- All Exams Instant Download
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Which of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applicationsB . A list of all the risks of web applicationsC . The risks defined in order of importanceD . A web-application security standardE . A risk-governance and compliance frameworkF ....
Which of the following BEST describes why this would be necessary?
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?A . To meet PCI DSS testing requirementsB . For testing of the customer's SLA with the ISPC...
Which of the following commands should be used to accomplish the goal?
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPNB . VRFY and...
Which of the following types of attacks would MOST likely be used to avoid account lockout?
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?A ....
Which of the following is the MOST likely culprit?
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installationsB ....
Which of the following is the MOST likely reason for the lack of output?
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....
Which of the following social-engineering attacks was the tester utilizing?
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which...
Which of the following is the tester performing?
A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilitiesB . Trying to recover a lost bind shellC . Building a reverse shell listening on specified portsD . Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...
Which of the following actions should the tester take?
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the...
Which of the following would BEST support this task?
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?A . Run nmap with the Co, -p22, and CsC options set against the targetB . Run nmap with...
