E Principle of social proof Answer B 30A recently concluded penetration test

E principle of social proof answer b 30a recently

This preview shows page 20 - 23 out of 23 pages.

20/ 22 E. Principle of social proof Answer: B 30.A recently concluded penetration test revealed that a legacy web application is vulnerable lo SQL injection Research indicates that completely remediating the vulnerability would require an architectural change, and the stakeholders are not m a position to risk the availability of the application Under such circumstances, which of the following controls are low-effort, short-term solutions to minimize the SQL injection risk? (Select TWO). 31.Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement? 32.A penetration tester is checking a script to determine why some basic math errors are persisting. The expected result was the program outputting “True”.Given the output from the console above, which of the following explains how to correct the errors in the script? (Choose two.)
CompTIA PenTest+ PT0-001 Practice Exam V10.02 Killtest33.Given the following Python script: Which of the following actions will it perform? The safer , easier way to help you pass any IT exams. 21 / 22 C. Change the ‘=’ to ‘ - eq’. D. Change ‘source’ and ‘dest’ to “$source” and “$dest”. E. Change ‘else’ to ‘elif’. Answer: B,D 34.A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer? A. Run the application through a dynamic code analyzer. B. Employ a fuzzing utility. C. Decompile the application. D. Check memory allocations. Answer:D 35.A penetration tester runs the following from a compromised box 'python -c -import pty;Pty.sPawn( "/bin/bash").' Which of the following actions is the tester taking? 36.A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?