Which of the following network devices can accidentally misdirect probes or attacks if the penetration tester is not aware of their existence?
The latest changes and updates from the administration for this exam.
Latest Update: Jun 15 2026
All questions are working fine.
Which of the following network devices can accidentally misdirect probes or attacks if the penetration tester is not aware of their existence?
Which of the following information is traditionally found in the Scope of Work (SOW) for a penetration test?
During a web application assessment, you use the following command to test authentication behavior:
You observe that certain usernames produce different response patterns, even with the same password. Which of the following techniques are you performing?
During an internal assessment, you have access to a compromised host and want to quickly identify which systems in the subnet are responsive before performing deeper scans. You want to prioritize speed and minimal noise. Which approach would best support this objective?
While developing an automated reconnaissance script, a penetration tester needs to integrate an Nmap scan that reliably identifies open TCP ports across a /24 subnet without requiring raw socket privileges. The tester prioritizes compatibility over stealth and plans to embed the command within a Bash loop for repeated execution. Which of the following Nmap commands should be used to meet this requirement?
During a wireless assessment of a corporate campus, you detect an unknown Basic Service Set Identifier (BSSID) broadcasting on the same channel as authorized infrastructure. To determine whether the device is a rogue access point connected inside the building or an external neighbor network, you begin walking the facility while monitoring Received Signal Strength Indicator (RSSI) values. What is the PRIMARY advantage of using signal strength scanning in this scenario?
Ryan needs to verify the installation of a critical Windows patch on his organization's workstations. Which method would be the most efficient to validate the current patch status for all of the organization's Windows 10 workstations?
During an exploitation attempt against a VPN gateway, a penetration tester crafts HTTP requests designed to access files outside of the intended web application directory. The tester reviews captured server logs to confirm whether the payloads successfully manipulated file path handling mechanisms within the application. Review the following log output:
Which of the following techniques is the tester MOST likely leveraging to access unintended resources on the target system?
During a red team engagement, you are instructed to simulate a financially motivated adversary targeting only C-level leadership, including the Chief Executive Officer (CEO), Chief Financial Officer (CFO), and Chief Information Officer (CIO). The campaign involves highly customized email messages that reference recent board meetings and corporate initiatives in an attempt to trick executives into approving fraudulent wire transfers. Which type of attack does this scenario BEST represent?
Agatha is conducting a penetration test for a major security firm where she decides to use a password spraying attack against the company’s email server. She targets multiple accounts with a list of common passwords in her assessment. After a few attempts, Agatha successfully logs into several accounts. Of the following options, which is the most likely to have been exploited?