During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

1. A. Spawn a local shell.
2. B. Disable NIC.
3. C. List processes.
4. D. Change the MAC address

Correct Answer: A
s for what the script author was trying to do.

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

1. A. Shodan
2. B. Nmap
3. C. WebScarab-NG
4. D. Nessus

Correct Answer: B

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

1. A. Nmap
2. B. Wireshark
3. C. Metasploit
4. D. Netcat

Correct Answer: B

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

1. A. Send deauthentication frames to the stations.
2. B. Perform jamming on all 2.4GHz and 5GHz channels.
3. C. Set the malicious AP to broadcast within dynamic frequency selection channels.
4. D. Modify the malicious AP configuration to not use a pre-shared key.

Correct Answer: A
https://steemit.com/informatica/@jordiurbina1/tutorial-hacking-wi-fi-wireless-networks-with-wifislax The penetration tester should send deauthentication frames to the stations to force them to disconnect from
their current access point and reconnect to another one, which may be the malicious AP deployed by the tester. Deauthentication frames are part of the 802.11 protocol and are used to terminate an existing wireless association between a station and an access point. However, they can also be spoofed by an attacker to disrupt or hijack wireless connections. The other options are not effective or relevant for this purpose. Performing jamming on all 2.4GHz and 5GHz channels would interfere with all wireless signals in the area, which may cause unwanted attention or legal issues. Setting the malicious AP to broadcast within dynamic frequency selection channels would not help, as these channels are used to avoid interference with radar systems and are not commonly used by wireless stations or access points. Modifying the malicious AP configuration to not use a pre-shared key would not help, as it would make it less likely for wireless stations to connect to it if they are configured to use encryption.

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

1. A. Smurf
2. B. Ping flood
3. C. Fraggle
4. D. Ping of death

Correct Answer: C
Fraggle attack is same as a Smurf attack but rather than ICMP, UDP protocol is used. The prevention of these attacks is almost identical to Fraggle attack.
Ref: https://www.okta.com/identity-101/fraggle-attack/