Join the discussion
Question 1/135
Which of the following tools would be best suited to perform a cloud security assessment?
Correct Answer: B
The tool that would be best suited to perform a cloud security assessment is Scout Suite, which is an open-source multi-cloud security auditing tool that can evaluate the security posture of cloud environments, such as AWS, Azure, GCP, or Alibaba Cloud. Scout Suite can collect configuration data from cloud providers using APIs and assess them against security best practices or benchmarks, such as CIS Foundations. Scout Suite can generate reports that highlight security issues, risks, or gaps in the cloud environment, and provide recommendations for remediation or improvement. The other options are not tools that are specifically designed for cloud security assessment. OpenVAS is an open-source vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations. Nmap is an open-source network scanner and enumerator that can scan hosts and networks for ports, services, versions, OS, or other information1. ZAP is an open-source web application scanner and proxy that can scan web applications for vulnerabilities and perform attacks such as SQL injection or XSS.
Nessus is a commercial vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations.
Nessus is a commercial vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations.
Add Comments
- Other Question (135q)
- Q1. Which of the following tools would be best suited to perform a cloud security assessment?...
- Q2. Which of the following BEST explains why a penetration tester cannot scan a server that wa...
- Q3. Given the following script: while True: print ("Hello World") Which of the following descr...
- Q4. A penetration tester has obtained root access to a Linux-based file server and would like ...
- Q5. A penetration tester has been given eight business hours to gain access to a client's fina...
- Q6. A penetration tester who is performing an engagement notices a specific host is vulnerable...
- Q7. The results of an Nmap scan are as follows: (Exhibit) Which of the following would be the ...
- Q8. During enumeration, a red team discovered that an external web server was frequented by em...
- Q9. Which of the following expressions in Python increase a variable val by one (Choose two.)...
- Q10. A tester enumerated a firewall policy and now needs to stage and exfiltrate data captured ...
- Q11. A penetration tester is performing an assessment for an organization and must gather valid...
- Q12. A penetration tester conducts an Nmap scan against a target and receives the following res...
- Q13. Which of the following types of information would MOST likely be included in an applicatio...
- Q14. During a penetration test, the domain names, IP ranges, hosts, and applications are define...
- Q15. A penetration tester runs the following command on a system: find / -user root -perm -4000...
- Q16. A penetration tester initiated the transfer of a large data set to verify a proof-of-conce...
- Q17. A penetration tester is preparing a credential stuffing attack against a company's website...
- Q18. A penetration tester gains access to a Windows machine and wants to further enumerate user...
- Q19. A penetration tester wants to find hidden information in documents available on the web at...
- Q20. A penetration tester is conducting a wireless security assessment for a client with 2.4GHz...
- Q21. A penetration tester has been contracted to review wireless security. The tester has deplo...
- Q22. A penetration tester who is doing a company-requested assessment would like to send traffi...
- Q23. During a security assessment, a penetration tester needs to exploit a vulnerability in a w...
- Q24. A penetration tester is conducting an assessment against a group of publicly available web...
- Q25. A penetration tester recently completed a review of the security of a core network device ...
- Q26. Given the following code: $p = (80, 110, 25) $network = (192.168.0) $range = 1 .. 254 $Err...
- Q27. A penetration tester ran a simple Python-based scanner. The following is a snippet of the ...
- Q28. A red team gained access to the internal network of a client during an engagement and used...
- Q29. A penetration tester has completed an analysis of the various software products produced b...
- Q30. A penetration tester is working to enumerate the PLC devices on the 10.88.88.76/24 network...
- Q31. Which of the following tools would be best to use to conceal data in various kinds of imag...
- Q32. A penetration tester has just started a new engagement. The tester is using a framework th...
- Q33. A penetration tester created the following script to use in an engagement: (Exhibit) Howev...
- Q34. Which of the following tasks would ensure the key outputs from a penetration test are not ...
- Q35. Which of the following web-application security risks are part of the OWASP Top 10 v2017? ...
- Q36. Which of the following describe the GREATEST concerns about using third-party open-source ...
