The correct answer is A. Client-side exploits: Target user apps like browsers; require user interaction and work via outbound connections to attacker-controlled servers.
The correct answer is A. The first command creates a backdoor shell as a service. It is being started on TCP 2222 using cmd.exe. The second command verifies the service is created and its status.
Here's why the other answers are incorrect:
B. The first part of the answer is correct in that it creates a backdoor shell as a service. However, it incorrectly states that it is being started on UDP 2222. The command provided specifies the "-p 2222" flag, which indicates a TCP port rather than a UDP port.
C. This answer is incorrect because it misinterprets the purpose of the ncservice. It is not designed to stop any instance of nc.exe. Instead, it creates a backdoor shell as a service, as stated in answer A.
D. This answer has the commands' purposes switched. The first command is not verifying the service's status; it is creating the backdoor shell. The second command is incomplete and does not provide enough information to determine its purpose.
A is the correct answer. A malicious PDF or excel macro document is a classic client side attack. Those don't attack listening services they attack applications which have received something through the network (e.g. malicious document via e-mail...)
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.GPEN Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
al7azeen666
2 months, 1 week agoal7azeen666
2 months, 1 week agochadiosaurous
11 months, 3 weeks agouser009
1 year, 2 months agoicefyre127
1 year, 9 months ago