PT0-003 Exam Dumps | During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5

<< Prev Question Next Question >>

Question 95/184

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

A. Command injection

B. Broken authentication

C. Direct object reference

D. Cross-site scripting

Question List (184q): Question 1: A penetration tester is reviewing the security of a web appl...; Question 2: User credentials were captured from a database during an ass...; Question 3: During an engagement, a penetration tester found the followi...; Question 4: A security analyst needs to perform an on-path attack on BLE...; Question 5: A penetration tester who is performing a physical assessment...; Question 6: A company obtained permission for a vulnerability scan from ...; Question 7: Given the following output: User-agent:* Disallow: /author/ ...; Question 8: A penetration tester is testing a new version of a mobile ap...; Question 9: A new security firm is onboarding its first client. The clie...; Question 10: During a vulnerability scan a penetration tester enters the ...; Question 11: Which of the following is the BEST resource for obtaining pa...; Question 12: A penetration tester is looking for a vulnerability that ena...; Question 13: A penetration testing firm performs an assessment every six ...; Question 14: A penetration tester has gained access to a network device t...; Question 15: A penetration tester needs to perform a test on a finance sy...; Question 16: As part of an active reconnaissance, a penetration tester in...; Question 17: An assessor wants to use Nmap to help map out a stateful fir...; Question 18: A penetration tester fuzzes an internal server looking for h...; Question 19: A penetration tester is testing input validation on a search...; Question 20: A penetration tester wants to test a list of common password...; Question 21: The provision that defines the level of responsibility betwe...; Question 22: ion tester is attempting to get more people from a target co...; Question 23: During an assessment, a penetration tester obtains a list of...; Question 24: A penetration tester finds a PHP script used by a web applic...; Question 25: Which of the following is the most secure method for sending...; Question 26: A penetration tester is trying to bypass an active response ...; Question 27: A penetration tester is testing a web application that is ho...; Question 28: A penetration tester has gained access to part of an interna...; Question 29: Given the following code: $p = (80, 110, 25) $network = (192...; Question 30: In Java and C/C++, variable initialization is critical becau...; Question 31: A security firm has been hired to perform an external penetr...; Question 32: A penetration tester wants to find hidden information in doc...; Question 33: Which of the following protocols or technologies would provi...; Question 34: When accessing the URL http://192.168.0-1/validate/user.php,...; Question 35: A security company has been contracted to perform a scoped i...; Question 36: A security analyst is conducting an unknown environment test...; Question 37: A penetration tester is looking for a particular type of ser...; Question 38: A penetration tester wants to identify CVEs that can be leve...; Question 39: Which of the following expressions in Python increase a vari...; Question 40: A penetration tester issues the following command after obta...; Question 41: A company conducted a simulated phishing attack by sending i...; Question 42: A penetration tester opened a reverse shell on a Linux web s...; Question 43: A penetration tester has been hired to examine a website for...; Question 44: During an assessment, a penetration tester found a suspiciou...; Question 45: A penetration tester conducted a discovery scan that generat...; Question 46: A penetration tester discovers a vulnerable web server at 10...; Question 47: A penetration tester has established an on-path position bet...; Question 48: A penetration tester noticed that an employee was using a wi...; Question 49: A client has requested that the penetration test scan includ...; Question 50: During a penetration test, a tester is in close proximity to...; Question 51: A penetration tester wrote the following Bash script to brut...; Question 52: Which of the following members of a client organization are ...; Question 53: Which of the following tools would BEST allow a penetration ...; Question 54: A penetration tester finds a PHP script used by a web applic...; Question 55: A penetration tester is testing a company's public API and d...; Question 56: A penetration tester was hired to perform a physical securit...; Question 57: Which of the following provides a matrix of common tactics a...; Question 58: A penetration tester is performing an assessment for an orga...; Question 59: A penetration tester examines a web-based shopping catalog a...; Question 60: A penetration