The latest changes and updates from the administration for this exam.
Latest Update: Jun 15 2026
All questions are working fine.
During a wireless penetration test, a tester captures an authentication exchange between a client and an AP (Access Point) on a WPA2-protected network. Instead of attempting to crack the credentials, the tester later retransmits the captured authentication frames while spoofing the client’s MAC address to gain unauthorized access to the network. Which of the following attack techniques is the tester MOST likely performing?
A consulting firm has employed a new penetration tester to work on an upcoming engagement with a third-party company. The organization has carefully constructed a scoping document that defines the boundaries for the engagement. Which of the following could occur if the penetration tester performs actions outside the agreed-upon scope? (SELECT THREE)
Select all that apply
Your company is required to remain compliant with PCI-DSS due to the type of information processed by your systems. If there was a breach of this data, which type of disclosure would you be required to provide during your incident response efforts?
During an internal penetration test, an assessor runs an automated vulnerability scan against a web server and receives a finding indicating that a specific service version is susceptible to a known exploit. To validate the result, the tester performs manual enumeration and confirms the exact version is installed and vulnerable to the referenced exploit. Which of the following best describes the scanner’s finding?
During a cloud-focused penetration test, a tester reviews an organization’s CI/CD (Continuous Integration/Continuous Delivery) pipeline and discovers that a recently deployed application includes unauthorized code not present in the source repository. Further investigation reveals the code was inserted during the build stage and propagated through signed updates, eventually enabling remote access once deployed in production. Which of the following attack types BEST describes this compromise?
You have been contracted to conduct a penetration test against an organization's learning management system (LMS). The LMS is a web application hosted in the organization's DMZ. Which of the following appliance allow lists should the organization add your source IP to before the engagement begins?
You are conducting a penetration test against an organization. You created an evil twin of their wireless network. Many of the organization's laptops are now connected to your evil twin access point. You want to capture all of the victim's web browsing traffic in an unencrypted format during your attack. Which of the following exploits should you utilize to meet this goal?
During a pre-attack survey inside a corporate office, you need to identify channel overlap issues and signal interference patterns to determine optimal placement for a rogue access point. The tool you will use must provide a visual breakdown of nearby networks without requiring packet injection or authentication. Which tool would best support this analysis?
You want to analyze and visualize the relationships between several pieces of information gathered during a reconnaissance phase, such as IP addresses, domains, and email addresses. How does Maltego help in this analysis?
During an internal assessment, you capture network traffic and need to analyze protocol-level details, reconstruct sessions, and inspect packet contents in a graphical interface. Which tool would provide the most detailed analysis for this requirement?
