Q. What is a potential method for penetration testers to gain access to cloud environments?

View solution

Q. What is one of the most commonly leveraged weaknesses in cloud environments?

View solution

Q. Which of the following is a cloud-specific tool that can be leveraged by penetration testers for multicloud auditing?

View solution

Q. Why may direct-to-origin attacks be considered by penetration testers in cloud environments?

View solution

Q. What is a consideration for penetration testers when dealing with embedded systems in penetration tests?

View solution

Q. In mobile device security assessments, what is a potential vulnerability that penetration testers may target?

View solution

Q. What is a common goal of penetration testers when attempting to compromise a system or service that is virtualized or containerized?

View solution

Q. What role do proxies play in the context of penetration testing?

View solution

Q. Which tool is commonly used by penetration testers to crack passwords?

View solution

Q. What is a technique commonly employed by penetration testers during pentests regarding privileges?

View solution

Q. What is the purpose of tools like Mimikatz, Medusa, and John the Ripper in penetration testing?

View solution

Q. Which of the following is a side-channel attack?

View solution

Q. What is an example of a cloud-specific tool that penetration testers can use for AWS exploitation?

View solution

Q. Scott wants to crawl his penetration testing target’s website and then build a word list using the data he recovers to help with his password cracking efforts. Which of the following tools should he use?

View solution

Q. Michelle wants to attack the underlying hypervisor for a virtual machine. What type of attack is most likely to be successful?

View solution

Q. Jeff identifies the IP address contained in content delivery network (CDN) configuration for his target organization. He knows that that server’s content is replicated by the CDN, and that if he is able to conduct a denial-of-service attack on the host he will be able to take down his target’s web presence. What type of attack is Jeff preparing to conduct?

View solution

Q. Claire knows that her target organization leverages a significant number of IoT devices and that she is likely to need to use one or more of them as pivot points for her penetration test. Which of the following is not a common concern when conducting a penetration test involving IoT devices?

View solution

Q. Susan wants to use a web application vulnerability scanner to help map an organization’s web presence and to identify existing vulnerabilities. Which of the following tools is best suited to her needs?

View solution

Q. Madhuri has discovered that the organization she is conducting a penetration test against makes extensive use of industrial control systems to manage a manufacturing plant. Which of the following components is least likely to respond to her normal penetration testing tools like Nmap and Metasploit?

View solution

Q. Ben wants to conduct a penetration test against a service that uses containers hosted by a cloud service provider. Which of the following targets is not typically part of the scope for a penetration test against a containerized environment?

View solution