Questions # 1:
A penetration tester is perform initial intelligence gathering on some remote hosts prior to
conducting a vulnerability < The tester runs the following command
nmap -D 192.168.1.1,192.168.1.2,192.168.1.3 -sV -o —max rate 2 192. 168.130
Which ol the following BEST describes why multiple IP addresses are specified?
A. The network is submitted as a /25 or greater and the tester needed to access hosts on
two different subnets
B. The tester is trying to perform a more stealthy scan by including several bogus
C. The scanning machine has several interfaces to balance the scan request across at the
D. A discovery scan is run on the first set of addresses, whereas a deeper, more
aggressive scan is run against the latter host.
Questions # 2:
A penetration tester was able to retrieve the initial VPN user domain credentials by
phishing a member of the IT department. Afterward, the penetration tester obtained hashes
over the VPN and easily cracked them using a dictionary attack Which of the following
remediation steps should be recommended? (Select THREE)
A. Mandate all employees take security awareness training
B. Implement two-factor authentication for remote access
C. Install an intrusion prevention system
D. Increase password complexity requirements
E. Install a security information event monitoring solution.
F. Prevent members of the IT department from interactively logging in as administrators
G. Upgrade the cipher suite used for the VPN solution
Questions # 3:
A penetration tester has a full shell to a domain controller and wants to discover any user
account that has not authenticated to the domain in 21 days. Which of the following
commands would BEST accomplish this?
A. dsrm -users “DN=compony.com; OU=hq CN=usera”
B. dsuser -name -account -limit 3
C. dsquery uaer -inactive 3
D. dsquery -o -rein -limit 21
Questions # 4:
Which of the following BEST explains why it is important to maintain confidentiality of any
identified findings when performing a penetration test?
A. Penetration test findings often contain company intellectual property
B. Penetration test findings could lead to consumer dissatisfaction if made pubic
C. Penetration test findings are legal documents containing privileged information
D. Penetration test findings can assist an attacker in compromising a system
Questions # 5:
During an internal penetration test, several multicast and broadcast name resolution
requests are observed traversing the network. Which of the following tools could be used to
impersonate network resources and collect authentication requests?
Click PT0-001 dumps for more exam questions.