Question
Charleen wants to perform static code analysis of the mobile application her target installed on the device in her possession. Which of the following tools should she select?
a.
Objection
b.
MobSF
c.
Frida
d.
Burp Suite
Posted under CompTIA PenTest+ Certification Exam PT0 002
Engage with the Community - Add Your Comment
Confused About the Answer? Ask for Details Here.
Know the Explanation? Add it Here.
Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to...
Similar Questions
Discover Related MCQs
Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to test that uses the organization’s base configuration for devices that are issued to employees. As part of her team, you’ve been asked to provide input on the penetration testing process.
Charleen has determined that the organization she is testing uses certificate pinning for their web application. What technique is most likely to help her overcome this so that she can conduct an on-path attack?
View solution
Q. Charleen has been tasked with the components of a penetration test that deal with mobile devices at a large client organization. She has been given a standard corporate device to test that uses the organization’s base configuration for devices that are issued to employees. As part of her team, you’ve been asked to provide input on the penetration testing process.
Charleen wants to use a cloned image of a phone to see if she can access it using bruteforce passcode-breaking techniques. Which of the following techniques will allow her to do this without an automatic wipe occurring if “wipe after 10 passcode attempts” is set for the device?
View solution
Q. Isabelle wants to gain access to a cloud infrastructure as a service environment. Which of the following is not a common technique to gain this type of access for a penetration test?
View solution
Q. Jocelyn wants to conduct a resource exhaustion attack against her penetration testing target, which uses an autoscaling service architecture that leverages a content delivery network. What technique is most likely to help her succeed?
View solution
Q. Ben wants to conduct a penetration test against a service that uses containers hosted by a cloud service provider. Which of the following targets is not typically part of the scope for a penetration test against a containerized environment?
View solution
Q. Madhuri has discovered that the organization she is conducting a penetration test against makes extensive use of industrial control systems to manage a manufacturing plant. Which of the following components is least likely to respond to her normal penetration testing tools like Nmap and Metasploit?
View solution
Q. Susan wants to use a web application vulnerability scanner to help map an organization’s web presence and to identify existing vulnerabilities. Which of the following tools is best suited to her needs?
View solution
Q. Claire knows that her target organization leverages a significant number of IoT devices and that she is likely to need to use one or more of them as pivot points for her penetration test. Which of the following is not a common concern when conducting a penetration test involving IoT devices?
View solution
Q. Jeff identifies the IP address contained in content delivery network (CDN) configuration for his target organization. He knows that that server’s content is replicated by the CDN, and that if he is able to conduct a denial-of-service attack on the host he will be able to take down his target’s web presence. What type of attack is Jeff preparing to conduct?
View solution
Q. Michelle wants to attack the underlying hypervisor for a virtual machine. What type of attack is most likely to be successful?
View solution
Q. Scott wants to crawl his penetration testing target’s website and then build a word list using the data he recovers to help with his password cracking efforts. Which of the following tools should he use?
View solution
Q. What is an example of a cloud-specific tool that penetration testers can use for AWS exploitation?
View solution
Q. Which of the following is a side-channel attack?
View solution
Q. What is the purpose of tools like Mimikatz, Medusa, and John the Ripper in penetration testing?
View solution
Q. What is a technique commonly employed by penetration testers during pentests regarding privileges?
View solution
Q. Which tool is commonly used by penetration testers to crack passwords?
View solution
Q. What role do proxies play in the context of penetration testing?
View solution
Q. What is a common goal of penetration testers when attempting to compromise a system or service that is virtualized or containerized?
View solution
Q. In mobile device security assessments, what is a potential vulnerability that penetration testers may target?
View solution
Q. What is a consideration for penetration testers when dealing with embedded systems in penetration tests?
View solution
Suggested Topics
Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.
Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!
