67%(3)2 out of 3 people found this document helpful
This preview shows page 25 - 28 out of 29 pages.
43.After performing a security assessment for a firm, the client was found to havebeen billed for the time the client’s test environment was unavailable. The clientclaims to have been billed unfairly.Which of the following documents would MOST likely be able to provide guidance insuch a situation?A. SOWB. NDAC. EULAD. BPAAnswer: A25 / 30
44.During an internal network penetration test, a tester recovers the NTLM passwordhash tor a user known to have full administrator privileges on a number of targetsystems Efforts to crack the hash and recover the plaintext password have beenunsuccessful.Which of the following would be the BEST target for continued exploitation efforts?45.A client requests that a penetration tester emulate a help desk technician who wasrecently laid off. Which of the following BEST describes the abilities of the threatactor?Explanation:Reference -employee46.Which of the following types of physical security attacks does a mantrap mitigate-?47.A penetration tester wants to check manually if a “ghost” vulnerability exists in asystem.Which of the following methods is the correct way to validate the vulnerability?A. Download the GHOST file to a Linux system and compilegcc -o GHOSTtesti:./GHOST26 / 30
B. Download the GHOST file to a Windows system and compilegcc -o GHOSTGHOST.ctest i:./GHOSTC. Download the GHOST file to a Linux system and compilegcc -o GHOST.ctesti:./GHOSTD. Download the GHOST file to a Windows system and compilegcc -o GHOSTtesti:./GHOSTAnswer: C48.Which of the following reasons does penetration tester needs to have a customer'spoint-of -contact information available at all time? (Select THREE).