:\localhost\Service\AllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force'

View solution