Q. Jacob wants to capture user hashes on a Windows network. Which tool could he select to gather these from broadcast messages?

View solution

Q. Annie is using a collection of leaked passwords to attempt to log in to multiple user accounts belonging to staff of the company she is penetration testing. The tool she is using attempts to log into each account using a single password, then moves on to the next password, recording failures and successes. What type of attack is Annie conducting?

View solution

Q. Mike discovers a number of information exposure vulnerabilities while preparing for the exploit phase of a penetration test. If he has not been able to identify user or service information beyond vulnerability details, what priority should he place on exploiting them?

View solution

Q. Cameron runs the following command via an administrative shell on a Windows system he has compromised. What has he accomplished?

$command = 'cmd /c powershell.exe -c Set-WSManQuickConfig -Force;Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True;SetItem WSMan:\localhost\Service\AllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force'

View solution

Q. Tim has selected his Metasploit exploit and set his payload as cmd/unix/generic.
After attempting the exploit, he receives the following output. What went wrong?

View solution

Q. John wants to retain access to a Linux system. Which of the following is not a common method of maintaining persistence on Linux servers?

View solution

Q. What built-in Windows server administration tool can allow command-line PowerShell access from other systems?

View solution

Q. Tina has acquired a list of valid user accounts but does not have passwords for them. If she has not found any vulnerabilities but believes that the organization she is targeting has poor password practices, what type of attack can she use to try to gain access to a target system where those usernames are likely valid?

View solution

Q. Ian’s penetration test rules of engagement specify that he cannot add tools to the systems he compromises in a specific target environment. What techniques will he have to use to meet this requirement?

View solution

Q. Angela wants to exfiltrate data from a Windows system she has gained access to during a penetration test. Which of the following exfiltration techniques is least likely to be detected?

View solution

Q. A few days after exploiting a target with the Metasploit Meterpreter payload, Robert loses access to the remote host. A vulnerability scan shows that the vulnerability that he used to exploit the system originally is still open. What has most likely happened?

View solution

Q. After gaining access to a Linux system through a vulnerable service, Cassandra wants to list all of the user accounts on the system and their home directories. Which of the following locations will provide this list?

View solution

Q. After gaining access to a Windows system, Fred uses the following command:
SchTasks /create /SC Weekly /TN "Antivirus" /TR "C:\Users\SSmith\av.exe" /ST 09:00

What has he accomplished?

View solution

Q. Matt wants to pivot from a Linux host to other hosts in the network but is unable to install additional tools beyond those found on a typical Linux server. How can he leverage the system he is on to allow vulnerability scans of those remote hosts if they are firewalled against inbound connections and protected from direct access from his penetration testing workstation?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles selects the Ruby on Rails vulnerability, which of the following methods cannot be
used to search for an existing Metasploit vulnerability?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles wants to build a list of additional system user accounts, which of the vulnerabilities
is most likely to deliver that information?

View solution

Q. Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
Which of the entries should Charles prioritize from this list if he wants to gain access to the system?

View solution

Q. Alice discovers a rating that her vulnerability scanner lists as 9.3 out of 10 on its severity scale. The service that is identified runs on TCP 445. What type of exploit is Alice most likely to use on this service?

View solution

Q. What does covering your tracks involve in penetration testing?

View solution

Q. What is an important aspect of avoiding detection?

View solution