CompTIA Pentest+ (Practice Exams) by Karamagi Robert

Author:Karamagi, Robert [Karamagi, Robert]
Language: eng
Format: epub
Published: 2021-01-28T16:00:00+00:00

A. The remote host is firewalled.

B. The remote host is not online.

C. The host is not routable.

D. The remote host was not set.

41. What type of wireless attack focuses on tricking clients into using less secure protocols?

A. A downfall attack

B. A false negotiation attack

C. A chutes and ladders attack

D. A downgrade attack

42. Robert wants to use THC Hydra to brute-force SSH passwords. As he prepares to run the command, he knows that he recalls seeing the -t flag. What should he consider when using this flag?

A. How many targets he wants to attack

B. The number of tasks to run in parallel per target

C. The time-out for the connections

D. None of the above

43. Robert has set his penetration testing workstation up as a man in the middle between his target and an FTP server. What is the best method for him to acquire FTP credentials?

A. Capture traffic with Wireshark

B. Conduct a brute-force attack against the FTP server

C. Use an exploit against the FTP server

D. Use a downgrade attack against the next login

44. Robert wants to enumerate possible user accounts and has discovered an accessible SMTP server. What STMP commands are most useful for this?

A. HELO and DSN

B. EXPN and VRFY

C. VRFY and TURN

D. EXPN and ETRN

45. What is the default read-only community string for many SNMP devices?

A. secret

B. readonly

C. private

D. public

46. Which of the following tools will not allow Robert to capture NTLM v2 hashes over the wire for use in a pass-the-hash attack?

A. Responder

B. Mimikatz

C. Ettercap

D. Metasploit

47. For what type of activity would you use the tools HULK, LOIC, HOIC, and SlowLoris?

A. DDoS

B. SMB hash capture

C. DoS

D. Brute-force SSH

48. Robert sends a phishing email specifically to Roberto, the CEO at his target company. What type of phishing attack is he conducting?

A. CEO baiting

B. Spear phishing

C. Phish hooking

D. Hook SETting

49. While Robert is performing a physical penetration test, he notices that the exit doors to the data center open automatically as an employee approaches them with a cart. What should he record in his notes?

A. The presence of an egress sensor

B. The presence of a mantrap

C. A potential unlocked door

D. Nothing because this is not a vulnerability

50. Robert wants to gather information about an organization, but does not want to enter the building. What physical data gathering technique can he use to potentially gather business documents without entering the building?

A. Piggybacking

B. File surfing

C. USB drops

D. Dumpster diving

51. Robert is preparing to travel to another state to perform a physical penetration test. What penetration testing gear should he review the legality of before leaving for that state?

A. Metasploit

B. Lockpicks

C. Encryption tools

D. SET

52. Which social engineering motivation technique relies on persuading the target that other people have behaved similarly and thus that they could too?

A. Likeness

B. Fear

C. Social proof

D. Reciprocation

53. What is the default read-only community string for many SNMP devices?

A. secret

B. readonly

C. private

D. public

54. Robert wants to gain access to a target company’s premises but discovers that his original idea of jumping the fence probably isn’t practical. Which factor is least likely to prevent him from trying to jump the fence?

A.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.