Question 1

In a network penetration test, how would you use dnscat2 to establish a command and control channel over DNS?

Options :

A : dnscat2 --dns server=192.168.0.4,port=5353

B : dnscat2 --dns server=192.168.0.1,domain=tunnel.example.com

C : dnscat2 --dns server=192.168.0.2,port=53

D : dnscat2 --dns server=192.168.0.3,port=5353

Answer: B

Question 2

When implementing an egg hunting technique in a penetration test, what should be the initial step to ensure its effectiveness?

Options :

A : onduct a preliminary scan to identify potential buffer sizes and limits for the payload.

B : Perform a network scan to determine the most effective entry point for the egg hunter.

C : nalyze the target application for vulnerabilities that can be exploited with the egg hunter.

D : Review the target system-s security logs to adjust the egg hunter-s parameters.

Answer: A

Question 3

In a scenario where you suspect that an API's session tokens are not properly validated, which technique would you use to test the effectiveness of the API's session management?

Options :

A : Modify the API key in the header to see if the response changes

B : force session expiration by sending requests at rapid intervals

C : attempt session replay by reusing a captured valid session token to perform unauthorized actions

D : Use an invalidated token to access the API and monitor for unauthorized data retrieval

Answer: C

Question 4

________ is the method attackers use to trick a user into performing an action on a website where they are authenticated, without their consent.

Options :

A : ross-Site Request Forgery, where malicious requests are sent from a user’s browser to perform actions without their intention.

B : ross-Site Scripting (XSS), where user data is stolen by injecting scripts into web pages.

C : Session hijacking, where the attacker gains unauthorized access to the user’s session and performs actions on their behalf.

D : Social engineering, where the attacker convinces the user to provide sensitive information directly.

Answer: A

Question 5

Which command is used to scan for vulnerabilities on an internal network's devices using default scripts?

Options :

A : nmap -sV --script=default 192.168.0.0/24

B : metasploit -p tcp -a network=192.168.0.0/24

C : nessus -T4 -A scan 192.168.0.0/24

D : openvas -sS -p 1-65535 192.168.0.0/24

Answer: A