A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?

1. A. nmap -iL results 192.168.0.10-100
2. B. nmap 192.168.0.10-100 -O > results
3. C. nmap -A 192.168.0.10-100 -oX results
4. D. nmap 192.168.0.10-100 | grep "results"

Correct Answer: C

A penetration tester ran a ping –A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?

1. A. Windows
2. B. Apple
3. C. Linux
4. D. Android

Correct Answer: A
The ping –A command sends an ICMP echo request with a specified TTL value and displays the response. The TTL value indicates how many hops the packet can traverse before being discarded. Different OSs have different default TTL values for their packets. Windows uses 128, Apple uses 64, Linux uses 64 or 255, and Android uses 64. Therefore, a packet with a TTL of 128 is most likely from a Windows OS.

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

1. A. Create a one-shot system service to establish a reverse shell.
2. B. Obtain /etc/shadow and brute force the root password.
3. C. Run the nc -e /bin/sh <...> command.
4. D. Move laterally to create a user account on LDAP

Correct Answer: A
https://hosakacorp.net/p/systemd-user.html
Creating a one-shot system service to establish a reverse shell is a technique that would best support maintaining persistence after reboot on a Linux-based file server. A system service is a program that runs in the background and performs various tasks without user interaction. A one-shot system service is a type of service that runs only once and then exits. A reverse shell is a type of shell that connects back to an
attacker-controlled machine and allows remote command execution. By creating a one-shot system service that runs a reverse shell script at boot time, the penetration tester can ensure persistent access to the file server even after reboot.

A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

1. A. inurl:
2. B. link:
3. C. site:
4. D. intitle:

Correct Answer: C
The site: command can be used to restrict searches on Google to a specific domain. For example, site:company.com will return only results from the company.com domain. This can help the penetration tester to find information or pages related to the target domain.

Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

1. A. Executive summary
2. B. Remediation
3. C. Methodology
4. D. Metrics and measures

Correct Answer: B
The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.