Question 1

What command should be used to generate a payload in Metasploit that bypasses Windows Defender, using an encoder to obfuscate the code?

Options :

A : msfvenom -p windows/meterpreter/reverse_tcp LHOST=

LPORT= -e x86/shikata_ga_nai -i 3

B : msfconsole -x "use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp"

C : netcat -lvp

-e /bin/sh

D : setoolkit to clone a website and embed a malicious script

Answer: A

Question 2

In an advanced wireless network penetration test scenario, how should a tester proceed after identifying a network using WEP encryption?

Options :

A : deploying a denial of service attack to disconnect users and force reconnections.

B : Using social engineering techniques to obtain network credentials from unsuspecting users.

C : applying a passive listening approach to gather data packets over time without interaction.

D : Initiating an active attack to generate traffic and capture sufficient data packets for cracking.

Answer: D

Question 3

Which command would initiate a YARA rule scan to detect malware signatures and unauthorized access tools on a network file system?

Options :

A : clamscan --database=/path/to/rules --recursive /network/shared/drives/

B : grep -ri 'malware' /network/shared/drives/

C : nmap --script yara.rules -p445 /network/shared/drives/

D : yara -r -p 20 /path/to/rules /network/shared/drives/

Answer: D

Question 4

How can one use Kismet to identify weak encryption methods being used in nearby wireless networks?

Options :

A : Use the Kismet spectrum analysis tool to visually identify networks using outdated encryption standards.

B : Set Kismet to alert mode and manually inspect each network for the use of WEP or WPA encryption.

C : enable logging in Kismet and perform a manual analysis of packet captures to identify encryption protocols.

D : configure Kismet to log all detected networks and review the security settings of each for weak encryption.

Answer: D

Question 5

Which XML payload would you use to exploit an XXE vulnerability to read the /etc/passwd file from a vulnerable server?

Options :

A :

B :

C :

D :

Answer: B