Question 1

During a penetration test, a payload needs to be developed to maintain persistence on the target system after reboot. Which technique can be embedded in the payload for this purpose?

Options :

A : Registry key modification for startup execution

B : Scheduled task creation for session renewal

C : dding the payload to the authorized_keys file

D : mbedding the payload in a cron job

Answer: A

Question 2

A penetration tester is tasked with discovering devices and services on a corporate network using both active and passive methods. Which scenario is most likely to yield comprehensive results while minimizing disruption to network operations?

Options :

A : Utilizing SNMP enumeration to gather device information from publicly accessible SNMP agents, identifying hardware, software, and open services without triggering IDS or IPS alerts

B : Running a network mapping tool like ZMap in combination with Wireshark to capture active network communications, passively identifying devices and services without injecting traffic

C : combining passive traffic monitoring with active network scans to discover both active devices and services without causing significant disruptions to the network environment

D : Running a stealth scan with a reduced packet rate and randomized IP addresses to avoid detection while enumerating services across a large network range, minimizing the chance of triggering security devices

Answer: C

Question 3

What is the correct command to generate a pattern using Metasploit's pattern_create tool to identify buffer overflow offsets?

Options :

A : pattern_create -l 200 generates a unique 200-character string used to identify the exact offset in the buffer overflow.

B : pattern_offset -q EIP_VALUE -l 500 identifies the offset within a pattern of 500 bytes based on a crash result.

C : msfvenom -p windows/shell_reverse_tcp LHOST=[IP] LPORT=[port] -f c generates shellcode but doesn't help identify offsets.

D : gdb --args ./vulnerable_program $(python -c 'print "A" * 500') runs the vulnerable program under a debugger but does not directly calculate the offset.

Answer: A

Question 4

Fill in the blank: The most effective software for reverse engineering PLC code is typically ____.

Options :

A : IDA Pro

B : hidra

C : inary Ninja

D : OllyDbg

Answer: A

Question 5

You discover an IoT security camera that still uses the default credentials. What type of attack does this susceptibility primarily expose the device to?

Options :

A : brute Force Attack

B : dictionary Attack

C : Phishing Attack

D : credential Stuffing Attack

Answer: D

Higher Test Marks with Free Online CPENT Exam Practice

Buying Options: