CompTIA PT0-002 Practice Test - Questions Answers, Page 29

A company recently moved its software development architecture from VMs to containers. The company has asked a penetration tester to determine if the new containers are configured correctly against a DDoS attack. Which of the following should a tester perform first?

A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

When accessing the URL http://192.168.0-1/validate/user.php, a penetration tester obtained the following output:

..d index: eid in /apache/www/validate/user.php line 12

..d index: uid in /apache/www/validate/user.php line 13

..d index: pw in /apache/www/validate/user.php line 14

..d index: acl in /apache/www/validate/user.php line 15

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?

A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = '123' hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000) Which of the following steps should the penetration tester recommend?

During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

A penetration tester breaks into a company's office building and discovers the company does not have a shredding service. Which of the following attacks should the penetration tester try next?

A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?

An organization wants to identify whether a less secure protocol is being utilized on a wireless network. Which of the following types of attacks will achieve this goal?