An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email m to obtain the CEO s login credentials Which of the following types of attacks is this an example of?
A. Elicitation attack
B. Impersonation attack
C. Spear phishing attack
D. Drive-by download attack
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
A. RID cycling to enumerate users and groups
B. Pass the hash to relay credentials
C. Password brute forcing to log into the host
D. Session hijacking to impersonate a system account
Given the following script:
Which of the following BEST describes the purpose of this script?
A. Log collection
B. Event logging
C. Keystroke monitoring
D. Debug message collection
A penetration tester observes that several high numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the following would be BEST to recommend?
A. Transition the application to another port
B. Filter port 443 to specific IP addresses
C. Implement a web application firewall
D. Disable unneeded services.
A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?
A. MAC address of the client
B. MAC address of the domain controller
C. MAC address of the web server
D. MAC address of the gateway
An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester spoofs the MAC address and hostname of an authorized system Which of the following devices if impersonated would be MOST likely to provide the tester with network access?
A. Network-attached printer
B. Power-over-Ethernet injector
C. User workstation
D. Wireless router
Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?
A. . /wordlists/rockyou.txt
B. ./dirb/wordlists/big.txt
C. ./wfuzz/wordlist''vulns/sq1_inj -txt
D. ./wordlists/raeta3ploit/roet_uaerpass.txt
A penetration tester is outside of an organization's network and is attempting to redirect users to a fake password reset website hosted on the penetration tester's box. Which of the following techniques is suitable to attempt this?
A. Employ NBNS poisoning.
B. Perform ARP spoofing.
C. Conduct a phishing campaign.
D. Use an SSL downgrade attack.
A penetration tester is required to report installed shells on compromised systems. Which of the following is the reason?
A. To allow another security consultant access to the shell
B. To allow the developer to troubleshoot the vulnerability
C. To allow the systems administrator to perform the cleanup
D. To allow the systems administrator to write a rule on the WAF
Which of the following describe a susceptibility present in Android-based commercial mobile devices when organizations are not employing MDM services? (Choose two.)
A. Configurations are user-customizable.
B. End users have root access to devices by default.
C. Push notification services require Internet access.
D. Unsigned apps can be installed.
E. The default device log facility does not record system actions.
F. IPSec VPNs are not configurable.