CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

PenTest+ Practice Exam

Back to exams page.

Take our PenTest+ course here.

Check out our labs book on Amazon.

pentest+

1. Jack just removed recently created accounts and installed scripts of a target system. What is he actually doing?

Question 1 of 50

2. A penetration tester, with physical access to the target's network, was able to retrieve a user's credentials during a HTTP authentication. What type of attack did this pen tester perform?

Question 2 of 50

3. A penetration test is characterized by giving very little information to the pen tester.

Question 3 of 50

4. In , 'Write-Host' is the keyword used to display some output.

Question 4 of 50

5. It is very common to see ______________ being used during the post-exploitation phase.

Question 5 of 50

6. Companies that perform credit card transactions must be compliant with:

Question 6 of 50

7. HIPAA demands regular penetration tests.

Question 7 of 50

8. PCI/DSS requires regular penetration tests.

Question 8 of 50

9. A client contacted a penetration testing stating that he is much more concerned with his employees' security awareness than with technological solutions. Therefore, the penetration tester told the client that deploying _______________________ attacks would be necessary.

Question 9 of 50

10. Compliance vulnerability scans usually focus on a verifying a specific set of standardized requirements.

Question 10 of 50

11. A scan does not complete the 3-way handshake in order to avoid easy detection.

Question 11 of 50

12. Discovery scans do not involve TCP connections.

Question 12 of 50

13. After compromising a Linux host, a penetration tester runs 'find / -perm -4000'. What is the penetration tester looking for?

Question 13 of 50

14. In a Windows system, the administrative user (Administrator) has relative ID:

Question 14 of 50

15. In the post-engagement cleanup, penetration tester should remember to remove from all exploited systems the following items:

Question 15 of 50

16. Is an example of a static and dynamic binary analysis software:

Question 16 of 50

17. It can be used along with John the Ripper to crack hashed passwords.

Question 17 of 50

18. Bill, a penetration tester, scans an IP address, but every time he runs a scan against this IP, he gets a different result. What is the most likely cause?

Question 18 of 50

19. Michelle, a pen tester, scanned a host for ports. The scan result shows some ports as filtered. This happens because the a firewall is blocking the scan to those ports and responding with FIN TCP segments.

Question 19 of 50

20. When running an Nmap SYN scan, what is the result displayed by the tool for ports that do not respond to those SYNs?

Question 20 of 50

21. Web applications that concatenate authentication input fields directly into a database query may be susceptible to:

Question 21 of 50

22. Will posted into a forum a Javascript code that would force a client's browser to send transmission data to him. What type of attack might be going on here?

Question 22 of 50

23. Steve received an email stating that he should change his online bank account credentials. This email has two links. The first one is https://www.bankname.com, which is the original URL to his bank webpage. The second one looks something like https://www.bankname.com/config/change.do?newpassword=whatever&confnpass=whatever. Additionally, the email specifically says that Steve must click on the first link first, log into his account and then click on the second link. What type of attack is probably occurring here?

Question 23 of 50

24. During a port scan, a pen tester sees that HTTP and FTP ports are open in an exclusively Postgres SQL Server. After performing some additional analysis, the pen tester realizes that these services are not associated with the database management system. What is the best mitigation strategy here?

Question 24 of 50

25. Where can you identify Cross-Site Scripting vulnerabilities?

Question 25 of 50

26. USB key drop attacks are only effective when autorun is enabled.

Question 26 of 50

27. Web application developers usually escape characters with the HTML  entity &#xHH to prevent from XSS attacks.

Question 27 of 50

28. In a penetration testing contract, what is the first deliverable?

Question 28 of 50

29. Nessus is a(n):

Question 29 of 50

30. In what phase of a penetration testing engagement is Maltego mostly used?

Question 30 of 50

31. _______________ is a tool specialized on gathering Windows authentication data such as hashed passwords.

Question 31 of 50

32. Biometric authentication fits in the 'Something you have' multi factor authentication category.

Question 32 of 50

33. TCP port 445 is typically associated with services.

Question 33 of 50

34. To run the Metasploit console, you should use the command.

Question 34 of 50

35. In the hashcat command the '-m' switch is used to inform the hash code. What is the hash code for the NTLM algorithm?

Question 35 of 50

36. Windows systems support pass-the-hash authentication. The internal system tool that may be used to perform this authentication is:

Question 36 of 50

37. Paul ran a vulnerability scan and found vulnerability with CVSS Base Score version 3 of 6.0. What level of criticality is this vulnerability?

Question 37 of 50

38. A false positive error occurs when the vulnerability scanner reports a vulnerability that does not actually exist.

Question 38 of 50

39. It is an interpreted programming language:

Question 39 of 50

40. This snippet of code was written in .

vector=(17 16 19 16 17 15 14 18 14 15)

echo 'The third value is: ' ${vector[2]}

Question 40 of 50

41. Line contains an error in the following snippet of code.

1: #!/bin/bash

2: echo 'What is your age?'

3: read age

4: if [ $age >= 18 ]; then

5: echo 'We have an adult here'

6: fi

Question 41 of 50

42. A social engineering attack characterized by posing as someone trusted by staff members.

Question 42 of 50

43. Elsa tried to tailgate a target's premisses without success. Now she plans to gather all documents she can find outside of the building. What type of attack will she perform?

Question 43 of 50

44. Mike did Miles a favor. Now Mike is asking Miles for some info about Miles' company. What type of attack can be characterized here?

Question 44 of 50

45. USB key drops attack leverages what technique?

Question 45 of 50

46. Beavis is pen testing company ABC's web server. He tries to access http://www.companyabc.com/../../../etc/passwd. What type of attack did he try?

Question 46 of 50

47. After noticing that a client's web application identifies a product by the following URL:

https://www.clientweb.com/home.php?ID=5

Tom, the pen tester, tries:

https://www.clientweb.com/home.php?ID=10

What type of attack is he attempting?

Question 47 of 50

48. This tool is commonly used to perform session hijacking attacks.

Question 48 of 50

49. A penetration tester tried to edit the /etc/shadow file using a regular user account without success. However, using the same user the pen tester was able to see the hashed passwords using 'cat /etc/shadow'. Why is this happening?

Question 49 of 50

50. 'searchsploit privilege|grep -i linux|grep kernel|grep 3.0.1'. Based on this command, what type of attack does the pen tester have in mind?

Question 50 of 50


 

content-filler