A penetration tester performs several Nmap scans against the web application for a client.
INSTRUCTIONS
Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Correct Answer:

See the explanation part for detailed solution.
Explanation:


Most likely vulnerability: Perform a SSRF attack against App01.example.com from CDN.example.com.
The scenario suggests that the CDN network (with a WAF) can be used to perform a Server-Side Request Forgery (SSRF) attack. Since the penetration tester has the pentester workstation interacting through the CDN
/WAF and the production network is behind it, the most plausible attack vector is to exploit SSRF to interact with the internal services like App01.example.com.
Two best remediation options:
* Restrict direct communications to App01.example.com to only approved components.
* Require an additional authentication header value between CDN.example.com and App01.example.com.
* Restrict direct communications to App01.example.com to only approved components: This limits the exposure of the application server by ensuring that only specified, trusted entities can communicate with it.
* Require an additional authentication header value between CDN.example.com and App01.
example.com: Adding an authentication layer between the CDN and the app server helps ensure that requests are legitimate and originate from trusted sources, mitigating SSRF and other indirect attack vectors.
Nmap Scan Observations:
* CDN/WAF shows open ports for HTTP and HTTPS but filtered for MySQL, indicating it acts as a filtering layer.
* App Server has open ports for HTTP, HTTPS, and filtered for MySQL.
* DB Server has all ports filtered, typical for a database server that should not be directly accessible.
These findings align with the SSRF vulnerability and the appropriate remediation steps to enhance the security of internal communications.

Comment: *

Name: *

Email: *

Verification: *

During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

• A.Spawn a local shell.
• B.Disable NIC.
• C.List processes.
• D.Change the MAC address

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

• A.Default web configurations
• B.Open web ports on a host
• C.Supported HTTP methods
• D.Listening web servers in a domain

Comment: *

Name: *

Email: *

Verification: *

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Correct Answer:

Explanation:
A picture containing shape Description automatically generated

A picture containing treemap chart Description automatically generated

Text Description automatically generated

Graphical user interface Description automatically generated

Comment: *

Name: *

Email: *

Verification: *

A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

• A.Telnet
• B.SMTP
• C.HTTP
• D.NTP
• E.DNS
• F.SNMP

Comment: *

Name: *

Email: *

Verification: *