Question 1
During an external vulnerability scan, the penetration tester finds that telnet, ftp, and http are open inbound on a storage server at the customer site. This information has been relayed to the customer after the penetration test has been completed. Which of the following is the BEST mitigation for this vulnerability?
A. The customer should enable two-factor authentication.
B. The customer should wrap http in TLS.
C. The customer should move the services to non-standard ports.
D. The customer should use system hardening guides to close unnecessary services and ports.
Question 2
A penetration tester finds a username with a relative ID (RID) of 500 on a Windows device. Which of the following privilege levels does this user have?
A. Administrator
B. User
C. Guest
D. Power user
Question 3
A penetration tester notices the results from an external vulnerability scan are unreliable. The same IP address has shown different vulnerabilities each time it is scanned. Which of the following is the MOST likely cause for this?
A. The address being scanned is a load balancer with systems behind it.
B. The vulnerability scanner is reporting false positives.
C. The customer has been patching and rolling back their updates.
D. The vulnerability scanner is improperly configured.
Question 4
A web application is coded in such a way that it concatenates user input directly into a database query:
http://example.com?page=news&ID=14
To which of the following vulnerabilities could this situation apply?
A. XML injection
B. Insecure direct object reference
C. Insecure cross-origin resource sharing
D. SQL injection
Question 5
Output from a static code analyzer shows a high number of null pointer issues. Which of the following is the MOST likely cause of this issue?
A. Improper use of named pipes
B. Poor file-system integration
C. Lack of variable initialization
D. Bad socket programming
Question 6
A penetration tester is removing a local admin account from a target system, clearing credentials from an exploitation framework, and purging copies of documents from the laptop that was used to create reports. Which of the following is the penetration tester performing?
A. Attestation of findings
B. Post-engagement cleanup
C. Deception techniques
D. Remediation steps
Question 7
HTTP is being used during authentication on a target network. Which of the following passive reconnaissance techniques can help a penetration tester obtain a user's credentials?
A. Traffic throttling
B. Traffic sniffing
C. Traffic shaping
D. Traffic blocking
Question 8
While scoping a compliance-based assessment, which of the following MUST be considered?
A. Protocols used
B. Stealth
C. Bandwidth limitations
D. Local and national laws
Question 1) D. The customer should use system hardening guides to close unnecessary services and ports.
Question 2) A. Administrator
Question 3) A. The address being scanned is a load balancer with systems behind it.
Question 4) D. SQL injection
Question 5) C. Lack of variable initialization
Question 6) B. Post-engagement cleanup
Question 7) B. Traffic sniffing
Question 8) D. Local and national laws