Free Access CompTIA.PT0-001.v2022-06-28.q222 Practice Test (Page 9)

Question 36

A penetration tester is connected to a client's local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the network. Which of the following is the BEST approach to take?

A.Run an MITM attack.

B.Run a network vulnerability scan.

C.Run a port scan.

D.Run a stress test.

Question 37

Which of the following vulnerabilities are MOST likely to be false positives when reported by an automated scanner on a static HTML web page? (Choose two.)

A.Unencrypted transfer of sensitive data

B.Reflected cross-site scripting

C.Insecure HTTP methods allowed

D.Support of weak cipher suites

E.Enabled directory listing

F.Disclosure of internal system information

G.Missing secure flag for a sensitive cookie

H.Command injection

Question 38

A penetration tester is performing a code review against a web application Given the following URL and source code:

Which of the following vulnerabilities is present in the code above?

A.Cross-site scripting

B.LDAP injection

C.Command injection

D.SQL injection

Question 39

A client asks a penetration tester to add more addresses to a test currently in progress. Which of the following would define the target list?

A.Rules of engagement

B.Statement of work

C.Mater services agreement

D.End-user license agreement

Question 40

A client asks a penetration tester to add more addresses to a test currently in progress.
Which of the following would defined the target list?