Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code?
Which of the following would MOST likely be included in the final report of a static application-security test that was written
with a team of application developers as the intended audience?
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a
MINIMAL chance of detection? (Choose two.)
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target
companys servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to
determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is
the MOST important action to take before starting this type of assessment?
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering
around the companys web presence. Which of the following would the tester find MOST helpful in the initial information-
gathering steps? (Choose two.)
A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5 |_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?
A penetration tester wants to scan a target network without being detected by the clients IDS. Which of the following scans
is MOST likely to avoid detection?
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results
Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which
of the following should the security company have acquired BEFORE the start of the assessment?