A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them.

Scripts that are part of the framework can be imported directly into SIEM tools.

The methodology can be used to estimate the cost of an incident better.

The framework is static and ensures stability of a security program over time.

Which of the following would MOST likely be included in the final report of a static application- security test that was written with a team of application developers as the intended audience?

Quantitative impact assessments given a successful software compromise.

Executive summary of the penetration-testing methods used.

Bill of materials including supplies, subcontracts, and costs incurred during assessment.

Code context for instances of unsafe type-casting operations

Which of the following would MOST likely be included in the final report of a static application- security test that was written with a team of application developers as the intended audience?

Quantitative impact assessments given a successful software compromise.

Executive summary of the penetration-testing methods used.

Bill of materials including supplies, subcontracts, and costs incurred during assessment.

Code context for instances of unsafe type-casting operations.

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Implement multifactor authentication.

Enforce mandatory employee vacations

Install video surveillance equipment in the office.

Encrypt passwords for bank account information.

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

Reach out to the primary point of contact.

Try to take down the attackers.

Call law enforcement officials immediately.

Collect the proper evidence and add to the final report.

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

Create a detailed document of findings before continuing with the assessment.

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team's approach.

Halt the assessment and follow the reporting procedures as outlined in the contract.

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware? (Choose three.)

Analyze the malware to see what it does.

Remove the malware immediately.

Stop the assessment and inform the emergency contact.

Collect the proper evidence and then remove the malware.

Do a root-cause analysis to find out how the malware got in.

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Perform a reverse DNS query and match to the service banner.

Test for RFC-defined protocol conformance.

Attempt to brute force authentication to the service.

Check for an open relay configuration.

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

Acceptance by the client and sign-off on the final report.

Scheduling of follow-up actions and retesting.

Attestation of findings and delivery of the report.

Review of the lessons learned during the engagement.

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)

Conducting wardriving near the client facility.

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Implement multifactor authentication.

Enforce mandatory employee vacations.

Install video surveillance equipment in the office.

Encrypt passwords for bank account information.

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

Reach out to the primary point of contact.

Try to take down the attackers.

Call law enforcement officials immediately.

Collect the proper evidence and add to the final report.

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

Create a detailed document of findings before continuing with the assessment.

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team's approach.

Halt the assessment and follow the reporting procedures as outlined in the contract.

Pentest+ Post Training Assesment

Authored by gopi venketesan

Other

Professional Development

Used 6+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

24 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

wireshark

metasploit

nmap

netcat

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?

Stronger algorithmic requirements.

Access controls on the server.

Encryption on the user passwords.

A patch management program.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support additional reconnaissance?

wardriving

shodan

recon-ng

aircrack-ng

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?

Run another scanner to compare.

Perform a manual test on the server.

Check the results on the scanner.

Look for the vulnerability online.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?

wireshark

Aircrack-ng

kismet

wifite

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

Phishing

Tailgating

Baiting

Shoulder Surfing

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position. Which of the following actions, if performed, would be ethical within the scope of the assessment?

Exploiting a configuration weakness in the SQL database.

Intercepting outbound TLS traffic.

Gaining access to hosts by injecting malware into the enterprise-wide update server.

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates.

Establishing and maintaining persistence on the domain controller.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Le droit de propriété

Quiz

•

University - Professi...

20 questions

SEMANGAT MERDEKA KE-63

Quiz

•

KG - Professional Dev...

20 questions

Kosárlabda történelem

Quiz

•

1st Grade - Professio...

20 questions

Seguridad y salud laboral

Quiz

•

Professional Development

20 questions

Intro 7 Writing Exam

Quiz

•

Professional Development

20 questions

Draw toolbar & Shortcuts

Quiz

•

7th Grade - Professio...

20 questions

Sûreté CAP 1B

Quiz

•

Professional Development

20 questions

EXAMEN TRIMESTRAL DE SEGUNDO SECUNDARIA HISTORIA

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

Main Idea and Supporting Details

Quiz

•

3rd - 6th Grade

20 questions

Math Review

Quiz

•

3rd Grade

14 questions

25-26 SY 8th Grade EOY Benchmark

Quiz

•

8th Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Math Review

Quiz

•

6th Grade

20 questions

Context Clues

Quiz

•

6th Grade

21 questions

EOY Grade 6 Benchmark Assessment - Content Skills

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

Discover more resources for Other

10 questions

June Standards Quiz

Quiz

•

Professional Development

57 questions

Certified Nursing Assistant Endocrine System Quiz

Quiz

•

Professional Development

11 questions

dog breeds

Quiz

•

3rd Grade - Professio...

20 questions

Disney characters

Quiz

•

KG - Professional Dev...

Pentest+ Post Training Assesment

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?

A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?

Which of the following would MOST likely be included in the final report of a static application- security test that was written with a team of application developers as the intended audience?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other