MultipleChoice
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
OptionsMultipleChoice
The results of an Nmap scan are as follows:
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)
OptionsMultipleChoice
Using the output, identify potential attack vectors that should be further investigated.
OptionsMultipleChoice
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:
Which of the following is the MOST likely reason for the lack of output?
OptionsMultipleChoice
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
Which of the following attacks is being attempted?
OptionsMultipleChoice
A penetration tester performs the following command:
Which of the following snippets of output will the tester MOST likely receive?
OptionsMultipleChoice
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
...
DOWNLOADED: 4612 -- FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?
Options