Question 6 of 196

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a CVSS base score of 10.0. Which of the following levels of difficulty would be required to exploit this vulnerability?

    Correct Answer: C

    A CVSS base score of 10.0 indicates an extremely critical vulnerability, as it is the highest possible score on the CVSS scale. This suggests that the vulnerability is easy to exploit with little effort required from an attacker. Such vulnerabilities typically have low complexity, may not require any special privileges, and can be executed remotely, making exploitation trivial.

Question 7 of 196

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regained. Which of the following actions should the penetration tester use to maintain persistence to the device? (Select TWO.)

    Correct Answer: AE

    To maintain persistence on a compromised device, a penetration tester can place an entry in the registry under HKLM\Software\Microsoft\Windows\CurrentVersion\Run to automatically execute a script or program during system startup. This ensures the script au57d.ps1 is invoked every time the system boots up, thus maintaining access. Additionally, creating a fake service entry in HKLM\CurrentControlSet\Services with a name like RTAudio can ensure the service is run as needed, providing another layer of persistence. These two methods leverage the system's startup processes and service management to regain control of the device even if the initial access is discovered and removed.

Question 8 of 196

Which of the following tools is used to perform a credential brute force attack?

    Correct Answer: A

    Hydra is a tool specifically designed for performing credential brute force attacks. It can attempt to login to systems by trying various username and password combinations directly against the target services. Tools like John the Ripper and Hashcat are primarily used for offline password cracking, where you already have hashed passwords and are trying to determine the plain text passwords. Peach is typically used for fuzz testing, not brute force attacks.

Question 9 of 196

Which of the following situations would cause a penetration tester to communicate with a system owner/client during the course of a test? (Select TWO.)

    Correct Answer: BD

    A penetration tester should communicate with the system owner/client during the course of a test if the system shows evidence of prior unauthorized compromise or if the system becomes unavailable following an attempted exploit. Discovering evidence of prior unauthorized compromise is critical as it indicates the system has already been breached and requires immediate action to prevent further damage. Likewise, if the system becomes unavailable after an attempted exploit, it is essential to inform the client to address the issue promptly and prevent potential disruptions in service or operations.

Question 10 of 196

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?

    Correct Answer: A

    Given the context where the client lacks the resources to immediately address all vulnerabilities, the best approach would be to apply easy compensating controls for the critical vulnerabilities. This minimizes the risk associated with the critical vulnerabilities while allowing the client to reprioritize remediation efforts based on available resources. This strategy provides a balanced approach to managing the most severe risks without neglecting the overall security posture.