The latest changes and updates from the administration for this exam.
Latest Update: Jun 15 2026
All questions are working fine.
During a web application assessment, a penetration tester reviews SIEM (Security Information and Event Management) logs and identifies a crafted HTTP (Hypertext Transfer Protocol) request targeting an e-commerce endpoint. The request includes structured parameter manipulation that injects additional elements into the server-side processing logic, altering item pricing and quantity handling, as shown in the screenshot below.
Which of the following attack types is MOST likely being attempted?
A network technician is using telnet to connect to a router on a network that has been compromised. A new user and password have been added to the router with full rights. The technician is concerned that the regularly used administrator account has been compromised. After changing the password on all the networking devices, which of the following should the technician do to prevent the password from being sniffed on the network again?
Benjamin is working on a red team engagement where he needs to identify lateral movement possibilities in a segmented network. He wants to use a breach and attack simulation tool that is particularly known for simulating network breaches and mimicking a worm-like spread. The tool should be able to be easily scripted for automated execution across multiple systems. Which tool best suits Benjamin's needs?
During passive reconnaissance, you identify several publicly accessible documents hosted on the target’s website. After downloading them, you discover embedded information such as usernames, file paths, and software versions without interacting further with the target environment. Which of the following techniques are you performing?
During a social engineering assessment, a penetration tester gathers OSINT (Open-source Intelligence) on a company’s sales department, including recent deals, internal terminology, and employee roles. The tester then crafts an email tailored to that group, embedding a malicious attachment disguised as a sales report relevant to their daily operations. Which of the following actions BEST represents executing this successful spear phishing attack?
During a security assessment, a client requests a tool that not only scans for vulnerabilities but also integrates with their existing vulnerability management process, offering automated updates and detailed insights into risk levels. Which of the following tools is the penetration tester most likely to recommend?
You monitor network traffic on a client’s network to detect any unusual patterns indicating an ongoing attack. While using tcpdump, you want to filter out traffic from a known secure IP address to reduce noise in your capture file. Which tcpdump command allows you to exclude traffic from this IP address?
You have been asked to help conduct a known environment penetration test. As part of your preparations, you have been given the source code for the organization’s custom web application.
Which type of vulnerability might be able to exploit the code shown in this image?
During a post-exploitation phase of a penetration test, an assessor deploys several custom binaries, scripts, and enumeration utilities onto compromised systems to maintain access and gather additional data. After completing all objectives and documenting the findings, the tester prepares to disengage from the environment. The client requires that no residual artifacts remain that could introduce future risk. Which of the following actions should the tester take during the cleanup phase regarding these deployed tools?
During a vulnerability assessment, two findings are identified: one is a high-severity issue on an internal system requiring authentication, and the other is a medium-severity issue on a publicly exposed system. How should the tester prioritize these findings?
