A tester runs an Nmap scan against a Windows server and receives the following results: Nmap scan report for win_dns.local (10.0.0.5) Host is up (0.014s latency) Port State Service 53/tcp open domain 161/tcp open snmp 445/tcp open smb-ds 3389/tcp open rdp Which of the following TCP ports should be prioritized for using hash-based relays?

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?

A penetration tester runs a vulnerability scan that identifies several issues across numerous customer hosts. The executive report outlines the following information: Server High-severity vulnerabilities 1. Development sandbox server 32 2. Back office file transfer server 51 3. Perimeter network web server 14 4. Developer QA server 92 The client is concerned about the availability of its consumer-facing production application. Which of the following hosts should the penetration tester select for additional manual testing? 

During a security assessment, a penetration tester gains access to an internal server and manipulates some data to hide its presence. Which of the following is the best way for the penetration tester to hide the activities performed? 

A penetration tester needs to confirm the version number of a client's web application server. Which of the following techniques should the penetration tester use?