Which specification defines the format used by image and sound files to capture metadata? Exchangeable Image File Format (Exif) Extensible Image File Format (Exif) Exchangeable File Format (EFF) Interchangeable File…
When performing passive reconnaissance, which Linux command can be used to identify the technical and administrative contacts of a given domain? netstat dig whois nmap Explanation & Hint: The whois command identifies…
Which two tools could be used to gather DNS information passively? (Choose two.) Recon-ng Dig Wireshark Nmap ExifTool Explanation & Hint: Recon-ng and Dig can perform passive reconnaissance based on…
Sometimes a tester cannot virtualize a system to do the proper penetration testing. What action should be taken if a system cannot be tested in a virtualized environment? a full…
Which tools should be used for testing the server and client platforms in an environment? cracking wireless encryption tools vulnerability scanning tools interception proxies tools de-authorizing network devices tools Explanation…
Which tools should be used to perform a wireless infrastructure penetration test? web vulnerability detection tools traffic manipulation tools proxy interception tools de-authorizing network devices tools Explanation & Hints: The…
Which tool should be used to perform an application-based penetration test? sniffing traffic tool bypassing firewalls and IPSs tool interception proxies tool cracking wireless encryption tool Explanation & Hints: The…
Which tool would be useful when performing a network infrastructure penetration test? vulnerability scanning tool bypassing firewalls and IPSs tool interception proxies tool mobile application testing tool Explanation & Hints:…
What does the "Health Monitoring" requirement mean when setting up a penetration test lab environment? The tester needs to be sure that a lack of resources is not the cause…
Which option is a Linux distribution URL that provides a convenient learning environment about pen testing tools and methodologies? vmware.com attack.mitre.org parrotsec.org virtualbox.org Explanation & Hints: Many different Linux distributions…
Which option is a Linux distribution that includes penetration testing tools and resources? OWASP PTES SET BlackArch Explanation & Hints: Black-Arch (blackarch.org), Kali Linux (kali.org), and Parrot OS (parrotsec.org) are…
Which penetration testing methodology is a comprehensive guide focused on web application testing? MITRE ATT&CK OWASP WSTG NIST SP 800-115 OSSTMM Explanation & Hints: OWASP Web Security Testing Guide (WSTG)…
Which two options are phases in the Open Source Security Testing Methodology Manual (OSSTMM)? (Choose two.) Vulnerability Analysis Maintaining Access Work Flow Network Mapping Trust Analysis Explanation & Hints: The…
Which two options are phases in the Information Systems Security Assessment Framework (ISSAF)? (Choose two.) Pre-engagement interactions Maintaining access Reporting Post-exploitation Vulnerability identification Explanation & Hints: Information Systems Security Assessment…
Which three options are phases in the Penetration Testing Execution Standard (PTES)? (Choose three.) Threat modeling Penetration Reporting Enumerating further Network mapping Exploitation Explanation & Hints: Penetration Testing Execution Standard…
Match the penetration testing methodology to the description. OWASP WSTG ==> Covers the high-level phases of web application security testing MITRE ATT&CK ==> Collection of different matrices of tactics and…
Which type of penetration test would only provide the tester with limited information such as the domain names and IP addresses in the scope? known-environment test partially known environment test…
What characterizes a known environment penetration test? The test is somewhat of a hybrid approach between unknown and known environment tests. The tester could be provided with network diagrams, IP addresses,…
What characterizes a partially known environment penetration test? The tester must test the electrical grid supporting the infrastructure of the target. The tester is provided with a list of domain…
When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources? AAA servers cloud services switches, routers, and firewalls back-end databases…