Question 166
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.
Which of the following is the MOST important action to take before starting this type of assessment?
Which of the following is the MOST important action to take before starting this type of assessment?
Question 167
A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?
Question 168
A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:
x' OR role LIKE '%admin%
Which of the following should be recommended to remediate this vulnerability?
x' OR role LIKE '%admin%
Which of the following should be recommended to remediate this vulnerability?
Question 169
A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?
Question 170
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?