Q. Susan wants to use a web application vulnerability scanner to help map an organization’s web presence and to identify existing vulnerabilities. Which of the following tools is best suited to her needs?

View solution

Q. Madhuri has discovered that the organization she is conducting a penetration test against makes extensive use of industrial control systems to manage a manufacturing plant. Which of the following components is least likely to respond to her normal penetration testing tools like Nmap and Metasploit?

View solution

Q. Ben wants to conduct a penetration test against a service that uses containers hosted by a cloud service provider. Which of the following targets is not typically part of the scope for a penetration test against a containerized environment?

View solution

Q. Jocelyn wants to conduct a resource exhaustion attack against her penetration testing target, which uses an autoscaling service architecture that leverages a content delivery network. What technique is most likely to help her succeed?

View solution

Q. Isabelle wants to gain access to a cloud infrastructure as a service environment. Which of the following is not a common technique to gain this type of access for a penetration test?

View solution

Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to test that uses the organization’s base configuration for devices that are issued to employees. As part of her team, you’ve been asked to provide input on the penetration testing process.

Charleen wants to use a cloned image of a phone to see if she can access it using bruteforce passcode-breaking techniques. Which of the following techniques will allow her to do this without an automatic wipe occurring if “wipe after 10 passcode attempts” is set for the device?

View solution

Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to test that uses the organization’s base configuration for devices that are issued to employees. As part of her team, you’ve been asked to provide input on the penetration testing process.
Charleen has determined that the organization she is testing uses certificate pinning for their web application. What technique is most likely to help her overcome this so that she can conduct an on-path attack?

View solution

Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to test that uses the organization’s base configuration for devices that are issued to employees. As part of her team, you’ve been asked to provide input on the penetration testing process.
Charleen wants to perform static code analysis of the mobile application her target installed on the device in her possession. Which of the following tools should she select?

View solution

Q. Alice is conducting a penetration test of an organization’s AWS infrastructure. What tool should she select from the following list if she wants to exploit AWS?

View solution

Q. What type of attack focuses on accessing the underlying hardware in a shared cloud environment to gain information about other virtualized systems running on it?

View solution

Q. Isaac wants to test for insecure S3 storage buckets belonging to his target organization. What process can he use to test for this type of insecure configuration?

View solution

Q. Jocelyn wants to conduct a credential harvesting attack against an organization. What technique is she most likely to employ to accomplish the attack?

View solution

Q. Simone has been asked to check for IPMI interfaces on servers at her target organization. Where is she most likely to find IPMI interfaces to probe?

View solution

Q. Selah wants to use a brute-force attack against the SSH service provided by one of her targets. Which of the following tools is not designed to brute-force services like this?

View solution

Q. After compromising a remote host, Cameron uses SSH to connect to port 4444 from his penetration testing workstation. What type of remote shell has he set up?

View solution

Q. Jim wants to crack the hashes from a password file he recovered during a penetration test. Which of the following methods will typically be fastest?

View solution