The latest changes and updates from the administration for this exam.
Latest Update: Jun 15 2026
All questions are working fine.
During a post-exploitation phase, a penetration tester has gained command execution on a Linux host within an internal network. The tester wants the compromised system to initiate a connection back to the attacker-controlled system to bypass inbound firewall restrictions and provide an interactive shell session. Which of the following Netcat commands should be executed on the compromised host to achieve this objective?
Sarah is conducting a penetration test against an organization's Linux-based network. This engagement aims to simulate an advanced persistent threat and demonstrate persistence for 30 days without their system administrators identifying the intrusion. Which of the following commands should Sarah use to run a script that beacons back to her computer every 20 minutes?
During a web application penetration test, an assessor uses an automated scanning tool that reports multiple high-risk cross-site scripting (XSS) vulnerabilities across several input fields. When the tester attempts to manually validate these findings using crafted payloads, none of the inputs successfully execute scripts, and all appear to be properly sanitized. Which of the following best describes the inaccuracy in the scanner’s findings?
During a post-exploitation phase on a Windows host, a penetration tester is enumerating potential lateral movement paths by identifying active services that may expose privileged functionality or misconfigurations. The tester specifically wants to query the Service Control Manager to obtain detailed information about all installed and running services. Which of the following commands should the tester use to accomplish this objective?
During the reconnaissance phase of a penetration test, you need to gather information about a target company's website that was redesigned last year. Which action should you take using the Wayback Machine to potentially uncover sensitive information that may have been exposed on the previous version of the website?
During a physical penetration test, a tester places several removable flash storage devices throughout a corporate office in locations such as conference rooms, printer stations, and employee break areas. Each device contains a payload configured to automatically execute and establish a callback to the tester’s system when connected to a workstation. Which of the following attack techniques is the tester MOST likely attempting?
Jake, a penetration tester, performs a lock-picking exercise at a client’s facility. He unlocks the main office door in less than two minutes using a standard lock-picking tool. What recommendation should Jake give to improve the physical security of the facility?
What is a legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment?
Neil is attempting to gain unauthorized access to a company's system by using a list of previously stolen username-password pairs from a past data breach. He automates the process of testing these credentials across multiple user accounts, hoping that some users have reused their passwords. Which type of attack is Neil performing?
During a physical penetration test, an assessor attempts to clone employee access badges by covertly scanning RFID (Radio-Frequency Identification) signals from several meters away using a portable reader. While reviewing the organization’s physical security controls, the tester identifies which mitigation would most directly interfere with this badge-cloning technique. Which of the following controls would most effectively prevent the tester from capturing RFID badge data?
