Q. During a penetration test specifically scoped to a single web application, Chris discovers that the web server also contains a list of passwords to other servers at the target location. After he notifies the client, they ask him to use them to validate those servers, and he proceeds to test those passwords against the other servers. What has occurred?

View solution

Q. Ruchika has been asked to conduct a penetration test against internal business systems at a mid-sized company that operates only during a normal day shift. The test will be run against critical business systems. What restriction is most likely to be appropriate for the testing?

View solution

Q. During an on-site penetration test, what scoping element is critical for wireless assessments when working in shared buildings?

View solution

Q. What type of penetration test is not aimed at identifying as many vulnerabilities as possible and instead focuses on vulnerabilities that specifically align with the goals of gaining control of specific systems or data?

View solution

Q. While performing an on-site penetration test, Cassandra plugs her laptop into an accessible network jack. When she attempts to connect, however, she does not receive an IP address and gets no network connectivity. She knows that the port was working previously. What technology has her target most likely deployed?

View solution

Q. What does an MSA typically include?

View solution

Q. During a penetration test, Alex discovers that he is unable to scan a server that he was able to successfully scan earlier in the day from the same IP address. What has most likely happened?

View solution

Q. During a penetration test scoping discussion, Charles is asked to test the organization’s SaaS-based email system. What concern should he bring up?

View solution

Q. What type of legal agreement typically covers sensitive data and information that a penetration tester may encounter while performing an assessment?

View solution

Q. Which of the following types of penetration test would provide testers with complete visibility into the configuration of a web server without having to compromise the server to gain that information?

View solution

Q. Maria wants to build a penetration testing process for her organization and intends to start with an existing standard or methodology. Which of the following is not suitable for that purpose?

View solution

Q. What term describes a document created to define project-specific activities, deliverables, and timelines based on an existing contract?

View solution

Q. What may influence how you conduct your assessment and the rules of engagement in compliance-based assessments?

View solution

Q. What does compliance with standards like PCI DSS provide in penetration testing?

View solution

Q. What understanding helps in better completing compliance assessments?

View solution

Q. What drives many penetration tests in terms of compliance?

View solution

Q. What ensures coverage in the event of issues during a penetration test?

View solution

Q. Why is awareness of the legal and regulatory environment important for penetration testers?

View solution

Q. What legal document protects the data and information involved in a penetration test?

View solution

Q. What legal concepts should penetration testers be familiar with in engagement contracts?

View solution