A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?

• A.training program on proper access to the web server
• B.patch-management program for the web server.
• C.the web server in a screened subnet
• D.Implement endpoint protection on the workstations

Comment: *

Name: *

Email: *

Verification: *

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

• A.Create a one-shot systemd service to establish a reverse shell.
• B.Obtain /etc/shadow and brute force the root password.
• C.Run the nc -e /bin/sh <...> command.
• D.Move laterally to create a user account on LDAP

Comment: *

Name: *

Email: *

Verification: *

Using the output, identify potential attack vectors that should be further investigated.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a rules engine for managing public cloud accounts and resources?

• A.Cloud Custodian
• B.Cloud Brute
• C.Pacu
• D.Scout Suite

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is performing a social engineering penetration test and was able to create a remote session. Which of the following social engineering techniques was most likely successful?

• A.Executive impersonation attack
• B.Browser exploitation framework
• C.Dumpster diving
• D.SMS phishing

Comment: *

Name: *

Email: *

Verification: *