Question 1

A penetration tester is tasked with discovering devices and services on a corporate network using both active and passive methods. Which scenario is most likely to yield comprehensive results while minimizing disruption to network operations?

Options :

A : Utilizing SNMP enumeration to gather device information from publicly accessible SNMP agents, identifying hardware, software, and open services without triggering IDS or IPS alerts

B : Running a network mapping tool like ZMap in combination with Wireshark to capture active network communications, passively identifying devices and services without injecting traffic

C : combining passive traffic monitoring with active network scans to discover both active devices and services without causing significant disruptions to the network environment

D : Running a stealth scan with a reduced packet rate and randomized IP addresses to avoid detection while enumerating services across a large network range, minimizing the chance of triggering security devices

Answer: C

Question 2

What is the essential first step in writing a custom exploit for a buffer overflow vulnerability?

Options :

A : Identifying the exact version and build of the target application.

B : onsulting public exploit databases to find similar vulnerabilities and their exploits.

C : athering intelligence on the network topology of the target organization.

D : Writing a proof of concept code to see if the application crashes.

Answer: A

Question 3

What command would you use to perform subdomain enumeration using the Amass tool for the domain "example.com"?

Options :