Page: 1
/ 33
Total 164 questions
A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?
- A. tcprelay
- B. Bluecrack
- C. Scapy
- D. tcpdump
Answer : C
Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?
- A. The tester is conducting a web application test.
- B. The tester is assessing a mobile application.
- C. The tester is evaluating a thick client application.
- D. The tester is creating a threat model.
Answer : D
A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?
- A. VM
- B. IAST
- C. DAST
- D. SCA
Answer : D
A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:
Which of the following should the tester recommend in the report to best prevent this type of vulnerability?
- A. Drop all excessive file permissions with chmod o-rwx.
- B. Ensure the requests application access logs are reviewed frequently.
- C. Disable the use of external entities.
- D. Implement a WAF to filter all incoming requests.
Answer : C
A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?
- A. Shoulder surfing
- B. Recon-ng
- C. Social media
- D. Password dumps
Answer : C
31 days access 