CompTIA PenTest+ Certification - (PT0-003) Exam Questions

OBJ 1.5 - A web application firewall (WAF) or application-aware firewall would detect both the accessing of random ports and TLS encryption and identify it as suspicious. An application-aware firewall can make decisions about what applications are allowed or blocked by a firewall, and TLS connections are created and maintained by applications. A stateless packet inspection firewall allows or denies packets into the network based on the source and destination IP address or the traffic type (TCP, UDP, ICMP, etc.). A stateful packet inspection firewall monitors the active sessions and connections on a network. The process of stateful inspection determines which network packets should be allowed through the firewall by utilizing the information it gathered regarding active connections as well as the existing ACL rules. Neither a stateless nor stateful inspection firewall operates at layer 6 or layer 7, so they cannot inspect TLS connections. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. An IDS only monitors the traffic on the network, it cannot block traffic.   For support or reporting issues, include Question ID: 63fe10763b7322449ddc3f1c in your ticket. Thank you.

OBJ 4.1 - Powersploit is a series of Microsoft PowerShell scripts that pen testers can use in post-exploit scenarios. Empire (PowerShell Empire) is a post-exploitation framework for Windows devices that allows the attacker to run PowerShell agents without needing powershell.exe. It is commonly used to escalate privileges, launch other modules to capture data, extract passwords, and install persistent backdoors. Searchsploit is a tool included in the exploitdb package on Kali Linux that enables you to search the Exploit Database archive. Responder is a fake server and relay tool that is included with Kali Linux. It responds to LLMNR, NBT-NS, POP, IMAP, SMTP, and SQL queries to possibly recover sensitive information such as user names and passwords.   For support or reporting issues, include Question ID: 63fe10943b7322449ddc4097 in your ticket. Thank you.

OBJ 4.3 - Attrition attacks employ brute-force methods to compromise, degrade, or destroy systems, networks, or services. An impersonation attack occurs when the attacker gains control of an employee's account and uses it to convince other employees to perform fraudulent actions. Improper usage occurs when an employee or other authorized user utilizes the systems or networks not as intended or designed. The loss or theft of equipment usually relates to a smartphone, tablet, or laptop being lost or stolen, and then the data on it becomes compromised.   For support or reporting issues, include Question ID: 63fe10243b7322449ddc3b05 in your ticket. Thank you.

OBJ 4.8 - A business email compromise (BEC) is a form of elicitation where the attacker impersonates a high-level executive or directly takes over their email account. The attacker then sends an email to elicit personnel to take action on their behalf. In this example, the attacker is impersonating the company's CEO by sending an email to the financial personnel requesting they send a money transfer for what appears to be a legitimate service. This example also uses the urgency and authority motivation factors to convince the employee to take action.   For support or reporting issues, include Question ID: 63fe103f3b7322449ddc3c63 in your ticket. Thank you.

OBJ 2.3 - While there are many different formats used by attackers to obfuscate their malicious code, Base64 is by far the most popular. If you see a string like the one above, you can decode it using an online Base64 decoder. I recommend you copy the string above and decode it to see how easy it is to reverse a standard Base64 encoded message. Some more advanced attackers will also use XOR and a key shift in combination with Base64 to encode the message and make it harder to decode, but using a tool like CyberChef can help you decode those. Structured Query Language (SQL) is used to communicate with a database. Extensible Markup Language (XML) is a markup language that defines a set of rules for encoding documents in a human-readable and machine-readable format. SQL and XML are not considered obfuscation techniques. A QR Code is a two-dimensional version of the barcode, known from product packaging in the supermarket. QR coding is the process of converting some data into a single QR code. QR coding might be considered a form of obfuscation, but it is not shown in this question's example output.   For support or reporting issues, include Question ID: 63fe10983b7322449ddc40c9 in your ticket. Thank you.