A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?

1. A. windows/x64/meterpreter/reverse_tcp
2. B. windows/x64/meterpreter/reverse_http
3. C. windows/x64/shell_reverse_tcp
4. D. windows/x64/powershell_reverse_tcp
5. E. windows/x64/meterpreter/reverse_https

Correct Answer: B
These two payloads are most likely to establish a shell successfully because they use HTTP or HTTPS protocols, which are commonly allowed by network devices and can bypass firewall rules or IPS signatures. The other payloads use TCP protocols, which are more likely to be blocked or detected by network devices.

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig: comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186.
comptia.org.
3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.
Which of the following potential issues can the penetration tester identify based on this output?

1. A. At least one of the records is out of scope.
2. B. There is a duplicate MX record.
3. C. The NS record is not within the appropriate domain.
4. D. The SOA records outside the comptia.org domain.

Correct Answer: A

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

1. A. The penetration tester conducts a retest.
2. B. The penetration tester deletes all scripts from the client machines.
3. C. The client applies patches to the systems.
4. D. The client clears system logs generated during the test.

Correct Answer: C

ion tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the.. :tive way for the tester to achieve this objective?

1. A. Dropping USB flash drives around the company campus with the file on it
2. B. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
3. C. Sending a pretext email from the IT department before sending the download instructions later
4. D. Saving the file in a common folder with a name that encourages people to click it

Correct Answer: C
The most effective way for the tester to achieve this objective is to send a pretext email from the IT department before sending the download instructions later. A pretext email is an email that uses deception or impersonation to trick users into believing that it is from a legitimate source or authority, such as the IT department. A pretext email can be used to establish trust or rapport with the users, and then persuade them to perform an action or provide information that benefits the attacker. In this case, the tester can send a pretext email from the IT department that informs users about an important update or maintenance task that requires them to download and run an executable file later. The tester can then send another email with the download instructions and attach or link to the malicious executable file. The users may be more likely to follow these instructions if they have received a prior email from the IT department that prepared them for this action. The other options are not as effective ways for the tester to achieve this objective. Dropping USB flash drives around the company campus with the file on it may not reach many users, as they may not find or pick up the USB flash drives, or they may be suspicious of their origin or content.

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

1. A. NIST SP 800-53
2. B. OWASP Top 10
3. C. MITRE ATT&CK framework
4. D. PTES technical guidelines

Correct Answer: C