Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?

1. A. Wireshark
2. B. EAPHammer
3. C. Kismet
4. D. Aircrack-ng

Correct Answer: D
The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine is Aircrack-ng. Aircrack-ng is a suite of tools used to assess the security of wireless networks. It starts by capturing wireless network packets [1], then attempts to crack the network password by analyzing them [1]. Aircrack-ng supports FMS, PTW, and other attack types, and can also be used to generate keystreams for
WEP and WPA-PSK encryption. It is capable of running on Windows, Linux, and Mac OS X.
The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine is Aircrack-ng. Aircrack-ng is a suite of tools used to assess the security of wireless networks. It starts by capturing wireless network packets [1], then attempts to crack the network password by analyzing them [1]. Aircrack-ng supports FMS, PTW, and other attack types, and can also be used to generate keystreams for
WEP and WPA-PSK encryption. It is capable of running on Windows, Linux, and Mac OS X.

A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?

1. A. Blind SQL
2. B. Boolean SQL
3. C. Stacked queries
4. D. Error-based

Correct Answer: C
The penetration tester is using a type of injection attack called stacked queries, which means appending multiple SQL statements separated by semicolons in a single input field. This can allow the penetration tester to execute arbitrary SQL commands on the database server, such as selecting username and password from users table.

A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?

1. A. Understanding the tactics of a security intrusion can help disrupt them.
2. B. Scripts that are part of the framework can be imported directly into SIEM tools.
3. C. The methodology can be used to estimate the cost of an incident better.
4. D. The framework is static and ensures stability of a security program overtime.

Correct Answer: A

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

1. A. The HTTP port is not open on the firewall.
2. B. The tester did not run sudo before the command.
3. C. The web server is using HTTPS instead of HTTP.
4. D. This URI returned a server error.

Correct Answer: A

A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

1. A. SQLmap
2. B. DirBuster
3. C. w3af
4. D. OWASP ZAP

Correct Answer: C
W3AF, the Web Application Attack and Audit Framework, is an open source web application security scanner that includes directory and filename bruteforcing in its list of capabilities.