An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?
Correct Answer:
C
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:
Correct Answer:
D
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform
phishing in a later stage of the assessment?
Correct Answer:
D
SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.
Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)
Correct Answer:
BC
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Correct Answer:
A