A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.Which of the following actions, if performed, would be ethical within the scope of the assessment?
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.Which of the following can be done with the pcap to gain access to the server?
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:Which of the following tools would be BEST for the penetration tester to use to explore this site further?
DRAG DROP -During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.INSTRUCTIONS -Analyze the code segments to determine which sections are needed to complete a port scanning script.Drag the appropriate elements into the correct locations to complete the script.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.Select and Place:
Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?
