A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of the following is the BEST method for a tester to confirm the vulnerability exists?

A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester to pivot in the corporate network.
Which of the following is the MOST important follow-up activity to complete after the tester delivers the report?

A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline . Which of the following should the penetration tester perform to verify compliance with the baseline?

Which of the following types of physical security attacks does a mantrap mitigate-?

A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security guard then audits the badge system and finds two log entries for the badge in the following has MOST likely occurred?