- Q37. Penetration tester is developing exploits to attack multiple versions of a common software...
- Q38. As part of an engagement, a penetration tester wants to maintain access to a compromised s...
- Q39. You are a penetration tester reviewing a client's website through a web browser. INSTRUCTI...
- Q40. A penetration tester is trying to restrict searches on Google to a specific domain. Which ...
- Q41. A penetration tester is authorized to perform a DoS attack against a host on a network. Gi...
- Q42. A penetration tester enumerates a legacy Windows host on the same subnet. The tester needs...
- Q43. A software company has hired a penetration tester to perform a penetration test on a datab...
- Q44. Which of the following is the most common vulnerability associated with loT devices that a...
- Q45. Which of the following documents must be signed between the penetration tester and the cli...
- Q46. A penetration tester has extracted password hashes from the lsass.exe memory process. Whic...
- Q47. The results of an Nmap scan are as follows: Starting Nmap 7.80 ( https://nmap.org ) at 202...
- Q48. During an assessment, a penetration tester gathered OSINT for one of the IT systems admini...
- Q49. A penetration tester wants to validate the effectiveness of a DLP product by attempting ex...
- Q50. A penetration tester needs to confirm the version number of a client's web application ser...
- Q51. An Nmap scan of a network switch reveals the following: (Exhibit) Which of the following t...
- Q52. A penetration testing firm wants to hire three additional consultants to support a newly s...
- Q53. User credentials were captured from a database during an assessment and cracked using rain...
- Q54. For a penetration test engagement, a security engineer decides to impersonate the IT help ...
- Q55. After performing a web penetration test, a security consultant is ranking the findings by ...
- Q56. A penetration tester requested, without express authorization, that a CVE number be assign...
- Q57. A company developed a new web application to allow its customers to submit loan applicatio...
- Q58. A compliance-based penetration test is primarily concerned with:...
- Q59. Which of the following components should a penetration tester include in an assessment rep...
- Q60. A penetration tester was hired to test Wi-Fi equipment. Which of the following tools shoul...
- Q61. A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits...
- Q62. Which of the following tools would help a penetration tester locate a file that was upload...
- Q63. A new client hired a penetration-testing company for a month-long contract for various sec...
- Q64. A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of th...
- Q65. SIMULATION Using the output, identify potential attack vectors that should be further inve...
- Q66. A penetration tester who is conducting a web-application test discovers a clickjacking vul...
- Q67. You are a security analyst tasked with hardening a web server. You have been given a list ...
- Q68. During an assessment, a penetration tester discovers the following code sample in a web ap...
- Q69. A penetration tester has been hired to perform a physical penetration test to gain access ...
- Q70. A penetration tester is working on an engagement in which a main objective is to collect c...
- Q71. During an assessment, a penetration tester inspected a log and found a series of thousands...
- Q72. A penetration testing team wants to conduct DNS lookups for a set of targets provided by t...
- Q73. A company uses a cloud provider with shared network bandwidth to host a web application on...
- Q74. Which of the following BEST describes why a client would hold a lessons-learned meeting wi...
- Q75. You are a penetration tester running port scans on a server. INSTRUCTIONS Part 1: Given th...
- Q76. A red team completed an engagement and provided the following example in the report to des...
- Q77. A penetration tester conducted a discovery scan that generated the following: (Exhibit) Wh...
- Q78. A penetration tester is conducting an authorized, physical penetration test to attempt to ...
- Q79. A tester performs a vulnerability scan and identifies several outdated libraries used with...
- Q80. A penetration tester captures SMB network traffic and discovers that users are mistyping t...
- Q81. A final penetration test report has been submitted to the board for review and accepted. T...
- Q82. A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following re...
- Q83. A penetration tester needs to launch an Nmap scan to find the state of the port for both T...
- Q84. Which of the following documents describes activities that are prohibited during a schedul...
- Q85. Which of the following is most important to include in the final report of a static applic...
- Q86. A penetration tester is scanning a corporate lab network for potentially vulnerable servic...
