A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

1. A. The injection was too slow.
2. B. The DNS information was incorrect.
3. C. The DNS cache was not refreshed.
4. D. The client did not receive a trusted response.

Correct Answer: C
A DNS poisoning attack is an attack that exploits a vulnerability in the DNS protocol or system to redirect traffic from legitimate websites to malicious ones. A DNS poisoning attack works by injecting false DNS records into a DNS server or resolver’s cache, which is a temporary storage of DNS information. However, if the DNS cache was not refreshed, then the attack would fail, as the target machine would still use the old and valid DNS records from its cache. The other options are not likely causes of the attack failure.

A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?

1. A. Wireshark
2. B. Gattacker
3. C. tcpdump
4. D. Netcat

Correct Answer: B
The best tool for performing an on-path attack on BLE smart devices is Gattacker. Gattacker is a Bluetooth Low Energy (BLE) pentesting and fuzzing framework specifically designed for on-path attacks. It allows security analysts to perform a variety of tasks, including man-in-the-middle attacks, passive and active scans, fuzzing of BLE services, and more. Gattacker also provides an interactive command-line interface that makes it easy to interact with the target BLE device and execute various commands.

A penetration tester writes the following script:

Which of the following is the tester performing?

1. A. Searching for service vulnerabilities
2. B. Trying to recover a lost bind shell
3. C. Building a reverse shell listening on specified ports
4. D. Scanning a network for specific open ports

Correct Answer: D
-z zero-I/O mode [used for scanning]
-v verbose
example output of script:
* 10.1.1.1 : inverse host lookup failed: Unknown host (UNKNOWN) [10.0.0.1] 22 (ssh) open
(UNKNOWN) [10.0.0.1] 23 (telnet) : Connection timed out https://unix.stackexchange.com/questions/589561/what-is-nc-z-used-for

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

1. A. Aircrack-ng
2. B. Wireshark
3. C. Wifite
4. D. Kismet

Correct Answer: A
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?

1. A. Run another scanner to compare.
2. B. Perform a manual test on the server.
3. C. Check the results on the scanner.
4. D. Look for the vulnerability online.

Correct Answer: B