A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?
Question 22
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the HIGHEST likelihood of success?
Question 23
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router. Which of the following is MOST vulnerable to a brute-force attack?
Question 24
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?
Question 25
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Question 26
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?
Question 27
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment?
Question 28
The following line-numbered Python code snippet is being used in reconnaissance: Which of the following line numbers from the script MOST likely contributed to the script triggering a `probable port scan` alert in the organization's IDS?
Question 29
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?
Question 30
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings. Which of the following is most important for the penetration tester to define FIRST?