After performing a security assessment for a firm the

This preview shows page 25 - 28 out of 29 pages.

43.After performing a security assessment for a firm, the client was found to havebeen billed for the time the client’s test environment was unavailable. The clientclaims to have been billed unfairly.Which of the following documents would MOST likely be able to provide guidance insuch a situation? A. SOWB. NDAC. EULAD. BPAAnswer: A 25 / 30
44.During an internal network penetration test, a tester recovers the NTLM passwordhash tor a user known to have full administrator privileges on a number of targetsystems Efforts to crack the hash and recover the plaintext password have beenunsuccessful.Which of the following would be the BEST target for continued exploitation efforts? 45.A client requests that a penetration tester emulate a help desk technician who wasrecently laid off. Which of the following BEST describes the abilities of the threatactor? Explanation: Reference - employee 46.Which of the following types of physical security attacks does a mantrap mitigate-? 47.A penetration tester wants to check manually if a “ghost” vulnerability exists in asystem.Which of the following methods is the correct way to validate the vulnerability? A. Download the GHOST file to a Linux system and compilegcc -o GHOSTtesti:./GHOST26 / 30
B. Download the GHOST file to a Windows system and compilegcc -o GHOST GHOST.ctest i:./GHOST C. Download the GHOST file to a Linux system and compilegcc -o GHOST.ctest i:./GHOST D. Download the GHOST file to a Windows system and compilegcc -o GHOSTtest i:./GHOST Answer: C 48.Which of the following reasons does penetration tester needs to have a customer'spoint-of -contact information available at all time? (Select THREE).

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture