Question 39 after performing a security assessment

This preview shows page 23 - 26 out of 61 pages.

Question: 39 After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation? A. SOW B. NDA C. EULA D. BPA Answer: A
Question: 40 During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?
Question: 41 A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?
Questions & Answers PDF P- 24
Explanation: Reference Question: 42 Which of the following types of physical security attacks does a mantrap mitigate-?
Question: 43 A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability? A. Download the GHOST file to a Linux system and compilegcc -o GHOSTtest i:./GHOST B. Download the GHOST file to a Windows system and compilegcc -o GHOST GHOST.ctest i:./GHOST C. Download the GHOST file to a Linux system and compilegcc -o GHOST.ctest i:./GHOST D. Download the GHOST file to a Windows system and compilegcc -o GHOSTtest i:./GHOST Answer: B
Question: 44 Which of the following reasons does penetration tester needs to have a customer's point-of -contact information available at all time? (Select THREE).
Questions & Answers PDF P- 25

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture