Do you know that you can access more real exam questions via Premium Access? ()
A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?
Answer : D
In the context of penetration testing, the primary contact is typically the first point of contact established before the penetration test begins. This person is usually a stakeholder or an individual who has the authority and responsibility over the system being tested. In the scenario where a critical system is taken down during off-hours, the primary contact should be notified first to ensure a prompt and coordinated response. The primary contact can then decide on the next steps, including escalating the issue to technical, secondary, or emergency contacts if necessary. This approach maintains the chain of command and ensures that the appropriate parties are informed in a structured manner.
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?
Answer : C
A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles. This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi-Fi Protected Setup, which is unrelated to key fobs and electric vehicles.
Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?
Answer : B
The vulnerability severity rating element of a penetration testing report provides a normalized and standardized representation of discovered vulnerabilities and their threat levels. It typically involves assigning a numerical or categorical score (such as low, medium, high, critical) to each vulnerability based on factors like exploitability, impact, and the context in which the vulnerability exists. This helps in prioritizing the vulnerabilities for remediation and provides a clear understanding of the risk they pose to the system or network.
A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetration tester observes that the default Admin User account is enabled and appears to be used several times a day by unfamiliar IP addresses. Which of the following is the most appropriate way to remediate this issue?
Answer : D
Requiring local network access for the default Admin User account is a targeted measure to prevent unauthorized access from unfamiliar IP addresses, particularly those originating from outside the organization's network. This approach ensures that only devices physically connected to or authenticated within the local network can attempt to use the Admin User account, significantly reducing the risk of external attacks. Increasing password complexity and restricting simultaneous log-ins are good practices but do not directly address the issue of access from unfamiliar IPs. System hardening is broader and not specifically focused on the Admin User account issue.
A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?
Answer : D
Impersonation attacks involve the penetration tester assuming the identity of a valid user to gain unauthorized access to systems or information. This method is particularly effective for gathering valid user credentials, as it can involve tactics such as phishing, social engineering, or exploiting weak authentication processes. The other options, such as Wardriving, Captive portal, and Deauthentication, are more focused on wireless network vulnerabilities and are less direct in obtaining user credentials.
