PENETRATION TESTING FINAL FINAL SCRIPT
2026 COMPLETE QUESTIONS WITH ANSWERS
◉ A security consultant is trying to redirect traffic at Layer 2 to
conduct on-path attacks. Which of the following are they trying to
perform?
A.ARP Poisoning
B.Piggybacking
C.XMAS attack
D.DNS Poisoning. Answer: A.ARP Poisoning
This attack deliberately maps an incorrect MAC address to a correct
IP address, which poisons the ARP cache. ARP poisoning is used to
redirect traffic for malicious purposes.
◉ A medium-sized company is worried about their access points at
various field sites and has asked their employees to drive around to
search for open access points using a laptop or smartphone. What is
this referred to as?
A.War driving
B.WiGLE
C.Attack surface
D.Pharming. Answer: A.War driving
,War driving is a technique that involves driving around to search for
open access points using a laptop or smartphone.
◉ A security assessor is trying to set up automated scans on
applications that check against a predetermined security baseline
that checks for vulnerabilities. Which of the following should they
set up for this?
A.DAST
B.SAST
C.OpenVAS
D.SCAP. Answer: D.SCAP
The Security Content Automation Protocol (SCAP) is a US standard
used to ensure applications are in line with mandated security
requirements.
◉ A network engineer is measuring a wireless signal level in relation
to any background noise to ensure efficient wireless
communications. Which of the following should they look at?
A.dBi
B.SCAP
C.SNR
D.WAF. Answer: C.SNR
,The goal is to have a good Signal-to-Noise Ratio (SNR), which is the
measurement of a wireless signal level in relation to any background
noise.
◉ A network technician is reviewing signal strengths of wireless
antennas to ensure that the signal does not extend beyond the
buildings for anyone to attempt to gain access. What are they
measuring?
A.MSA
B.SNR
C.dBi
D.NVD. Answer: C.dBi
The signal strength of a wireless antenna is referred to as decibels
per isotropic (dBi) and can vary according to the design.
◉ A penetration tester wants to become more efficient and effective
at penetration testing. What standard provides a comprehensive
overview of the proper structure of a complete PenTest and includes
discussion on several topics, such as pre-engagement interactions,
threat modeling, vulnerability analysis, exploitation, and reporting?
A.ISSAF
B.OWASP
, C.PTES
D.OSSTMM. Answer: C.PTES
The Penetration Testing Execution Standard (PTES) has seven main
sections that provide a comprehensive overview of the proper
structure of a complete PenTest. Some of the sections include details
on topics such as pre-engagement interactions, threat modeling,
vulnerability analysis, exploitation, and reporting.
◉ A security professional has just finished setting up a new public-
facing web server for their organization. They want to ensure that
search engine crawlers don't index certain pages or directories on
the site that represent duplicate content in order to avoid potential
search penalties, but still allow those pages to be crawled to
facilitate link discovery. What is the most direct step the security
professional can take to achieve this goal?
A.Create a noindex meta tag on each page to be excluded
B.Use an access control list (ACL) to restrict access to certain
directories
C.Configure the web server to block specific user agents
D.Set up a robots.txt file to exclude certain pages or directories.
Answer: A.Create a noindex meta tag on each page to be excluded
2026 COMPLETE QUESTIONS WITH ANSWERS
◉ A security consultant is trying to redirect traffic at Layer 2 to
conduct on-path attacks. Which of the following are they trying to
perform?
A.ARP Poisoning
B.Piggybacking
C.XMAS attack
D.DNS Poisoning. Answer: A.ARP Poisoning
This attack deliberately maps an incorrect MAC address to a correct
IP address, which poisons the ARP cache. ARP poisoning is used to
redirect traffic for malicious purposes.
◉ A medium-sized company is worried about their access points at
various field sites and has asked their employees to drive around to
search for open access points using a laptop or smartphone. What is
this referred to as?
A.War driving
B.WiGLE
C.Attack surface
D.Pharming. Answer: A.War driving
,War driving is a technique that involves driving around to search for
open access points using a laptop or smartphone.
◉ A security assessor is trying to set up automated scans on
applications that check against a predetermined security baseline
that checks for vulnerabilities. Which of the following should they
set up for this?
A.DAST
B.SAST
C.OpenVAS
D.SCAP. Answer: D.SCAP
The Security Content Automation Protocol (SCAP) is a US standard
used to ensure applications are in line with mandated security
requirements.
◉ A network engineer is measuring a wireless signal level in relation
to any background noise to ensure efficient wireless
communications. Which of the following should they look at?
A.dBi
B.SCAP
C.SNR
D.WAF. Answer: C.SNR
,The goal is to have a good Signal-to-Noise Ratio (SNR), which is the
measurement of a wireless signal level in relation to any background
noise.
◉ A network technician is reviewing signal strengths of wireless
antennas to ensure that the signal does not extend beyond the
buildings for anyone to attempt to gain access. What are they
measuring?
A.MSA
B.SNR
C.dBi
D.NVD. Answer: C.dBi
The signal strength of a wireless antenna is referred to as decibels
per isotropic (dBi) and can vary according to the design.
◉ A penetration tester wants to become more efficient and effective
at penetration testing. What standard provides a comprehensive
overview of the proper structure of a complete PenTest and includes
discussion on several topics, such as pre-engagement interactions,
threat modeling, vulnerability analysis, exploitation, and reporting?
A.ISSAF
B.OWASP
, C.PTES
D.OSSTMM. Answer: C.PTES
The Penetration Testing Execution Standard (PTES) has seven main
sections that provide a comprehensive overview of the proper
structure of a complete PenTest. Some of the sections include details
on topics such as pre-engagement interactions, threat modeling,
vulnerability analysis, exploitation, and reporting.
◉ A security professional has just finished setting up a new public-
facing web server for their organization. They want to ensure that
search engine crawlers don't index certain pages or directories on
the site that represent duplicate content in order to avoid potential
search penalties, but still allow those pages to be crawled to
facilitate link discovery. What is the most direct step the security
professional can take to achieve this goal?
A.Create a noindex meta tag on each page to be excluded
B.Use an access control list (ACL) to restrict access to certain
directories
C.Configure the web server to block specific user agents
D.Set up a robots.txt file to exclude certain pages or directories.
Answer: A.Create a noindex meta tag on each page to be excluded
