A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ‘ ; DROP TABLE SERVICES; -
Which of the following attacks is being attempted?
Correct Answer:
C
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format:
Correct Answer:
D
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Correct Answer:
C
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Correct Answer:
E
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
Correct Answer:
C