Get Flat 80% OFF on Certified Red Team Analyst Course!

THIS OFFER IS NOW EXPIRED!

Learn More : https://cyberwarfare.live/product/red-team-analyst-crta/

Click the button below to start.

Start

Question 1 of 10

1. What is the main difference between penetration testing and red team exercises?

A

Red teaming only involves network attacks, while penetration testing involves physical attacks.

B

Penetration testing is ongoing and continuous, whereas red team exercises are performed once a year.

C

Penetration testing focuses on specific vulnerabilities, while red teaming simulates real-world attacks to test the organization's overall defense.

Question 2 of 10

2. Your red team has successfully infiltrated an organization's network. You've compromised a machine with sensitive data and found multiple plaintext password files. What should be your next step?

A

Try to escalate privileges on the machine.

B

Exfiltrate the plaintext passwords immediately.

C

Trigger a ransomware attack using the compromised machine.

Question 3 of 10

3. You've breached the external perimeter of a company using a phishing attack and gained limited access to an employee's workstation. However, all ports appear to be locked down except for the web browser. How do you proceed?

A

Attempt lateral movement by launching PowerShell from the browser.

B

Use the web browser to access an internal wiki and scrape data.

C

Install a keylogger to collect login credentials.

Question 4 of 10

4. While conducting a red team exercise, you discover a misconfigured web server that reveals a list of all user directories. You now have the ability to enumerate users. What is the best action?

A

Brute-force the passwords for all users using the usernames obtained.

B

Modify the server configuration to hide the user directories to avoid detection.

C

Use the enumeration to identify potential high-privilege users and spear-phish them.

Question 5 of 10

5. Your red team has gained initial access to a user workstation within an Active Directory domain. The user has limited privileges. You want to enumerate the AD to identify valuable targets and misconfigurations. What's your next move?

A

Use PowerView or BloodHound to identify domain admin accounts and trust relationships.

B

Dump the entire AD database using the "ntdsutil" tool.

C

Attempt to brute-force domain admin passwords using Kerberos tickets.

Question 6 of 10

6.You've compromised an external web server located in a DMZ and established a foothold. The internal network is isolated, but there is an SSH service running that you have access to using low-privileged credentials. How do you pivot into the internal network?

A

Create an SSH reverse tunnel to forward traffic from the internal network to your machine.

B

Use the compromised web server to brute-force admin passwords on internal systems.

C

Install a rootkit on the web server to sniff all incoming and outgoing traffic.

Question 7 of 10

7. After successfully gaining domain admin privileges in an AD environment, you want to ensure persistent access without leaving obvious traces. What technique should you use?

A

Create a new domain admin account for yourself with a non-suspicious name.

B

Add your account to the "Enterprise Admins" group to gain control over the entire forest.

C

Use the DCSync attack to extract password hashes and maintain stealthy access.

Question 8 of 10

8. You have compromised an AD user account that has access to several machines within the network. You've found an accessible file share containing confidential HR files but want to escalate your privileges. What do you do next?

A

Exfiltrate the HR files and close the connection to remain undetected.

B

Use Mimikatz to dump credentials from the machine and attempt to gain admin rights.

C

Modify the Group Policy Objects (GPO) to add yourself to the local administrators group.

Question 9 of 10

9. You've compromised a low-privileged machine in the internal network and want to use it as a pivot point to reach a more sensitive segment of the network. The compromised machine has a service running that listens on a port not directly accessible from your current position. What should you do?

A

Use the compromised machine to exfiltrate sensitive data before trying to pivot further.

B

Use Metasploit's Meterpreter pivoting feature to tunnel traffic through the compromised machine.

C

Install a rootkit to gain full control over the machine and use it for lateral movement.

Question 10 of 10

10. Which of the following is an example of a common red team attack against web applications?

A

SQL injection to extract sensitive data from a backend database.

B

Exploiting an insecure Wi-Fi network to gain access to the web application.

C

Performing a Distributed Denial of Service (DDoS) attack on the application.

Confirm and Submit

Name

Email

Subscribe to our email list