20 22 e principle of social proof answer b 30a

This preview shows page 20 - 23 out of 23 pages.

E. Principle of social proof Answer: B 30.A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO). A. Identity and eliminate inline SQL statements from the code. B. Identify and eliminate dynamic SQL from stored procedures. C. Identify and sanitize all user inputs. D. Use a whitelist approach for SQL statements. E. Use a blacklist approach for SQL statements. F. Identify the source of malicious input and block the IP address. Answer: B, C
31.Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
32.A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting “True”. Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)
20 / 22
The safer , easier way to help you pass any IT exams. C. Change the ‘=’ to ‘ - eq’. D. Change ‘source’ and ‘dest’ to “$source” and “$dest”. E. Change ‘else’ to ‘elif’. Answer: B,D 33.Given the following Python script: Which of the following actions will it perform?
21 / 22
34.A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer? A. Run the application through a dynamic code analyzer. B. Employ a fuzzing utility. C. Decompile the application. D. Check memory allocations. Answer: D
36.A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
CompTIA PenTest+ PT0-001 Practice Exam V10.02 Killtest 35.A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking?
The safer , easier way to help you pass any IT exams. 37.Given the following script: Which of the following BEST describes the purpose of this script?
22 / 22
38.Which of the following has a direct and significant impact on the budget of the security assessment? A. Scoping C. Scheduling D. Compliance requirement D. Target risk Answer: D
CompTIA PenTest+ PT0-001 Practice Exam V10.02 Killtest 39.After performing a security assessment for a firm, the client was found to have been billed for the time the client’s test environment was unavailable. The client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture