- All Exams Instant Download
Which of the following would the test discover?
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...
Which of the following attacks is being attempted?
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted? A. SQL injection B. HTML injection C. Remote command injection D. DLL injectionView AnswerAnswer:...
Which of the following tools or techniques would BEST support additional reconnaissance?
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...
Which of the following methods should the tester use to visualize the authorization information being transmitted?
A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?A . Decode the authorization header using UTF-8. B. Decrypt the authorization header using bcrypt. C. Decode the authorization header using Base64. D. Decrypt...
Which of the following BEST describes this attack?
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page...
Which of the following actions, if performed, would be ethical within the scope of the assessment?
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position. Which of the following actions, if performed, would be ethical within...
Which of the following social-engineering attacks was the tester utilizing?
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which...
Which of the following BEST describes why this would be necessary?
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?A . To meet PCI DSS testing requirements B. For testing of the customer's SLA with the ISP...
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?A . DirBuster B. CeWL C. w3af D. PatatorView AnswerAnswer: B Explanation: CeWL, the Custom Word List Generator, is a Ruby application...
