A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?
Question 72
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)
Question 73
A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?
Question 74
A penetration tester has prepared the following phishing email for an upcoming penetration test: Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
Question 75
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
Question 76
Which of the following situations would MOST likely warrant revalidation of a previous security assessment?
Question 77
A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
Question 78
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:
Question 79
Which of the following assessment methods is MOST likely to cause harm to an ICS environment?
Question 80
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
