Dive into practice questions
Question 1
A penetration tester needs to help create a threat model of a custom application. Which of the following is the most likely framework the tester will use?
A. MITRE ATT&CK
B. OSSTMM
C. CI/CD
D. DREAD
Question 2
A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested. Which of the following should the tester do next?
A. Report the finding.
B. Analyze the finding.
C. Remove the threat.
D. Document the finding and continue testing.
Question 3
A penetration tester needs to evaluate the order in which the next systems will be selected for testing. Given the following output:
| Hostname | IP address | CVSS 2.0 | EPSS |
| hrdatabase | 192.168.20.55 | 9.9 | 0.50 |
| financesite | 192.168.15.99 | 8.0 | 0.01 |
| legaldatabase | 192.168.10.2 | 8.2 | 0.60 |
| fileserver | 192.168.125.7 | 7.6 | 0.90 |
Which of the following targets should the tester select next?
A. fileserver
B. hrdatabase
C. legaldatabase
D. financesite
Question 4
A penetration tester is conducting reconnaissance on a target network. The tester runs the following Nmap command: nmap -sV -T2 -p - 192.168.1.0/24. Which of the following describes the most likely purpose of this scan?
A. OS fingerprinting
B. Attack path mapping
C. Service discovery
D. User enumeration
Question 5
A penetration tester needs to minimize PowerShell logging on a Windows host. The tester creates the following skeleton script:
Line 1: @echo off
Line 2: for %%i in ( "Domain Admins" "Enterprise Admins" "Schema Admins")
Line 3: do (
Line 4: Get-ADUser -Filter %%i
Line 5: )
Which of the following should the tester do to complete the script and show all administrators in the group?
A. Modify line 5 to: ) >> c:\tmp\mylog.txt
B. Modify line 3 to: set count=100; do while (
C. Modify line 2 to: for %%i in ( "*admins*")
D. Modify line 4 to: dsquery group %%i -scope base --attr member
Answer key
Question 1: D (DREAD)
Question 5: D (Modify line 4 to...)