Question 1

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?
  • Question 2

    During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?
  • Question 3

    The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:
  • Question 4

    A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
    * The following request was intercepted going to the network device:
    GET /login HTTP/1.1
    Host: 10.50.100.16
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
    * Network management interfaces are available on the production network.
    * An Nmap scan returned the following:

    Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
  • Question 5

    Which of the following tools would be the best to use to intercept an HTTP response at an API, change its content, and forward it back to the origin mobile device?