What type of threat allows an attacker to obtain the credentials of a bank client by spoofing the login webpage of a financial institution? piggybacking vishing whaling malvertising Explanation &…
What command will prevent all unencrypted passwords from displaying in plain text in a configuration file? (config)# enable password secret (config)# enable secret Secret_Password (config-line)# password secret (config)# service password-encryption…
A networking technician is working on the wireless network at a medical clinic. The technician accidentally sets up the wireless network so that patients can see the medical records data…
What guidance does the NIST Cybersecurity Framework provide to help improve an organization's cybersecurity posture? The framework outlines standards and industry best practices. The framework provides a global consolidation of…
What is the advantage of using the target Wi-Fi network for reconnaissance packet inspection? Physical access to the building may not be required. The packet scan takes less time wirelessly…
A company hires a cybersecurity consultant to conduct a penetration test to assess vulnerabilities in network systems. The consultant is preparing the final report to send to the company. What…
When performing a vulnerability scan of a target, how can adverse impacts on traversed devices be minimized? The scan should be performed as close to the target as possible. Unauthenticated…
What are three considerations when planning a vulnerability scan on a target production network during a penetration test? (Choose three.) the timing of the scan the available network bandwidth the…
A penetration tester must run a vulnerability scan against a target. What is the benefit of running an authenticated scan instead of an unauthenticated scan? Authenticated scans can provide a…
What useful information can be obtained by running a network share enumeration scan during a penetration test? systems on a network that are sharing files, folders, and printers the usernames…
What initial information can be obtained when performing user enumeration in a penetration test? a valid list of users the IP addresses of the target hosts the credentials of a…
How is open-source intelligence (OSINT) gathering typically implemented during a penetration test? by using public internet searches by installing and running the OSINT API by sending phishing emails by using…
A threat actor is looking at the IT and technical job postings of a target organization. What would be the most beneficial information to capture from these postings? the type…
What is the purpose of applying the Common Vulnerability Scoring System (CVSS) to a vulnerability detected by a penetration test? to calculate the severity of the vulnerability to determine the…
Why is the Common Vulnerabilities and Exposures (CVE) resource useful when investigating vulnerabilities detected by a penetration test? It is an international consolidation of cybersecurity tools and databases. It is…
When a penetration test identifies a vulnerability, how should the vulnerability be further verified? determine if the vulnerability is exploitable prioritize the vulnerability severity assess the business risk associated with…
What is the disadvantage of running a TCP Connect scan compared to running a TCP SYN scan during a penetration test? The extra packets required may trigger an IDS alarm. …
What can be deduced when a tester enters the nmap -sF command to perform a TCP FIN scan and the target host port does not respond? that the port is…
What is the purpose of host enumeration when beginning a penetration test? to identify all active IP addresses within the scope of the test to count the total number of…
Why would a penetration tester use the nmap -sF command? when a TCP SYN scan is detected by a network filter or firewall when the tester wants to conclude the…