Welcome to the Exploiting and Pivoting MCQs Page

Dive deep into the fascinating world of Exploiting and Pivoting with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Exploiting and Pivoting, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Exploiting and Pivoting, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

Check out the MCQs below to embark on an enriching journey through Exploiting and Pivoting. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Exploiting and Pivoting. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Exploiting and Pivoting MCQs | Page 11 of 13

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

01

Penetration Testing

02

Planning and Scoping Penetration Tests 🔒

03

Information Gathering 🔒

04

Vulnerability Scanning 🔒

05

Analyzing Vulnerability Scans

06

Exploiting Network Vulnerabilities 🔒

07

Exploiting Physical and Social Vulnerabilities

08

Exploiting Application Vulnerabilities 🔒

09

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

10

Reporting and Communication

11

Scripting for Penetration Testing 🔒

Q101.

What does covering your tracks involve in penetration testing?

Enumerating new targets

Conducting data exfiltration

Cleaning up tools and data to avoid detection

Using built-in tools available on target systems

Discuss

Answer: (c).Cleaning up tools and data to avoid detection Explanation:Covering your tracks involves cleaning up tools and data and ensuring that defenders have a harder time detecting or reverse-engineering attacks.

Q102.

Alice discovers a rating that her vulnerability scanner lists as 9.3 out of 10 on its severity scale. The service that is identified runs on TCP 445. What type of exploit is Alice most likely to use on this service?

SQL injection

SMB exploit

CGI exploit

MIB exploit

Discuss

Answer: (b).SMB exploit Explanation:TCP 445 is a service port typically associated with SMB services.

Q103.

Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
Which of the entries should Charles prioritize from this list if he wants to gain access to the system?

The Ruby on Rails vulnerability

The OpenSSH vulnerability

The MySQL vulnerability

None of these; he should find another target

Discuss

Answer: (a).The Ruby on Rails vulnerability Explanation:The Ruby on Rails vulnerability is the only vulnerability that specifically mentions remote code execution, which is most likely to allow Charles to gain access to the system.

Q104.

Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles wants to build a list of additional system user accounts, which of the vulnerabilities
is most likely to deliver that information?

The Ruby on Rails vulnerability

The OpenSSH vulnerability

The MySQL vulnerability

Both the OpenSSH and MySQL vulnerabilities

Discuss

Answer: (b).The OpenSSH vulnerability Explanation:The OpenSSH vulnerability specifically notes that it allows user enumeration, making this the best bet for what Charles wants to accomplish.

Q105.

Charles has recently completed a vulnerability scan of a system and needs to select the best vulnerability to exploit from the following listing.
If Charles selects the Ruby on Rails vulnerability, which of the following methods cannot be
used to search for an existing Metasploit vulnerability?

CVE

BID

MSF

EDB

Discuss

Answer: (c).MSF Explanation:Metasploit searching supports multiple common vulnerability identifier systems, including CVE, BID, and EDB, but MSF was made up for this question. It may sound familiar, as the Metasploit console command is msfconsole.

Q106.

Matt wants to pivot from a Linux host to other hosts in the network but is unable to install additional tools beyond those found on a typical Linux server. How can he leverage the system he is on to allow vulnerability scans of those remote hosts if they are firewalled against inbound connections and protected from direct access from his penetration testing workstation?

SSH tunneling

Netcat port forwarding

Enable IPv6

Modify browser plug-ins

Discuss

Answer: (a).SSH tunneling Explanation:Matt can safely assume that almost any modern Linux system will have SSH, making SSH tunneling a legitimate option. If he connects outbound from the compromised system to his and creates a tunnel allowing traffic in, he can use his own vulnerability scanner through the tunnel to access the remote systems.

Q107.

After gaining access to a Windows system, Fred uses the following command:
SchTasks /create /SC Weekly /TN "Antivirus" /TR "C:\Users\SSmith\av.exe" /ST 09:00

What has he accomplished?

He has set up a weekly antivirus scan.

He has set up a job called “weekly.”

He has scheduled his own executable to run weekly.

Nothing; this command will only run on Linux.

Discuss

Answer: (c).He has scheduled his own executable to run weekly. Explanation:Fred has used the scheduled tasks tool to set up a weekly run of av.exe from a user directory at 9 a.m. It is fair to assume in this example that Fred has gained access to SSmith’s user directory and has placed his own av.exe file there and is attempting to make it look innocuous if administrators find it.

Q108.

After gaining access to a Linux system through a vulnerable service, Cassandra wants to list all of the user accounts on the system and their home directories. Which of the following locations will provide this list?

/etc/shadow

/etc/passwd

/var/usr

/home

Discuss

Answer: (b)./etc/passwd Explanation:On most Linux systems, the /etc/passwd file will contain a list of users as well as their home directories. Capturing both /etc/passwd and /etc/shadow are important for password cracking, making both desirable targets for penetration testers.

Q109.

A few days after exploiting a target with the Metasploit Meterpreter payload, Robert loses access to the remote host. A vulnerability scan shows that the vulnerability that he used to exploit the system originally is still open. What has most likely happened?

A malware scan discovered Meterpreter and removed it.

The system was patched.

The system was rebooted.

Meterpreter crashed.

Discuss

Answer: (c).The system was rebooted. Explanation:Meterpreter is a memory-resident tool that injects itself into another process. The most likely answer is that the system was rebooted, thus removing the memory-resident Meterpreter process. Robert can simply repeat his exploit to regain access, but he may want to take additional steps to ensure continued access.

Q110.

Angela wants to exfiltrate data from a Windows system she has gained access to during a penetration test. Which of the following exfiltration techniques is least likely to be detected?

Send it via outbound HTTP as plaintext to a system she controls.

Hash the data, then send the hash via outbound HTTPS.

Use PowerShell to base64-encode the data, then post to a public HTTPS-accessible code repository.

Use PowerShell to base64-encode the data, then use an SSH tunnel to transfer the data to a system she controls.

Discuss

Answer: (c).Use PowerShell to base64-encode the data, then post to a public HTTPS-accessible code repository. Explanation:Encoding data will make it less likely that intrusion prevention and data loss prevention systems will identify acquired data, meaning that encoding is a useful technique. Sending the data to a public repository like GitHub is less likely to look unusual than an internal system opening an SSH tunnel to a previously unknown system. Sending via HTTP instead of HTTPS will make inspection of the outbound, unencoded data trivial for defenders, and hashing the data will not leave it in a recoverable state when it arrives.

Page 11 of 13

Planning and Scoping Penetration Tests 🔒

Information Gathering 🔒

Vulnerability Scanning 🔒

Exploiting Network Vulnerabilities 🔒

Exploiting Application Vulnerabilities 🔒

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

Scripting for Penetration Testing 🔒

Welcome to the Exploiting and Pivoting MCQs Page

Exploiting and Pivoting MCQs | Page 11 of 13

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Penetration Testing

Analyzing Vulnerability Scans

Exploiting Physical and Social Vulnerabilities

Reporting and Communication

Suggested Topics

CSS

Data Science

UNIX

Microprocessor

Neural Networks

Digital Logic Design

MS Office

Internet of Things (IoT)

Big Data Computing