In which circumstance would a penetration tester perform an unauthenticated scan of a target? when user credentials were not provided when the number of false positive vulnerability reports is not…
What is required for a penetration tester to conduct a comprehensive authenticated scan against a Linux host? user credentials with root-level access to the target system system user credentials physical…
What is the disadvantage of conducting an unauthenticated scan of a target when performing a penetration test? Vulnerability of services running inside the target may not be detected. The scanner…
What type of server is a penetration tester enumerating when they enter the nmap -sU command? DNS, SNMP, or DHCP server HTTP or HTTPS server POP3, IMAP, or SMTP server …
Why would a penetration tester perform a passive reconnaissance scan instead of an active one? to collect information about a network without being detected because the time to perform the scan…
Which specification defines the format used by image and sound files to capture metadata? Exchangeable Image File Format (Exif) Extensible Image File Format (Exif) Exchangeable File Format (EFF) Interchangeable File…
When performing passive reconnaissance, which Linux command can be used to identify the technical and administrative contacts of a given domain? netstat dig whois nmap Explanation & Hint: The whois command identifies…
Which two tools could be used to gather DNS information passively? (Choose two.) Recon-ng Dig Wireshark Nmap ExifTool Explanation & Hint: Recon-ng and Dig can perform passive reconnaissance based on…
Sometimes a tester cannot virtualize a system to do the proper penetration testing. What action should be taken if a system cannot be tested in a virtualized environment? a full…
Which tools should be used for testing the server and client platforms in an environment? cracking wireless encryption tools vulnerability scanning tools interception proxies tools de-authorizing network devices tools Explanation…
Which tools should be used to perform a wireless infrastructure penetration test? web vulnerability detection tools traffic manipulation tools proxy interception tools de-authorizing network devices tools Explanation & Hints: The…
Which tool should be used to perform an application-based penetration test? sniffing traffic tool bypassing firewalls and IPSs tool interception proxies tool cracking wireless encryption tool Explanation & Hints: The…
Which tool would be useful when performing a network infrastructure penetration test? vulnerability scanning tool bypassing firewalls and IPSs tool interception proxies tool mobile application testing tool Explanation & Hints:…
What does the "Health Monitoring" requirement mean when setting up a penetration test lab environment? The tester needs to be sure that a lack of resources is not the cause…
Which option is a Linux distribution URL that provides a convenient learning environment about pen testing tools and methodologies? vmware.com attack.mitre.org parrotsec.org virtualbox.org Explanation & Hints: Many different Linux distributions…
Which option is a Linux distribution that includes penetration testing tools and resources? OWASP PTES SET BlackArch Explanation & Hints: Black-Arch (blackarch.org), Kali Linux (kali.org), and Parrot OS (parrotsec.org) are…
Which penetration testing methodology is a comprehensive guide focused on web application testing? MITRE ATT&CK OWASP WSTG NIST SP 800-115 OSSTMM Explanation & Hints: OWASP Web Security Testing Guide (WSTG)…
Which two options are phases in the Open Source Security Testing Methodology Manual (OSSTMM)? (Choose two.) Vulnerability Analysis Maintaining Access Work Flow Network Mapping Trust Analysis Explanation & Hints: The…
Which two options are phases in the Information Systems Security Assessment Framework (ISSAF)? (Choose two.) Pre-engagement interactions Maintaining access Reporting Post-exploitation Vulnerability identification Explanation & Hints: Information Systems Security Assessment…
Which three options are phases in the Penetration Testing Execution Standard (PTES)? (Choose three.) Threat modeling Penetration Reporting Enumerating further Network mapping Exploitation Explanation & Hints: Penetration Testing Execution Standard…