A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

• A.Set the SGID on all files in the / directory
• B.Find the /root directory on the system
• C.Find files that were created during exploitation and move them to /dev/null
• D.Find files with the SUID bit set

Comment: *

Name: *

Email: *

Verification: *

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

• A.nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
• B.nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
• C.nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan
• D.nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan

Comment: *

Name: *

Email: *

Verification: *

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

• A.This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
• B.This device is most likely a gateway with in-band management services.
• C.This device is most likely a proxy server forwarding requests over TCP/443.
• D.This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

• A.The methodology can be used to estimate the cost of an incident better.
• B.Scripts that are part of the framework can be imported directly into SIEM tools.
• C.Understanding the tactics of a security intrusion can help disrupt them.
• D.The framework is static and ensures stability of a security program overtime.

Comment: *

Name: *

Email: *

Verification: *

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

• A.Race-condition attacks
• B.Cross-site scripting
• C.Zero-day attacks
• D.Injection flaws
• E.Ransomware attacks
• F.Buffer overflows

Comment: *

Name: *

Email: *

Verification: *