tester runs the following command on a system:...; Question 61: The attacking machine is on the same LAN segment as the targ...; Question 62: A penetration tester has been provided with only the public ...; Question 63: A company that requires minimal disruption to its daily acti...; Question 64: Running a vulnerability scanner on a hybrid network segment ...; Question 65: A penetration tester was contracted to test a proprietary ap...; Question 66: A penetration tester recently completed a review of the secu...; Question 67: A penetration tester is reviewing the following SOW prior to...; Question 68: A penetration tester conducted a vulnerability scan against ...; Question 69: A penetration tester requested, without express authorizatio...; Question 70: After gaining access to a previous system, a penetration tes...; Question 71: A penetration tester has found indicators that a privileged ...; Question 72: A penetration tester ran an Nmap scan on an Internet-facing ...; Question 73: A penetration tester is conducting an assessment on 192.168....; Question 74: A Chief Information Security Officer wants a penetration tes...; Question 75: You are a penetration tester running port scans on a server....; Question 76: Which of the following should a penetration tester do NEXT a...; Question 77: Which of the following would assist a penetration tester the...; Question 78: The results of an Nmap scan are as follows: Starting Nmap 7....; Question 79: A penetration tester gains access to a system and establishe...; Question 80: A penetration tester is performing a vulnerability scan on a...; Question 81: A penetration tester wants to accomplish ARP poisoning as pa...; Question 82: A Chief Information Security Officer wants to evaluate the s...; Question 83: A company's Chief Executive Officer has created a secondary ...; Question 84: Which of the following assessment methods is the most likely...; Question 85: Which of the following types of information would most likel...; Question 86: During a client engagement, a penetration tester runs the fo...; Question 87: Given the following script: while True: print ("Hello World"...; Question 88: After performing a web penetration test, a security consulta...; Question 89: A company that developers embedded software for the automobi...; Question 90: A penetration tester runs the following command: nmap -p- -A...; Question 91: Which of the following should a penetration tester consider ...; Question 92: A penetration tester has completed an analysis of the variou...; Question 93: A penetration tester has been given eight business hours to ...; Question 94: A company requires that all hypervisors have the latest avai...; Question 95: During a penetration test, a tester is able to change values...; Question 96: Which of the following would MOST likely be included in the ...; Question 97: A penetration tester wrote the following script to be used i...; Question 98: A penetration tester is evaluating a company's network perim...; Question 99: A penetration tester has identified several newly released C...; Question 100: A penetration tester is contracted to attack an oil rig netw...; Question 101: Which of the following assessment methods is MOST likely to ...; Question 102: Which of the following documents is agreed upon by all parti...; Question 103: A consultant just performed a SYN scan of all the open ports...; Question 104: A company hired a penetration tester to do a social-engineer...; Question 105: A penetration tester is assessing a wireless network. Althou...; Question 106: A penetration tester is required to perform a vulnerability ...; Question 107: The following output is from reconnaissance on a public-faci...; Question 108: Which of the following describes the reason why a penetratio...; Question 109: A security engineer identified a new server on the network a...; Question 110: A company is concerned that its cloud VM is vulnerable to a ...; Question 111: A security firm is discussing the results of a penetration t...; Question 112: A penetration tester is enumerating shares and receives the ...; Question 113: After running the enum4linux.pl command, a penetration teste...; Question 114: A penetration tester is cleaning up and covering tracks at t...; Question 115: Which of the following describes how a penetration tester co...; Question 116: A penetration tester needs to upload the results of a port s...; Question 117: A penetration tester is performing reconnaissance for a web ...; Question 118: Given the following code: (Exhibit) Which of the following d...; Question 119: An organization wants to identify whether a less secure prot...; Question 120: A penetration tester gains access to a system and is able to...; Question 121: Performing a penetration test against an environment with SC...; Question 122: A penetration tester is working to enumerate the PLC devices...; Question 123: A