An attacker has sent an email where the victim navigates to a malicious web page that has been set up to look official. What is this called? Question options: Baiting Pharming Malvertising Phishing Spamming A security professional is checking for domains based on certificates that are no longer allowed. What could they check for this? Question options: SET ncpa.cpl CRL SAN CRT A security analyst is trying to find older versions of a company's website which contained sensitive information. They are worried that attackers might still be able to find older versions, so they want to try using web search commands. Which web search command would help them search? Question options: site :search cache inurl inanchor A penetration tester is working on a project and sees a fairly recent VoIP vulnerability has come out. Which of the following records would best help them narrow down potential targets? Question options: NS MX SOA SRV TXT A penetration tester is trying to use Google Hacking to find more instances of Cisco CallManager. What should they use? Question options: intitle:"DPH" "web login setting" intitle:"Grandstream Device Configuration" password inurl:"ccmuser/logon.asp" inurl:"CallManager" A team is conducting a physical assessment and uses a simple mechanism such as Styrofoam to bypass a certain control. Which control are they likely bypassing? Question options: Flood lights Security badges Locks Motion sensor Fences The Social Engineering Toolkit is being employed for a targeted attack towards personnel. Which of the following can SET NOT do? Question options: Reverse shells PowerShell attacks Scaling Mass mail attacks Infectious media A security professional is looking for an organization's code that might have been posted publicly by developers. Which of the following sources is least likely to contain accidental posts by a company's developers? Question options: Github CloudForge Red dit Bitbucker theWayBackMachine A social engineer is communicating, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood. What is this tactic called? Question options: Pharming Elicitation Hoax Phishing Pretexting A security professional is looking for interesting targets on a public-facing web server. What would show them areas of the server that are not supposed to be crawled? Question options: Subject alternative name Robots Revocation list DNS Secret A penetration tester is conducting a test against external-facing websites. Which of the following tools is specifically geared towards website enumeration? Question options: Nmap SET WIGLE dirbuster OpenVAS A penetration tester wants to gather email information for a targeted phishing campaign. Which of the following tools could they use to collect this? Question options: Shodan Metagoofil Dirbuster Nmap theHarvester During a penetration testing engagement, one of the team members presents a fictitious situation as real. What is this tactic called? Question opt.