To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Some new sample questions:
Question:
A company hires a penetration tester to perform an external attack surface review as part of a security engagement. The company informs the tester that the main company domain to investigate is comptia.org. Which of the following should the tester do to accomplish the assessment objective?
A. Perform information-gathering techniques to review internet-facing assets for the company.
B. Perform a phishing assessment to try to gain access to more resources and users’ computers.
C. Perform a physical security review to identify vulnerabilities that could affect the company.
D. Perform a vulnerability assessment over the main domain address provided by the client.
Question:
A penetration tester identifies the URL for an internal administration application while following DevOps team members on their commutes. Which of the following attacks did the penetration tester most likely use?
A. Shoulder surfing
B. Dumpster diving
C. Spear phishing
D. Tailgating
Question:
Which of the following is the most efficient way to exfiltrate a file containing data that could be sensitive?
A. Use steganography and send the file over FTP.
B. Compress the file and send it using TFTP.
C. Split the file in tiny pieces and send it over dnscat.
D. Encrypt and send the file over HTTPS.
…
Some new sample questions:
Question:
While performing a penetration test, a tester executes the following command:
PS c:\tools> c:\hacks\PsExec.exe \\server01.cor.ptia.org -accepteula cmd.exe
Which of the following best explains what the tester is trying to do?
A. Test connectivity using PsExec on the server01 using cmd.exe
B. Perform a lateral movement attack using PsExec
C. Send the PsExec binary file to the server01 using cmd.exe
D. Enable cmd.exe on the server01 through PsExec
Question:
During a routine penetration test, the client’s security team observes logging alerts that indicate several ID badges were reprinted after working hours without authorization. Which of the following is the penetration tester most likely trying to do?
A. Obtain long-term, valid access to the facility
B. Disrupt the availability of facility access systems
C. Change access to the facility for valid users
D. Revoke access to the facility for valid users
Question:
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
A. The tester is conducting a web application test.
B. The tester is assessing a mobile application.
C. The tester is evaluating a thick client application.
D. The tester is creating a threat model.
……………
Some new sample questions:
Question:
Which of the following technologies is most likely used with badge cloning? (Select two).
A. NFC
B. RFID
C. Bluetooth
D. Modbus
E. Zigbee
F. CAN bus
Question:
A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client’s blue team. Which of the following exfiltration methods most likely remain undetected?
A. Cloud storage
B. Email
C. Domain Name System
D. Test storage sites
Question:
A client warns the assessment team that an ICS application is maintained by the manufacturer. Any tampering of the host could void the enterprise support terms of use. Which of the following techniques would be most effective to validate whether the application encrypts communications in transit?
A. Utilizing port mirroring on a firewall appliance
B. Installing packet capture software on the server
C. Reconfiguring the application to use a proxy
D. Requesting that certificate pinning be disabled
…….