A penetration tester is reviewing the following SOW prior to engaging with a client:
Network diagrams, logical and physical asset inventory, and employees names are to be treated as client confidential.
Upon completion of the engagement, the penetration tester will submit findings to the clients Chief Information Security
Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
A penetration tester recently completed a review of the security of a core network device within a corporate environment.
The key findings are as follows:
The following request was intercepted going to the network device:
GET /login HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
Network management interfaces are available on the production network.
An Nmap scan returned the following:
Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be
sent back to a target host. Which of the following utilities would BEST support this objective?
A penetration tester performs the following command:
curl I http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following
should the company do NEXT?
A penetration tester writes the following script:
Which of the following objectives is the tester attempting to achieve?
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team
immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the
following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap
commands will return vulnerable ports that might be interesting to a potential attacker?
A penetration tester conducted a vulnerability scan against a clients critical servers and found the following:
Which of the following would be a recommendation for remediation?
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in
cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester
realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the
tester to take NEXT with this information?