1. A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.
Which of the following MOST likely describes what happened?

2. A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

3. Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

4. Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

5. A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?

6. Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

7. A penetration tester gains access to a system and establishes persistence, and then run the following commands:

Which of the following actions is the tester MOST likely performing?

8. A compliance-based penetration test is primarily concerned with:

9. A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

10. Which of the following BEST describe the OWASP Top 10? (Choose two.)

11. A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

12. A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

13. A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

14. A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

Which of the following commands should the penetration tester run post-engagement?

15. Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?