security firm is discussing the results of a penetration t...; Question 124: A penetration tester was able to compromise a server and esc...; Question 125: Penetration tester who was exclusively authorized to conduct...; Question 126: A penetration tester who is performing an engagement notices...; Question 127: Which of the following is a rules engine for managing public...; Question 128: A penetration tester needs to access a building that is guar...; Question 129: Which of the following BEST describe the OWASP Top 10? (Choo...; Question 130: Which of the following factors would a penetration tester mo...; Question 131: A penetration tester is performing an assessment for an appl...; Question 132: A penetration tester is working on a scoping document with a...; Question 133: A penetration tester is conducting an engagement against an ...; Question 134: A company uses a cloud provider with shared network bandwidt...; Question 135: The output from a penetration testing tool shows 100 hosts c...; Question 136: A penetration-testing team is conducting a physical penetrat...; Question 137: A penetration tester discovered that a client uses cloud mai...; Question 138: During a penetration test, you gain access to a system with ...; Question 139: During a penetration test, the domain names, IP ranges, host...; Question 140: A tester who is performing a penetration test discovers an o...; Question 141: A security professional wants to test an IoT device by sendi...; Question 142: Which of the following BEST explains why a penetration teste...; Question 143: Which of the following elements of a penetration testing rep...; Question 144: Company.com has hired a penetration tester to conduct a phis...; Question 145: A potential reason for communicating with the client point o...; Question 146: An external consulting firm is hired to perform a penetratio...; Question 147: A client asks a penetration tester to retest its network a w...; Question 148: A penetration tester utilized Nmap to scan host 64.13.134.52...; Question 149: A penetration tester is conducting a penetration test and di...; Question 150: A penetration tester who is doing a security assessment disc...; Question 151: Penetration tester has discovered an unknown Linux 64-bit ex...; Question 152: Which of the following tools would be BEST suited to perform...; Question 153: Which of the following provides an exploitation suite with p...; Question 154: A penetration tester is attempting to discover live hosts on...; Question 155: A penetration tester exploited a vulnerability on a server a...; Question 156: A penetration tester is conducting an Nmap scan and wants to...; Question 157: During the scoping phase of an assessment, a client requeste...; Question 158: Which of the following is most important to include in the f...; Question 159: A customer adds a requirement to the scope of a penetration ...; Question 160: Which of the following tools should a penetration tester use...; Question 161: A penetration tester opened a shell on a laptop at a client'...; Question 162: A penetration tester is testing a new API for the company's ...; Question 163: A final penetration test report has been submitted to the bo...; Question 164: Which of the following commands will allow a penetration tes...; Question 165: A penetration tester is scanning a corporate lab network for...; Question 166: A penetration tester wants to validate the effectiveness of ...; Question 167: A penetration tester wants to find the password for any acco...; Question 168: A penetration tester was hired to test Wi-Fi equipment. Whic...; Question 169: A security analyst needs to perform a scan for SMB port 445 ...; Question 170: During an assessment, a penetration tester inspected a log a...; Question 171: During a code review assessment, a penetration tester finds ...; Question 172: An Nmap scan of a network switch reveals the following: (Exh...; Question 173: Which of the following is the most important aspect to consi...; Question 174: A company has recruited a penetration tester to conduct a vu...; Question 175: An organization's Chief Information Security Officer debates...; Question 176: During a penetration-testing engagement, a consultant perfor...; Question 177: A penetration tester is exploring a client's website. The te...; Question 178: A penetration tester managed to exploit a vulnerability usin...; Question 179: Which of the following is the most common vulnerability asso...; Question 180: A penetration tester completed a vulnerability scan against ...; Question 181: A penetration tester is conducting an assessment for an e-co...; Question 182: A penetration tester was able to gain access successfully to...; Question 183: Which of the following tools would help a penetration tester...; Question 184: Which of the following best explains why communication is a ...

Question 95/184

LEAVE A REPLY

Download PDF File