to block this type of traffic?The firewallThe routerThe distribution switchThe Windows server73 Brandon wants to perform a WHOIS query for a system he believes is located in Europe. Which NIC should he select to have the greatest likelihood of success for his query?AFRINICAPNICRIPELACNIC
74 While reviewing Apache logs, Janet sees the following entries as well as hundreds of others from the same source IP. What should Janet report has occurred?[ 21/Jul/2020:02:18:33 -0500] - - 10.0.1.1 "GET /scripts/sample.php" "-" 302 336 0 [ 21/Jul/2020:02:18:35 -0500] - - 10.0.1.1 "GET /scripts/test.php" "-" 302 336 0 [ 21/Jul/2020:02:18:37 -0500] - - 10.0.1.1 "GET /scripts/manage.php" "-" 302 336 0 [ 21/Jul/2020:02:18:38 -0500] - - 10.0.1.1 "GET /scripts/download.php" "-" 302 336 0 [ 21/Jul/2020:02:18:40 -0500] - - 10.0.1.1 "GET /scripts/update.php" "-" 302 336 0 [ 21/Jul/2020:02:18:42 -0500] - - 10.0.1.1 "GET /scripts/new.php" "-" 302 336 0A denial-of-service attackA vulnerability scanA port scanA directory traversal attack
75 Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will most easily provide the most useful information if they are all possible to conduct on the network he is targeting?DNS record enumerationZone transferReverse lookupDomain brute-forcing
76 Geoff wants to perform passive reconnaissance as part of an evaluation of his organization's security controls. Which of the following techniques is a valid technique to perform as part of a passive DNS assessment?A DNS forward or reverse lookupA zone transferA WHOIS queryUsing maltego
77 Mike's penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?WiresharknmapnetcatAngry IP Scanner
78 While gathering DNS information about an organization, Ryan discovered multiple AAAA records. What type of reconnaissance does this mean Ryan may want to consider?Second-level DNS queriesIPv6 scans Cross-domain resolutionA CNAME verification
79 After Carlos completes a topology discovery scan of his local network, he sees the Zenmap topology shown here. What can Carlos determine from the Zenmap topology view?There are five hosts with port security enabled.DemoHost2 is running a firewall.DemoHost4 is running a firewall.There are four hosts with vulnerabilities and seven hosts that do not have vulnerabilities.
80 Scott is part of the white team who is overseeing his organization's internal red and blue teams during an exercise that requires each team to only perform actions appropriate to the penetration test phase they are in. During the reconnaissance phase, he notes the following behavior as part of a Wireshark capture. What should he report?The blue team has succeeded.The red team is violating the rules of engagement.The red team has succeeded.The blue team is violating the rules of engagement.
81 Jennifer analyzes a Wireshark packet capture from a network that she is unfamiliar with. She discovers that a host with IP address 10.11.140.13 is running services on TCP ports 636 and 443. What services is that system most likely running?LDAPS and HTTPSFTPS and HTTPSRDP and HTTPSHTTP and Secure DNS
82 Kai has identified a privilege escalation flaw on the system she targeted in the first phase of her penetration test and is now ready to take the next step. According to the NIST 800-115 standard, what is step C that Kai needs to take, as shown in this diagram?System browsingScanningRootingConsolidation
83 When Scott performs an nmap scan with the -T flag set to 5, what variable is he changing?How fast the scan runsThe TCP timeout flag it will setHow many retries it will performHow long the scan will take to start up
84 While conducting a port scan of a remote system, Henry discovers TCP port 1433 open. What service can he typically expect to run on this port?OracleVNCIRCMicrosoft SQL
85 While application vulnerability scanning one of her target organizations web servers, Andrea notices that the server's hostname is resolving to a cloudflare.com host. What does Andrea know about her scan?It is being treated like a DDoS attack.It is scanning a CDN-hosted copy of the site.It will not return useful information.She cannot determine anything about the site based on this information.
86 While tracking a potential APT on her network, Cynthia discovers a network flow for her company's central file server. What does this flow entry most likely show if 10.2.2.3 is not a system on her network?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2017-07-11 13:06:46.343 21601804 TCP 10.1.1.1:1151->10.2.2.3:443 9473640 9.1 G 1 2017-07-11 13:06:46.551 21601804 TCP 10.2.2.3:443->10.1.1.1:1151 8345101 514 M 1A web browsing sessionData exfiltrationData infiltrationA vulnerability scan
87 Part of Tracy's penetration testing assignment is to evaluate the WPA2 Enterprise protected wireless networks of her target organization. What major differences exist between reconnaissances of a wired network versus a wireless network?Encryption and physical accessibilityNetwork access control and encryptionPort security and physical accessibilityAuthentication and encryption
88 Ian's company has an internal policy requiring that they perform regular port scans of all of their servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service (IaaS) provider. What change will Ian most likely need to make to his scanning efforts?Change scanning softwareFollow the service provider's scan policies Sign a security contract with the providerDiscontinue port scanning
89 During a regularly scheduled PCI compliance scan, Fred has discovered port 3389 open on one of the point-of-sale terminals that he is responsible for managing. What service should he expect to find enabled on the system?MySQLRDPTORJabber
90 Saanvi knows that the organization she is scanning runs services on alternate ports to attempt to reduce scans of default ports. As part of her intelligence-gathering process, she discovers services running on ports 8080 and 8443. What services are most likely running on these ports?Botnet C&CNginxMicrosoft SQL Server instancesWeb servers
91 Lauren wants to identify all the printers on the subnets she is scanning with nmap. Which of the following nmap commands will not provide her with a list of likely printers?nmap -sS -p 9100,515,631 10.0.10.15/22 -oX printers.txtnmap -O 10.0.10.15/22 -oG - | grep printer >> printers.txtnmap -sU -p 9100,515,631 10.0.10.15/22 -oX printers.txtnmap -sS -O 10.0.10.15/22 -oG | grep >> printers.txt
92 Chris knows that systems have connected to a remote host on TCP ports 1433 and 1434. If he has no other data, what should his best guess be about what the host is?A print serverA Microsoft SQL serverA MySQL serverA secure web server running on an alternate port
93 What services will the following nmap scan test for?nmap -sV -p 22,25,53,389 192.168.2.50/27Telnet, SMTP, DHCP, MS-SQLSSH, SMTP, DNS, LDAPTelnet, SNMP, DNS, LDAPSSH, SNMP, DNS, RDP
94 While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?A route changeFast-flux DNSA load balancerAn IP mismatch
95 Kwame is reviewing his team's work as part of a reconnaissance effort and is checking Wireshark packet captures. His team reported no open ports on 10.0.2.15. What issue should he identify with their scan based on the capture shown here?The host was not up.Not all ports were scanned.The scan scanned only UDP ports.The scan was not run as root.
96 Allan's nmap scan includes a line that starts with cpe:/o. What type of information should he expect to gather from the entry?Common privilege escalationOperating system Certificate performance evaluationHardware identification
97 While scanning a network, Frank discovers a host running a service on TCP ports 1812 and 1813. What type of server has Frank most likely discovered?RADIUSVNCKerberosPostgres
98 Nihar
