Question No : 1
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

• A.To provide feedback on the report structure and recommend improvements
• B.To discuss the findings and dispute any false positives
• C.To determine any processes that failed to meet expectations during the assessment
• D.To ensure the penetration-testing team destroys all company data that was gathered during the test

Show Answers

Answer:

Question No : 2
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?

• A.Wardriving
• B.Shodan
• C.Recon-ng
• D.Aircrack-ng

Show Answers

Answer:

Question No : 3
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.
Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

• A.Scraping social media sites
• B.Using the WHOIS lookup tool
• C.Crawling the client’s website
• D.Phishing company employees
• E.Utilizing DNS lookup tools
• F.Conducting wardriving near the client facility

Show Answers

Answer:
Explanation:
Technical and billing addresses are usually posted on company websites and company social media sites for the their clients to access. The WHOIS lookup will only avail info for the company registrant, an abuse email contact, etc but it may not contain details for billing addresses.

Question No : 4
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers.
To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

• A.Vulnerability scanning
• B.Network segmentation
• C.System hardening
• D.Intrusion detection

Show Answers

Answer:

Question No : 5
A penetration tester ran an Nmap scan on an Internet-facing network device with the CF option and found a few open ports.
To further enumerate, the tester ran another scan using the following command:
nmap CO CA CsS Cp- 100.100.100.50
Nmap returned that all 65,535 ports were filtered.
Which of the following MOST likely occurred on the second scan?

• A.A firewall or IPS blocked the scan.
• B.The penetration tester used unsupported flags.
• C.The edge network device was disconnected.
• D.The scan returned ICMP echo replies.

Show Answers

Answer:
Explanation:
Reference: https://phoenixnap.com/kb/nmap-scan-open-ports

Question No : 6
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache.
Which of the following commands will accomplish this task?

• A.nmap Cf CsV Cp80 192.168.1.20
• B.nmap CsS CsL Cp80 192.168.1.20
• C.nmap CA CT4 Cp80 192.168.1.20
• D.nmap CO Cv Cp80 192.168.1.20

Show Answers

Answer:
Explanation:
Reference: https://nmap.org/book/man-version-detection.html

Question No : 7
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.
Which of the following is MOST vulnerable to a brute-force attack?

• A.WPS
• B.WPA2-EAP
• C.WPA-TKIP
• D.WPA2-PSK

Show Answers

Answer:
Explanation:
Reference: https://us-cert.cisa.gov/ncas/alerts/TA12-006A

Question No : 8
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

• A.Understanding the tactics of a security intrusion can help disrupt them.
• B.Scripts that are part of the framework can be imported directly into SIEM tools.
• C.The methodology can be used to estimate the cost of an incident better.
• D.The framework is static and ensures stability of a security program overtime.

Show Answers

Answer:
Explanation:
Reference: https://attack.mitre.org/

Question No : 9
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.
Which of the following techniques would BEST accomplish this goal?

• A.RFID cloning
• B.RFID tagging
• C.Meta tagging
• D.Tag nesting

Show Answers

Answer:
Explanation:
since vlan hopping requires 2 vlans to be nested in a single packet. Double tagging occurs when an attacker adds and modifies tags on an Ethernet frame to allow the sending of packets through any VLAN. This attack takes advantage of how many switches process tags. Most switches will only remove the outer tag and forward the frame to all native VLAN ports. With that said, this exploit is only successful if the attacker belongs to the native VLAN of the trunk link. https://cybersecurity.att.com/blogs/security-essentials/vlan-hopping-and-mitigation

Question No : 10
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

• A.The CVSS score of the finding
• B.The network location of the vulnerable device
• C.The vulnerability identifier
• D.The client acceptance form
• E.The name of the person who found the flaw
• F.The tool used to find the issue

Show Answers

Answer: