banner from the remote host?NetcatTelnet WgetFTP24 Lakshman wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically reduce his organization's footprint the most?Limit information available via the organizational website without authentication.Use a secure domain registration.Limit technology references in job postings.Purge all document metadata before posting.
25 Cassandra's nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?A virtual machineA wireless routerA broadband routerA print server
26 Several organizations recently experienced security incidents when their AWS secret keys were published in public GitHub repositories. What is the most significant threat that could arise from this improper key management?Total loss of confidentialityTotal loss of integrityTotal loss of availabilityTotal loss of confidentiality, integrity, and availability
27 Latisha has local access to a Windows workstation and wants to gather information about the organization that it belongs to. What type of information can she gain if she executes the command nbtstat -c?MAC addresses and IP addresses of local systemsNetBIOS name-to-IP address mappings A list of all NetBIOS systems that the host is connected toNetBIOS MAC-to-IP address mappings
28 Tracy believes that a historic version of her target's website may contain data she needs for her reconnaissance. What tool can she use to review snapshots of the website from multiple points in time?Time MachineMorlockWayback MachineHer target's web cache
29 After Kristen received a copy of an nmap scan run by a penetration tester that her company hired, she knows that the tester used the -O flag. What type of information should she expect to see included in the output other than open ports?OCMP statusOther portsObjective port assessment data in verbose modeOperating system and Common Platform Enumeration (CPE) data
30 Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?WHOIS lookupsBanner grabbingBGP looking glass usageRegistrar checks
31 While gathering reconnaissance data for a penetration test, Charlene uses the MXToolbox MX Lookup tool. What can she determine from the response to her query shown here?The mail servers are blacklisted.The mail servers have failed an SMTP test.The mail servers are clustered.There are two MX hosts listed in DNS.
32 Alex wants to scan a protected network and has gained access to a system that can communicate to both his scanning system and the internal network, as shown in the image here. What type of nmap scan should Alex conduct to leverage this host if he cannot install nmap on system A?A reflection scanA proxy scanA randomized host scanA ping-through scan
33 As a member of a blue team, Lukas observed the following behavior during an external penetration test. What should he report to his managers at the conclusion of the test?A significant increase in latencyA significant increase in packet lossLatency and packet loss both increased.No significant issues were observed.
34 As part of an organizationwide red team exercise, Frank is able to use a known vulnerability to compromise an Apache web server. Once he has gained access, what should his next step be if he wants to use the system to pivot to protected systems behind the DMZ that the web server resides in?Vulnerability scanningPrivilege escalationPatchingInstalling additional tools
35 Maddox is conducting an inventory of access permissions on cloud-based object buckets, such as those provided by the AWS S3 service. What threat is he seeking to mitigate?Insecure APIsImproper key managementUnprotected storageInsufficient logging and monitoring
36 Alex has been asked to assess the likelihood of reconnaissance activities against her organization (a small, regional business). Her first assignment is to determine the likelihood of port scans against systems in her organization's DMZ. How should she rate the likelihood of this occurring?LowMediumHighThere is not enough information for Alex to provide a rating.
37 Lucy recently detected a cross-site scripting vulnerability in her organization's web server. The organization operates a support forum where users can enter HTML tags and the resulting code is displayed to other site visitors. What type of cross-site scripting vulnerability did Lucy discover?PersistentReflectedDOM-basedBlind
38 Which one of the following tools is capable of handcrafting TCP packets for use in an attack?ArachniHpingResponderHashcat
39 Which one of the following IoT components contains hardware that can be dynamically reprogrammed by the end user?RTOSSoCFPGAMODBUS
40 Florian discovered a vulnerability in a proprietary application developed by his organization. The application performs memory management using the malloc() function and one area of memory allocated in this manner has an overflow vulnerability. What term best describes this overflow?Buffer overflowStack overflowInteger overflowHeap overflow
41 The company that Maria works for is making significant investments in infrastructure-as-a-service hosting to replace its traditional datacenter. Members of her organization's management have Maria's concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?Zero-wipe drives before moving systems.Use full-disk encryption.Use data masking.Span multiple virtual disks to fragment data.
42 Lucca wants to prevent workstations on his network from attacking each other. If Lucca's corporate network looks like the network shown here, what technology should he select to prevent laptop A from being able to attack workstation B?An IPSAn IDSAn HIPSAn HIDS
43 Geoff is reviewing logs and sees a large number of attempts to authenticate to his VPN server using many different username and password combinations. The same usernames are attempted several hundred times before moving on to the next one. What type of attack is most likely taking place?Credential stuffingPassword sprayingBrute-forceRainbow table
44 The company that Dan works for has recently migrated to an SaaS provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?Use a different scanning tool.Rely on vendor testing and audits.Engage a third-party tester.Use a VPN to scan inside the vendor's security perimeter.
45 Lakshman uses Network Miner to review packet captures from his reconnaissance of a target organization. One system displayed the information shown here. What information has Network Miner used to determine that the PC is a Hewlett-Packard device?The MAC addressThe OS flagsThe system's bannerThe IP address
46 Kaiden is configuring a SIEM service in his IaaS cloud environment that will receive all of the log entries generated by other devices in that environment. Which one of the following risks is greatest with this approach in the event of a DoS attack or other outage?Inability to access logsInsufficient loggingInsufficient monitoringInsecure API
47 Which one of the following languages is least susceptible to an injection attack?HTMLSQLSTIXXML
48 Which one of the following types of malware would be most useful in a privilege escalation attack?RootkitWormVirusRAT
49 Ricky discovered a vulnerability in an application where privileges are checked at the beginning of a series of steps, may be revoked during those steps, and then are not checked before new uses of them later in the sequence. What type of vulnerability did he discover?Improper error handlingRace conditionDereferencingSensitive data exposure
50 Matthew is analyzing
