Question 1

A penetration tester is tasked with discovering devices and services on a corporate network using both active and passive methods. Which scenario is most likely to yield comprehensive results while minimizing disruption to network operations?

Options :

A : Utilizing SNMP enumeration to gather device information from publicly accessible SNMP agents, identifying hardware, software, and open services without triggering IDS or IPS alerts

B : Running a network mapping tool like ZMap in combination with Wireshark to capture active network communications, passively identifying devices and services without injecting traffic

C : combining passive traffic monitoring with active network scans to discover both active devices and services without causing significant disruptions to the network environment

D : Running a stealth scan with a reduced packet rate and randomized IP addresses to avoid detection while enumerating services across a large network range, minimizing the chance of triggering security devices

Answer: C

Question 2

During a penetration testing exercise, you suspect a session hijacking attempt due to unusual session token patterns. What is a suitable initial command to investigate this anomaly on the network?

Options :

A : Run tcpdump -nnxi eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' to capture and analyze HTTP session tokens.

B : xecute netstat -an | grep :80 | grep ESTABLISHED to view active connections to port 80 and identify any anomalies.

C : Use wireshark -k -i eth0 -f 'tcp port 80' -a duration:60 to sniff traffic on port 80 for one minute and review sessions.

D : Implementing snort -dev -l ./log -c snort.conf to monitor for signatures associated with session hijacking.

Answer: A

Question 3

Fill in the blank: When performing fuzz testing on software, a common fuzzing framework is ___ which supports generation and mutation based techniques.

Options :

A : Peach

B : FL (American Fuzzy Lop)

C : oofuzz

D : LibFuzzer

Answer: A

Question 4

When implementing an egg hunting technique in a penetration test, what should be the initial step to ensure its effectiveness?

Options :

A : onduct a preliminary scan to identify potential buffer sizes and limits for the payload.

B : Perform a network scan to determine the most effective entry point for the egg hunter.

C : nalyze the target application for vulnerabilities that can be exploited with the egg hunter.

D : Review the target system-s security logs to adjust the egg hunter-s parameters.

Answer: A

Question 5

Fill in the blank: To ensure successful injection of malicious code into a script, it is essential to manipulate the ________ of the target script to ensure that the injected code executes without being detected by basic validation mechanisms.

Options :

A : argument handling

B : memory allocation

C : execution flow

D : environment variable

Answer: C

Confidently Practice Online with Free CPENT Exam Cram

Buying Options: