A penetration tester wants to launch a graphic console window from a remotely

A penetration tester wants to launch a graphic

This preview shows page 22 - 25 out of 36 pages.

QUESTION 37A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the localcomputer with IP 192.168.1.10. Which of the following would accomplish this task? A.From the remote computer, run the following commands:export XHOST 192.168.1.10:0.0xhost+TerminalB.From the local computer, run the following command:ssh -L4444:127.0.0.1:6000 -X [email protected] xterm C.From the remote computer, run the following command:ssh -R6000:127.0.0.1:4444 -p 6000 [email protected] “xhost+; xterm”D.From the local computer, run the following command:nc -l -p 6000Then, from the remote computer, run the following command: Explanation Explanation/Reference: QUESTION 38A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access toany data. Given the data below from the web interception proxy: - VCE Exam Simulator - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - PDF Online
Which of the following types of vulnerabilities is being exploited? Section: (none) Explanation Explanation/Reference: QUESTION 39A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shellfrom the victim back to the attacker. Which of the following methods would the penetration tester MOST likely use? - VCE Exam Simulator - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - PDF Online
Explanation Explanation/Reference: References: QUESTION 40A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques wouldthe penetration tester MOST likely perform? A.Command injection attackB.Clickjacking attackC.Directory traversal attackD.Remote file inclusion attackCorrect Answer:B Section: (none) Explanation Explanation/Reference: References:

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture