To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Some new sample questions:
Question:
While performing a penetration test, a tester executes the following command:
PS c:\tools> c:\hacks\PsExec.exe \\server01.cor.ptia.org -accepteula cmd.exe
Which of the following best explains what the tester is trying to do?
A. Test connectivity using PsExec on the server01 using cmd.exe
B. Perform a lateral movement attack using PsExec
C. Send the PsExec binary file to the server01 using cmd.exe
D. Enable cmd.exe on the server01 through PsExec
Question:
During a routine penetration test, the client’s security team observes logging alerts that indicate several ID badges were reprinted after working hours without authorization. Which of the following is the penetration tester most likely trying to do?
A. Obtain long-term, valid access to the facility
B. Disrupt the availability of facility access systems
C. Change access to the facility for valid users
D. Revoke access to the facility for valid users
Question:
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
A. The tester is conducting a web application test.
B. The tester is assessing a mobile application.
C. The tester is evaluating a thick client application.
D. The tester is creating a threat model.
……………
Some new sample questions:
Question:
Which of the following technologies is most likely used with badge cloning? (Select two).
A. NFC
B. RFID
C. Bluetooth
D. Modbus
E. Zigbee
F. CAN bus
Question:
A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client’s blue team. Which of the following exfiltration methods most likely remain undetected?
A. Cloud storage
B. Email
C. Domain Name System
D. Test storage sites
Question:
A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?
A. Utilizing port mirroring on a firewall appliance
B. Installing packet capture software on the server
C. Reconfiguring the application to use a proxy
D. Requesting that certificate pinning be disabled
…….