CompTIA PT0-002 Practice Test - Questions Answers, Page 35

A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'abcde'

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'edcfg'

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'qazsw'

[ATTEMPT] target 192.168.1.112 - login 'root' -- pass ''tyuio''

Which of the following is the penetration tester conducting?

An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?

Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field:

IMG SRC=vbscript:msgbox ('Vulnerable_to_Attack') ; >originalAttribute='SRC'originalPath='vbscript;msgbox ('Vulnerable_to_Attack ') ;>'

When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays 'Vulnerable_to_Attack.' Which of the following vulnerabilities did the tester discover in the web application?

As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?

Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?