CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 38
1. To pass graphical application data through an SSH connection, which of the following technologies was developed?
A) X11 Server Forwarding
B) RDP
C) RSH Login
D) Local Port Forwarding
2. The Olivetti Research Laboratory in Cambridge, England developed which graphical remote connection tool that is platform-agnostic and both lateral movement and simpler access to a target system for an attacker was facilitated by using it?
A) Apple Remote Desktop
B) Telnet
C) VNC
D) RDP
3. The direct remote execution of PowerShell commands and scripts on target systems at ports 5985 and 5986 is facilitated by which of the native Windows tool that makes it extremely valuable for attackers attempting to move laterally via a target network or environment?
A) PsExec
B) SMB
C) WinRM
D) WMI
4. A human element to a physical penetration testing scenario is introduced by the physical security mechanism which establishes a solid pretext before beginning a physical penetration testing engagement. Which of the following physical security mechanism is one of the many reasons for this?
A) Fences
B) Security Guards
C) Motion Detectors
D) Third-party Hardware Hosting
5. Select an organization-s security posture that is reduced by which of the findings? The reduction is via both the simplification of lateral movement for a theoretical adversary and by destroying the concept of non-repudiation and verification of individuals that are responsible for actions under a given username? (Choose two)(Select 2answers)
A) Passwords Stored in Plaintext
B) SQL Injection
C) Shared Local Administrator Credentials
D) Single-factor Authentication
A) X11 Server Forwarding
B) RDP
C) RSH Login
D) Local Port Forwarding
2. The Olivetti Research Laboratory in Cambridge, England developed which graphical remote connection tool that is platform-agnostic and both lateral movement and simpler access to a target system for an attacker was facilitated by using it?
A) Apple Remote Desktop
B) Telnet
C) VNC
D) RDP
3. The direct remote execution of PowerShell commands and scripts on target systems at ports 5985 and 5986 is facilitated by which of the native Windows tool that makes it extremely valuable for attackers attempting to move laterally via a target network or environment?
A) PsExec
B) SMB
C) WinRM
D) WMI
4. A human element to a physical penetration testing scenario is introduced by the physical security mechanism which establishes a solid pretext before beginning a physical penetration testing engagement. Which of the following physical security mechanism is one of the many reasons for this?
A) Fences
B) Security Guards
C) Motion Detectors
D) Third-party Hardware Hosting
5. Select an organization-s security posture that is reduced by which of the findings? The reduction is via both the simplification of lateral movement for a theoretical adversary and by destroying the concept of non-repudiation and verification of individuals that are responsible for actions under a given username? (Choose two)(Select 2answers)
A) Passwords Stored in Plaintext
B) SQL Injection
C) Shared Local Administrator Credentials
D) Single-factor Authentication
1. Right Answer: A
Explanation: The creation of a Trojan payload is a described technique. Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else
2. Right Answer: C
Explanation: A user or attacker is allowed to pass graphical application data from a remote server to a user-s local desktop by X11 server forwarding. A running X server such as Xming as well as X11 forwarding is required to be enabled in the user-s SSH client. In the case when connecting from a Windows operating system, PuTTY is an example of the tool carrying out this process.
3. Right Answer: C
Explanation: The Olivetti Research Laboratory in Cambridge developed a platform-agnostic remote desktop sharing protocol called VNC for lateral movement. It is frequently used in the context of a penetration test.
4. Right Answer: B
Explanation: WinRM-the Windows Remote Management interface-provides an attacker with a means to execute PowerShell scripts or WMI commands remotely. It listens at ports 5985 and 5986 (HTTP and HTTPS, respectively). Note that WinRM will require administrative permissions on the system being targeted.
5. Right Answer: A,C
Explanation: Security guards are the ever-present human element in an organization-s physical security posture. Guards generally are posted at access control points or patrol a perimeter boundary, serving as a deterrent to crime or unauthorized entry, but being human leaves them as susceptible to deception as anyone else. A well-developed and internalized pretext can go quite far in bypassing the security intended to be provided by a human guard.
Explanation: The creation of a Trojan payload is a described technique. Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else
2. Right Answer: C
Explanation: A user or attacker is allowed to pass graphical application data from a remote server to a user-s local desktop by X11 server forwarding. A running X server such as Xming as well as X11 forwarding is required to be enabled in the user-s SSH client. In the case when connecting from a Windows operating system, PuTTY is an example of the tool carrying out this process.
3. Right Answer: C
Explanation: The Olivetti Research Laboratory in Cambridge developed a platform-agnostic remote desktop sharing protocol called VNC for lateral movement. It is frequently used in the context of a penetration test.
4. Right Answer: B
Explanation: WinRM-the Windows Remote Management interface-provides an attacker with a means to execute PowerShell scripts or WMI commands remotely. It listens at ports 5985 and 5986 (HTTP and HTTPS, respectively). Note that WinRM will require administrative permissions on the system being targeted.
5. Right Answer: A,C
Explanation: Security guards are the ever-present human element in an organization-s physical security posture. Guards generally are posted at access control points or patrol a perimeter boundary, serving as a deterrent to crime or unauthorized entry, but being human leaves them as susceptible to deception as anyone else. A well-developed and internalized pretext can go quite far in bypassing the security intended to be provided by a human guard.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment