Which of the following properties of the penetration testing engagement agreement will have the largest impact on observing and testing production systems at their highest loads?

• A.Setting a schedule of testing access times
• B.Establishing a white-box testing engagement
• C.Creating a scope of the critical production systems
• D.Having management sign-off on intrusive testing

Comment: *

Name: *

Email: *

Verification: *

A penetration tester notices that the X-Frame-Optjons header on a web application is not set. Which of the following would a malicious actor do to exploit this configuration setting?

• A.Inject a malicious iframe containing JavaScript.
• B.Create a frame that overlays the application.
• C.Pass an iframe attribute that is malicious.
• D.Use path modification to escape the application's framework.

Comment: *

Name: *

Email: *

Verification: *

A penetration tester successfully exploits a DM2 server that appears to be listening on an outbound port The penetration tester wishes to forward that traffic back to a device Which of the following are the BEST tools to use few this purpose? (Select TWO)

• A.SSH
• B.Wiresrtark
• C.Tcpdump
• D.Cain and Abel
• E.Netcat
• F.Nmap

Comment: *

Name: *

Email: *

Verification: *

A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?

• A.Insider threat
• B.Nation state
• C.Cybercrime organization.
• D.Script kiddie

Comment: *

Name: *

Email: *

Verification: *

A consultant is attempting to harvest credentials from unsecure network protocols in use by the organization. Which of the following commands should the consultant use?

• A.Tcmpump
• B.Hashcat
• C.nc
• D.John

Comment: *

Name: *

Email: *

Verification: *