CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 52
1. Which attack technique can be used for privilege escalation or pivoting in Windows environments and allow the password requirement to bypass effectively?
A) Scheduled Task Abuse
B) Passing the Hash
C) SSH Dynamic Proxying
D) Decompiling
2. While making a report for penetration test, which one of the following is not a recommended best practice?
A) Redundancy reduction and streamlining of data presented
B) Full documentation and verification of findings
C) Omission of findings on the CVSS 3.0 lower than 3.0
D) Accounting of testing methodology robustly
3. Which of the following is a Pre-Assessment phase of Vulnerability Assessment Life-Cycle?
A) Creating a Baseline
B) Vulnerability Assessment
C) Risk Assessment
D) Remediation
4. Select any two of the following NSE (Nmap Scripting Engine) scripts that would be best used to enumerate shared storage volumes on a network.(Select 2answers)
A) smb-enum-shares
B) nfs-showmount
C) smb-enum-domains
D) smtp-enum-users
5. From the following, select the list which is not publically accessible for vulnerability research and analysis?
A) The Japan Computer Emergency Response Team (JPCERT)
B) Common Vulnerabilities and Exposures (CVE)
C) Common Attack Pattern Enumeration and Classification (CAPEC)
D) Common Weakness Enumeration (CWE)
A) Scheduled Task Abuse
B) Passing the Hash
C) SSH Dynamic Proxying
D) Decompiling
2. While making a report for penetration test, which one of the following is not a recommended best practice?
A) Redundancy reduction and streamlining of data presented
B) Full documentation and verification of findings
C) Omission of findings on the CVSS 3.0 lower than 3.0
D) Accounting of testing methodology robustly
3. Which of the following is a Pre-Assessment phase of Vulnerability Assessment Life-Cycle?
A) Creating a Baseline
B) Vulnerability Assessment
C) Risk Assessment
D) Remediation
4. Select any two of the following NSE (Nmap Scripting Engine) scripts that would be best used to enumerate shared storage volumes on a network.(Select 2answers)
A) smb-enum-shares
B) nfs-showmount
C) smb-enum-domains
D) smtp-enum-users
5. From the following, select the list which is not publically accessible for vulnerability research and analysis?
A) The Japan Computer Emergency Response Team (JPCERT)
B) Common Vulnerabilities and Exposures (CVE)
C) Common Attack Pattern Enumeration and Classification (CAPEC)
D) Common Weakness Enumeration (CWE)
1. Right Answer: B
Explanation: OS creation is automated in larger environments in order to minimize the amount of busy work that they have to handle manually. Leaving password in documents is a necessary part of the installation process-either in plaintext or encoded in base64.
2. Right Answer: C
Explanation: Passing the Hash is an attack technique windows handles passwords makes it feasible to pass an encrypted hash to an authentication request instead of needing the plaintext password.
3. Right Answer: A
Explanation: It would be unethical to omit the findings. Omission of any findings is counterproductive to the purpose of a penetration test. Omission of any findings would be unethical and counterproductive to the purpose of a penetration test. Findings are far better to be over reported no matter how seemingly inconsequential. Information on vulnerabilities that is found on a given network, subnet, or system is provided by a penetration tester. Any information that turns into an action is determined based on a client.
4. Right Answer: A,B
Explanation: Creating Baseline is a pre-assessment phase of vulnerability assessment life-cycle in which a pentester or network administrator who is performing assessment identifies the nature of the corporate network, the applications, and services. He/she creates an inventory to all resources and assets that helps to manage, prioritize the assessment. Furthermore, he/she also maps the infrastructure, learns about the security controls, policies, and standards followed by the organization.
5. Right Answer: A
Explanation: SMB and NFS are common network storage protocols. As such, smb-enum-shares is an excellent candidate to further enumerate an SMB share. The nfs-showmount script identifies all shared directories as advertised by an NFS server, similar to the *nix showmount -e command, which identifies all directories on a local system that are being exported or made available to external systems.
Explanation: OS creation is automated in larger environments in order to minimize the amount of busy work that they have to handle manually. Leaving password in documents is a necessary part of the installation process-either in plaintext or encoded in base64.
2. Right Answer: C
Explanation: Passing the Hash is an attack technique windows handles passwords makes it feasible to pass an encrypted hash to an authentication request instead of needing the plaintext password.
3. Right Answer: A
Explanation: It would be unethical to omit the findings. Omission of any findings is counterproductive to the purpose of a penetration test. Omission of any findings would be unethical and counterproductive to the purpose of a penetration test. Findings are far better to be over reported no matter how seemingly inconsequential. Information on vulnerabilities that is found on a given network, subnet, or system is provided by a penetration tester. Any information that turns into an action is determined based on a client.
4. Right Answer: A,B
Explanation: Creating Baseline is a pre-assessment phase of vulnerability assessment life-cycle in which a pentester or network administrator who is performing assessment identifies the nature of the corporate network, the applications, and services. He/she creates an inventory to all resources and assets that helps to manage, prioritize the assessment. Furthermore, he/she also maps the infrastructure, learns about the security controls, policies, and standards followed by the organization.
5. Right Answer: A
Explanation: SMB and NFS are common network storage protocols. As such, smb-enum-shares is an excellent candidate to further enumerate an SMB share. The nfs-showmount script identifies all shared directories as advertised by an NFS server, similar to the *nix showmount -e command, which identifies all directories on a local system that are being exported or made available to external systems.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment