Q. Matt wants to pivot from a Linux host to other hosts in the network but is unable to install additional tools beyond those found on a typical Linux server. How can he leverage the system he is on to allow vulnerability scans of those remote hosts if they are firewalled against inbound connections and protected from direct access from his penetration testing workstation?

View solution

Q. After gaining access to a Windows system, Fred uses the following command:
SchTasks /create /SC Weekly /TN "Antivirus" /TR "C:\Users\SSmith\av.exe" /ST 09:00

What has he accomplished?

View solution

Q. After gaining access to a Linux system through a vulnerable service, Cassandra wants to list all of the user accounts on the system and their home directories. Which of the following locations will provide this list?

View solution

Q. A few days after exploiting a target with the Metasploit Meterpreter payload, Robert loses access to the remote host. A vulnerability scan shows that the vulnerability that he used to exploit the system originally is still open. What has most likely happened?

View solution

Q. Angela wants to exfiltrate data from a Windows system she has gained access to during a penetration test. Which of the following exfiltration techniques is least likely to be detected?

View solution

Q. Ian’s penetration test rules of engagement specify that he cannot add tools to the systems he compromises in a specific target environment. What techniques will he have to use to meet this requirement?

View solution

Q. Tina has acquired a list of valid user accounts but does not have passwords for them. If she has not found any vulnerabilities but believes that the organization she is targeting has poor password practices, what type of attack can she use to try to gain access to a target system where those usernames are likely valid?

View solution

Q. What built-in Windows server administration tool can allow command-line PowerShell access from other systems?

View solution

Q. John wants to retain access to a Linux system. Which of the following is not a common method of maintaining persistence on Linux servers?

View solution

Q. Tim has selected his Metasploit exploit and set his payload as cmd/unix/generic.
After attempting the exploit, he receives the following output. What went wrong?

View solution

Q. Cameron runs the following command via an administrative shell on a Windows system he has compromised. What has he accomplished?

$command = 'cmd /c powershell.exe -c Set-WSManQuickConfig -Force;Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True;SetItem WSMan:\localhost\Service\AllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force'

View solution

Q. Mike discovers a number of information exposure vulnerabilities while preparing for the exploit phase of a penetration test. If he has not been able to identify user or service information beyond vulnerability details, what priority should he place on exploiting them?

View solution

Q. Annie is using a collection of leaked passwords to attempt to log in to multiple user accounts belonging to staff of the company she is penetration testing. The tool she is using attempts to log into each account using a single password, then moves on to the next password, recording failures and successes. What type of attack is Annie conducting?

View solution

Q. Jacob wants to capture user hashes on a Windows network. Which tool could he select to gather these from broadcast messages?

View solution

Q. Madhuri has been asked to run BloodHound as part of her penetration testing efforts. What will she be able to do with the tool?

View solution

Q. Ben is performing a penetration test as part of a PCI DSS engagement. What technique is he most likely to use as part of network segmentation testing?

View solution