A tester has captured a NetNTLMv2 hash using Responder Which of the following commands will allow the tester to crack the hash using a mask attack?

• A.hashcat -m 5600 -o reaulta.txt hash.txt wordliat.txt
• B.hashc&t -m 5600 -a 3 haah.txt ?a?a?a?a?a?a?a?a
• C.hashcax -m 5600 hash.txt
• D.hashcat -m 5600 -r rulea/beat64.rule hash.txt wordliat.txt

Comment: *

Name: *

Email: *

Verification: *

A tester identifies an XSS attack vector during a penetration test. Which of the following flags should the tester recommend to prevent a JavaScript payload from accessing the cookie?

• A.Domain
• B.HttpOnly
• C.Secure
• D.Max-Age

Comment: *

Name: *

Email: *

Verification: *

A security assessor completed a comprehensive penetration test of a company and its networks and systems.
During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor, although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of impact?

• A.Implement new training to be aware of the risks in accessing the application. This training can be decommissioned after the vulnerability is patched.
• B.Require payroll users to change the passwords used to authenticate to the application. Following the patching of the vulnerability, implement another required password change.
• C.Implement an ACL to restrict access to the application exclusively to the finance department. Reopen the application to company staff after the vulnerability is patched.
• D.Modify the web server crypto configuration to use a stronger cipher-suite for encryption, hashing, and digital signing.

Comment: *

Name: *

Email: *

Verification: *