The IT security department of a company has developed an access policy for the datacenter. The policy specifies that the datacenter is locked between 5:30 pm through 7:45 am daily…
Why is it important to use Common Vulnerability Scoring System (CVSS) to reference the ratings of vulnerabilities identified when preparing the final penetration testing report? It is an international standard…
Match the PowerSploit module/script to the respective description. Invoke-Portscan ==> Does a simple TCP port scan using regular sockets, based rather loosely on Nmap Set-CriticalProcess ==> Causes the machine to blue screen…
Which C2 utility can be used to create multiple reverse shells? Wsc2 WMImplant Socat TrevorC2 Explanation & Hints: Many different techniques and utilities can be used to create a C2.…
Match the insecure code practice to the description. Lack of error handling and overly verbose error handling ==> A type of weakness and security malpractice that can provide information to help…
Which two misconfigured cloud authentication methods could leverage a cloud asset? (Choose two.) biometric authentication identity and access management (IAM) implementations local authentication federated authentication Intelligent Platform Management Interface (IPMI)…
An attacker enters the string 192.168.78.6;cat /etc/httpd/httpd.conf on a web application hosted on a Linux server. Which type of attack occurred? SQL injection session hijacking command injection redirect attack Explanation…
What are two examples of immutable queries that should be used as mitigation for SQL injection vulnerabilities? (Choose two.) time-delay queries parameterized queries static queries stacked queries in-band queries Explanation…
An attacker enters the string ‘John’ or ‘1=1’ on a web form that is connected to a back-end SQL server causing the server to display all records in the database…
What kind of social engineering attack can be prevented by developing policies such as updating anti-malware applications regularly and using secure virtual browsers with little connectivity to the rest of…
What is a characteristic of a pharming attack? a type of attack in which a social engineer impersonates another person to have physical access to systems in an organization a…
Which statement correctly describes a type of physical social engineering attack? Tailgating and piggybacking attacks can only be defeated through the use of control vestibules in conjunction with multifactor authentication.…
A cybersecurity student is learning about the Social-Engineer Toolkit (SET), and the student has discovered that this tool can be used to launch various social engineering attacks. Which two social…
A penetration tester deploys a rogue AP in the target wireless infrastructure. What is the first step that has to be taken to force wireless clients to connect to the…
Refer to the exhibit. What is the penetration tester trying to achieve by running this exploit? to launch 220 packets of fragmented data to the FTP port on the target…
An organization wants to test its vulnerability to an employee with network privileges accessing the network maliciously. Which type of penetration test should be used to test this vulnerability? blue-box…
A cybersecurity firm has been hired by an organization to perform penetration tests. The tests require a secure method of transferring data over a network. Which two protocols could be…
What can be used to document the testing timeline in a rules of engagement document? Gantt charts and work breakdown structures OWASP ZAP Recon-ng Burp Suite Explanation & Hints: Gantt…
Match the healthcare sector term to the respective description. Healthcare provider ==> A person or an organization that provides patient or medical services Business associates ==> A person or organization that performs…