Time limit: 0
Quiz Summary
0 of 30 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Quiz complete. Results are being recorded.
Results
0 of 30 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Unfortunately, you didn’t pass the quiz, but hey, you have unlimited access.😎
Practice makes you perfect! 👊 -
Congratulations! 🥳
You have passed the quiz successfully! You are one step closer to pass the real exam!
We hope to see you again on another certification path.✌️
Good luck with the exam! Stay strong.👊
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 30
1. Question
You are performing a penetration test for the Acme Corporation and the wireless network is in the scope of the network assessment. What tool would you use to determine if the Wi-Fi network can be easily cracked?
CorrectIncorrect -
Question 2 of 30
2. Question
You have been hired to perform a penetration test for the Acme Corporation. As part of the process, you are using Nmap to discover systems on the network. After discovering the systems and the services on the network, you would like to identify the OS that is being used by the system with a network IP address of 192.168.1.2. Which of the following command should you use?
CorrectIncorrect -
Question 3 of 30
3. Question
You have been hired to perform a penetration test against the web servers of the Acme Corporation. Which of the following tools should you use to determine if the web servers are vulnerable?
CorrectIncorrect -
Question 4 of 30
4. Question
You are in charge of documenting all the running services on your system with IP 1.2.3.4 by doing a TCP connect scan. You decide to use Nmap to complete the task. Which of the following commands should you type to identify the services running on your system?
CorrectIncorrect -
Question 5 of 30
5. Question
Which of the following commands provide the most reliable and accurate port scan results on the network with an IP address of 55.56.57.0/24?
CorrectIncorrect -
Question 6 of 30
6. Question
Which of the following tools would you use to test web applications against SQL injection attacks?
CorrectIncorrect -
Question 7 of 30
7. Question
You have been hired to perform an assessment on the company’s web application written in PHP. The first task is to attempt a cross-site scripting attack. Which of the following would you use to complete the task?
CorrectIncorrect -
Question 8 of 30
8. Question
The attacker connects to a switch port and starts sending a very large number of Ethernet frames with a different fake source MAC address. The switch’s MAC address table becomes full and now it’s not able to save more MAC address, which means it enters into a fail-open mode and starts behaving like a network Hub. Frames are flooded to all ports, similar to a broadcast type of communication. The attacker’s machine will be delivered with all the frames between the victim and other machines. The attacker will be able to capture sensitive data from the network. Given the above scenario, identify the Layer 2 type of attack.
CorrectIncorrect -
Question 9 of 30
9. Question
You just received a password recovery email from Facebook stating that you ask to change your password. Out of curiosity, you follow the link and end up on a password recovery page similar to Facebooks’s password recovery page. Then you press right-click -> View page source and you notice the following snippet code.
What type of attack are you experiencing?
CorrectIncorrect -
Question 10 of 30
10. Question
Which of the following physical security attacks is a technique used to retrieve information from someone else’s trash that could be used to carry out an attack on a computer network?
CorrectIncorrect -
Question 11 of 30
11. Question
A hacker tricks a user into clicking on a hyperlink that runs malicious code that could modify the security settings of his system. What type of attack the hacker is performing?
CorrectIncorrect -
Question 12 of 30
12. Question
The email server of your application is compromised. Users are complaining that they don’t receive an activation email during the registration process. Which of the following network-based exploits is used by the attacker?
CorrectIncorrect -
Question 13 of 30
13. Question
During the network assessment, you are in the phase of discovering all the active hosts on the network with ID 192.168.5.0/24. Assuming you are working on a Linux environment, which command will list all the active hosts on the network with ID 192.168.5.0/24?
CorrectIncorrect -
Question 14 of 30
14. Question
An attacker impersonates a delivery driver and waits outside of a building. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door to gain access to the building. What type of social engineering attack the attacker has performed?
CorrectIncorrect -
Question 15 of 30
15. Question
You have been tasked to recommend a tool that performs a complete vulnerability scan for the Acme corporation’s servers. What tool would you recommend?
CorrectIncorrect -
Question 16 of 30
16. Question
As part of the scanning phase of information gathering, you are looking at discovering systems on the network. Which of the following types of vulnerability scans should you perform to complete the task?
CorrectIncorrect -
Question 17 of 30
17. Question
Which of the following social engineer attacks the attacker injects malicious code into public web pages of a site with the aim of installing a backdoor Trojan on visitor’s computers?
CorrectIncorrect -
Question 18 of 30
18. Question
An attacker breaks into a password-protected computer by systematically entering every word in a dictionary as a password. What type of attack does the attacker carry out?
CorrectIncorrect -
Question 19 of 30
19. Question
You have been hired to perform a penetration test on the Acme Corporation’s network. Your first task is to do a port scan to identify open ports on their systems and the services with the version of the software running on those ports. Assuming the network ID of the Acme Corporation is 55.56.0.0/16, which command should you use to complete the first task?
CorrectIncorrect -
Question 20 of 30
20. Question
You are trying to test if the firewall of the Acme corporation’s network blocks UDP packets that are in the scope of the pentest. What command would you use to craft your own UDP packets and test the firewall?
CorrectIncorrect -
Question 21 of 30
21. Question
You are performing a black box pentest and would like to discover the hosts that exist on the given network. Assuming you are a beginner penetration tester, what tool would you use?
CorrectIncorrect -
Question 22 of 30
22. Question
The document that lists out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being tested when it’s being tested, and how it’s being tested is known as:
CorrectIncorrect -
Question 23 of 30
23. Question
Which of the following disclaimers should be included in the following penetration testing agreement between the penetration tester and the business owner? (Choose all that apply.)
CorrectIncorrect -
Question 24 of 30
24. Question
Which of the following type of contracts is designed to outline the requirements of confidential materials, knowledge, or information between two or more parties for a certain purpose?
CorrectIncorrect -
Question 25 of 30
25. Question
You have been hired to perform a penetration test for the Acme Corporation. The first task is to identify any system that has File Transfer Protocol services running. What command would you use to complete the task?
CorrectIncorrect -
Question 26 of 30
26. Question
You want to store multiple pieces of information in an array and print the first element of the array in a Bash shell script. Which of the following snippet codes would you type?
CorrectIncorrect -
Question 27 of 30
27. Question
What statement in Ruby would you use to store the command “nmap -sT 1.2.3.0/24” in the variable called cmd and print the variable on the screen?
CorrectIncorrect -
Question 28 of 30
28. Question
You are performing a pentest against the web servers of the Acme Corporation. During the pentest, you notice that the administrator is using the same password across all the accounts. What action should the customer perform to fix the problem?
CorrectIncorrect -
Question 29 of 30
29. Question
Many web applications using databases in their tech stack to retrieve and display data for their users. Hackers can exploit these applications by performing SQL injection attacks. Which of the following remediation should perform FIRST in order to fix a web application that belongs to this category?
CorrectIncorrect -
Question 30 of 30
30. Question
You have been hired to perform a pentest for the Acme Corporation. A part of the process is to assess the web applications if it is vulnerable to SQL injection attacks and to assess the database which is connected with the web app. During the pentest, you notice that the database stores customer’s data and passwords in plain text. Which of the following remediation step should the Acme Corporation follow to fix the issue?
CorrectIncorrect