A penetration tester compromises a system that has unrestricted network over port 443 to any host. The penetration tester wants to create a reverse shell from the victim back to the attacker. Which of the following methods would the penetration tester mostly like use?
During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts to crack the hash and recover the plaintext password have been unsuccessful Which of the following would be the BEST target for continued exploitation efforts?
A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake. Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?
A security assessor completed a comprehensive penetration test of a company and its networks and systems.
During the assessment, the tester identified a vulnerability in the crypto library used for TLS on the company's
intranet-wide payroll web application. However, the vulnerability has not yet been patched by the vendor,
although a patch is expected within days. Which of the following strategies would BEST mitigate the risk of
impact?
Copyright © 2014-2024 CertsTopics. All Rights Reserved
