Q. Chris is conducting an on-site penetration test. The test is a gray-box test, and he is permitted on-site but has not been given access to the wired or wireless networks. He knows he needs to gain access to both to make further progress.Once Chris has gained access to the network, what technique can he use to gather additional credentials?

View solution

Q. What attack technique can allow the pentester visibility into traffic on VLANs other than their native VLAN?

View solution

Q. What type of Bluetooth attack attempts to send unsolicited messages via Bluetooth devices?

View solution

Q. Cassandra wants to attack a WPS-enabled system. What attack technique can she use against it?

View solution

Q. Michelle wants to capture NFC communications as part of a penetration test. What is the most critical factor in her ability to intercept the communication?

View solution

Q. As part of a penetration test Mariana uses a tool that uses the same username and password from a list on many target systems and then uses the next username and password from its list. Which of the following terms best describes the attack she is using?

View solution

Q. Steve has set his penetration testing workstation up for an on-path attack between his target and an FTP server. What is the best method for him to acquire FTP credentials?

View solution

Q. Ian wants to drop a tool on a compromised system that will allow him to set up a reverse shell. Which of the following tools should he select?

View solution

Q. What drives the use of deauthentication attacks during penetration tests?

View solution

Q. Which of the following tools will not allow Alice to capture NTLM v2 hashes over the wire for use in a pass-the-hash attack?

View solution

Q. For what type of activity would you use the tools HULK, LOIC, HOIC, and SlowLoris?

View solution

Q. During a penetration test, Mike uses double tagging to send traffic to another system. What technique is he attempting?

View solution

Q. Elle is using her workstation as part of an on-path attack as shown in the following image. What does she need to send at point X to ensure that the downgrade attack works properly?

View solution

Q. Isaac wants to use arpspoof to execute an on-path attack between target host 10.0.1.5 and a server at 10.0.1.25, with a network gateway of 10.0.1.1. What commands does he need to run to do this?

View solution

Q. Jessica wants to list the domain password policy for a Windows domain as she prepares for a password attack against domain member systems. What net command can she use to do this?

View solution

Q. Cynthia attempted a DNS poisoning attack as shown here. After her attempt, she does not see any traffic from her target system. What most likely happened to cause the attack to fail?

View solution

Q. Elle wants to clone an RFID entry access card. Which type of card is most easily cloned using inexpensive cloning devices?

View solution