NO.15 Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?

NO.16 A penetration tester discovers evidence of an advanced persistent threat on the network that is being tested. Which of the following should the tester do next?

NO.17 A penetration tester uncovers access keys within an organization’s source code management solution. Which of the following would BEST address the issue? (Choose two.)

NO.18 A penetration tester noticed that an employee was using a wireless headset with a smartphone. Which of the following methods would be best to use to intercept the communications?

NO.19 During an assessment, a penetration tester was able to access the organization’s wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

NO.20 A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

NO.21 A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?

NO.22 An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible?

NO.23 A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees’ numbers?

NO.24 During a security assessment, a penetration tester needs to exploit a vulnerability in a wireless network’s authentication mechanism to gain unauthorized access to the network. Which of the following attacks would the tester most likely perform to gain access?

NO.25 Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

NO.26 Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

NO.27 A penetration tester will be performing a vulnerability scan as part of the penetration test on a client’s website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection.
Which of the following Nmap options will the penetration tester MOST likely utilize?

NO.28 SIMULATION
Using the output, identify potential attack vectors that should be further investigated.

NO.29 A penetration tester is testing a company’s public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the following actions should the penetration tester take next?

NO.30 A penetration tester gains initial access to a target system by exploiting a recent RCE vulnerability. The patch for the vulnerability will be deployed at the end of the week. Which of the following utilities would allow the tester to reenter the system remotely after the patch has been deployed? (Select two).

NO.31 After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?

NO.32 A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

NO.33 A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:
python -c ‘import pty; pty.spawn(“/bin/bash”)’
Which of the following actions Is the penetration tester performing?

NO.34 A penetration tester is reviewing the following SOW prior to engaging with a client:
“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.” Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

NO.35 A penetration testing firm performs an assessment every six months for the same customer. While performing network scanning for the latest assessment, the penetration tester observes that several of the target hosts appear to be residential connections associated with a major television and ISP in the area. Which of the following is the most likely reason for the observation?

NO.36 In a cloud environment, a security team discovers that an attacker accessed confidential information that was used to configure virtual machines during their initialization. Through which of the following features could this information have been accessed?