- Q87. A penetration tester downloaded a Java application file from a compromised web server and ...
- Q88. A penetration tester who is doing a security assessment discovers that a critical vulnerab...
- Q89. During a security assessment, a penetration tester gains access to an internal server and ...
- Q90. A penetration tester is required to perform a vulnerability scan that reduces the likeliho...
- Q91. A company conducted a simulated phishing attack by sending its employees emails that inclu...
- Q92. A penetration tester managed to exploit a vulnerability using the following payload: IF (1...
- Q93. During the assessment of a client's cloud and on-premises environments, a penetration test...
- Q94. A penetration tester who is performing a physical assessment of a company's security pract...
- Q95. A penetration tester is testing a web application that is hosted by a public cloud provide...
- Q96. A penetration tester discovers data to stage and exfiltrate. The client has authorized mov...
- Q97. A penetration tester would like to leverage a CSRF vulnerability to gather sensitive detai...
- Q98. Penetration on an assessment for a client organization, a penetration tester notices numer...
- Q99. A penetration tester is preparing to perform activities for a client that requires minimal...
- Q100. A penetration tester is explaining the MITRE ATT&CK framework to a company's chief leg...
- Q101. A penetration tester wants to use multiple TTPs to assess the reactions (alerted, blocked,...
- Q102. Which of the following would a company's hunt team be MOST interested in seeing in a final...
- Q103. A penetration tester is able to capture the NTLM challenge-response traffic between a clie...
- Q104. While conducting a peer review for a recent assessment, a penetration tester finds the deb...
- Q105. A penetration tester needs to access a building that is guarded by locked gates, a securit...
- Q106. After running the enum4linux.pl command, a penetration tester received the following outpu...
- Q107. While conducting a reconnaissance activity, a penetration tester extracts the following in...
- Q108. During a security assessment, a penetration tester decides to write the following Python s...
- Q109. Which of the following provides a matrix of common tactics and techniques used by attacker...
- Q110. A penetration tester will be performing a vulnerability scan as part of the penetration te...
- Q111. A penetration tester is testing input validation on a search form that was discovered on a...
- Q112. A penetration tester logs in as a user in the cloud environment of a company. Which of the...
- Q113. A tester is performing an external phishing assessment on the top executives at a company....
- Q114. During an engagement, a penetration tester found the following list of strings inside a fi...
- Q115. In a cloud environment, a security team discovers that an attacker accessed confidential i...
- Q116. A penetration tester has identified several newly released CVEs on a VoIP call manager. Th...
- Q117. During an assessment, a penetration tester emailed the following Python script to CompTIA'...
- Q118. A penetration tester ran a ping -A command during an unknown environment test, and it retu...
- Q119. A penetration tester receives the following results from an Nmap scan: (Exhibit) Which of ...
- Q120. A new security firm is onboarding its first client. The client only allowed testing over t...
- Q121. A penetration tester plans to conduct reconnaissance during an engagement using readily av...
- Q122. A security engineer is trying to bypass a network IPS that isolates the source when the sc...
- Q123. SIMULATION You are a penetration tester running port scans on a server. INSTRUCTIONS Part ...
- Q124. Which of the following commands will allow a penetration tester to permit a shell script t...
- Q125. Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the ...
- Q126. A penetration tester would like to obtain FTP credentials by deploying a workstation as an...
- Q127. A penetration tester writes the following script to enumerate a 1724 network: 1 #!/bin/bas...
- Q128. Which of the following should a penetration tester do NEXT after identifying that an appli...
- Q129. A penetration tester is attempting to discover vulnerabilities in a company's web applicat...
- Q130. A penetration tester completed an assessment, removed all artifacts and accounts created d...
- Q131. A penetration tester is conducting a test after hours and notices a critical system was ta...
- Q132. During a penetration test, a tester is in close proximity to a corporate mobile device bel...
- Q133. A penetration tester is conducting an unknown environment test and gathering additional in...
- Q134. Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow...
- Q135. Which of the following is the most important aspect to consider when calculating the price...
