PENETRATION TESTING FINAL COMPREHENSIVE STUDY SHEET 2026 QUESTIONS WITH SOLUTIONS GRADED A+

PENETRATION TESTING FINAL
COMPREHENSIVE STUDY SHEET 2026
QUESTIONS WITH SOLUTIONS GRADED A+

◉ A security researcher is analyzing various on-path attack
techniques to develop detection mechanisms against them. Which of
the following is NOT an on-path attack?
A.DNS poisoning
B.ARP poisoning
C.MAC spoofing
D.Biometric spoofing. Answer: D.Biometric spoofing


Biometric spoofing is not an example of an on-path attack. An on-
path attack is when a malicious actor sits in the middle or in the
path of a connection.


◉ A penetration tester discovers a device during an engagement and
needs to try conducting a Pixie attack or attempt to crack PMKID
offline. Which tool should they use?
A.Airmon-ng
B.Spooftooph
C.ScoutSuite
D.Wifite2. Answer: D.Wifite2

,Wifite2 is a wireless auditing tool you can use to assess the WLAN.
Wifite2 can launch a variety of attacks including Pixie attacks,
PMKID cracking, and more.


◉ A penetration tester is analyzing entry to a network utilizing
802.1X authentication. Which of the following is NOT one of the
three main components of this setup?
A.Organizational Units
B.Supplicant
C.Authenticator
D.AS. Answer: A.Organizational Units


Organizational Units are used with a domain to group similar objects
such as the users, groups, computers, and other OUs and minimize
the number of domains.


◉ An attacker is attempting to access a WPS device at a site in order
to gain entry to a larger corporate network. Which of the following
could they do? (Select all that apply.)
A.HTTP flood
B.Physical
C.Side channel
D.Brute force. Answer: B.Physical

,D.Brute force


A physical attack takes advantage of the "push to connect" feature
found on many routers. When launching this attack, the malicious
actor will need to be physically close to the device.


In addition to a physical attack, a malicious actor can gain access to
the network by determining the PIN number of the WPS device,
using an online or offline brute force attack.


◉ A security professional is testing the Wi-Fi with MDK4 and wants
to create the appearance of many wireless networks. Which of the
following modes should they use?
A.A
B.B
C.D
D.W. Answer: B.B


Mode b creates the appearance of many wireless networks. MDK4 is
a powerful Linux based tool that features a wide range of attacks.


In mode a authentication, DoS will send multiple authentication
frames to WAP in range with the intent of overwhelming the AP.

, Mode d will send a deauth to disconnect and disassociate all clients
from an AP. MDK4 supports 2.4 to 5GHz and has nine attack modules
.
Mode w will provoke an Intrusion Detection and Prevention Systems
confusion attack. When testing with this tool use caution, as some of
the attack modules can have a serious negative effect on the
network.


◉ A digital forensics expert needs to analyze an infected mobile
device. What approach can the expert use to do this? (Select all that
apply.)
A.SMiShing
B.Biometric integration
C.Reverse engineering
D.Sandbox analysis. Answer: C.Reverse engineering
D.Sandbox analysis


◉ A company is using enterprise mobility management software
(EMM) to make sure that all the devices employees bring and
connect to the corporate network meet established security policies.
What functions will the EMM software manage? (Select all that
apply.)
A.Locking and wiping employee devices
B.Preventing employees from installing apps