PT0-002 Exam Dumps | A company developed a new web application to allow its customers to submit loan applications. A penetration

<< Prev Question Next Question >>

Question 180/193

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field:
IMG SRC=vbscript:msgbox ("Vulnerable_to_Attack") ;
>originalAttribute="SRC"originalPath="vbscript;msgbox ("Vulnerable_to_Attack ") ;>" When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays "Vulnerable_to_Attack." Which of the following vulnerabilities did the tester discover in the web application?

A. Cross-site scripting

B. Cross-site request forgery

C. Command injection

D. SQL injection

Question List (193q): Question 1: A penetration tester ran the following commands on a Windows...; Question 2: A penetration tester wants to test a list of common password...; Question 3: A penetration tester is preparing a credential stuffing atta...; Question 4: A penetration tester is taking screen captures of hashes obt...; Question 5: A security analyst is conducting an unknown environment test...; Question 6: A penetration tester has prepared the following phishing ema...; Question 7: A penetration tester is reviewing the following SOW prior to...; Question 8: Which of the following would be the most efficient way to wr...; Question 9: A penetration tester found the following valid URL while doi...; Question 10: A penetration tester wants to scan a target network without ...; Question 11: A penetration tester has extracted password hashes from the ...; Question 12: Penetration tester who was exclusively authorized to conduct...; Question 13: Within a Python script, a line that states print (var) outpu...; Question 14: A penetration tester requested, without express authorizatio...; Question 15: A penetration tester managed to exploit a vulnerability usin...; Question 16: Company.com has hired a penetration tester to conduct a phis...; Question 17: A CentOS computer was exploited during a penetration test. D...; Question 18: Which of the following types of information would MOST likel...; Question 19: A penetration tester is explaining the MITRE ATT&CK fram...; Question 20: A company that developers embedded software for the automobi...; Question 21: Which of the following should a penetration tester attack to...; Question 22: A penetration tester was able to gain access successfully to...; Question 23: A penetration tester has obtained shell access to a Windows ...; Question 24: A penetration tester is required to perform a vulnerability ...; Question 25: A penetration tester needs to perform a vulnerability scan a...; Question 26: Which of the following tools provides Python classes for int...; Question 27: A company that requires minimal disruption to its daily acti...; Question 28: A penetration tester received a .pcap file to look for crede...; Question 29: A penetration-testing team is conducting a physical penetrat...; Question 30: A penetration tester needs to access a building that is guar...; Question 31: A penetration tester completed an assessment, removed all ar...; Question 32: A penetration tester is conducting a test after hours and no...; Question 33: A penetration tester was contracted to test a proprietary ap...; Question 34: A consultant just performed a SYN scan of all the open ports...; Question 35: An exploit developer is coding a script that submits a very ...; Question 36: A penetration tester has gained access to the Chief Executiv...; Question 37: A penetration-testing team needs to test the security of ele...; Question 38: A client would like to have a penetration test performed tha...; Question 39: A penetration tester is conducting an assessment against a g...; Question 40: During a penetration test, you gain access to a system with ...; Question 41: A security analyst needs to perform an on-path attack on BLE...; Question 42: A penetration tester is examining a Class C network to ident...; Question 43: A penetration tester developed the following script to be us...; Question 44: A penetration tester discovers passwords in a publicly avail...; Question 45: Which of the following tools would be MOST useful in collect...; Question 46: The results of an Nmap scan are as follows: (Exhibit) Which ...; Question 47: A client asks a penetration tester to retest its network a w...; Question 48: A penetration tester is reviewing the security of a web appl...; Question 49: ion tester is attempting to get more people from a target co...; Question 50: A penetration tester is scanning a corporate lab network for...; Question 51: The following line-numbered Python code snippet is being use...; Question 52: A client wants a security assessment company to perform a pe...; Question 53: As part of an active reconnaissance, a penetration tester in...; Question 54: A penetration tester who is conducting a web-application tes...; Question 55: A penetration tester gains access to a system and is able to...; Question 56: A red team gained access to the internal network of a client...; Question 57: A penetration tester finds a PHP script used by a web applic...; Question 58: In the process of active service enumeration, a penetration ...; Question 59: A penetration tester has identified several newly released C...; Question 60: A penetration tester has been given eight business hours to ...; Question 61: A penetration tester is trying to restrict searches on Googl...; Question 62: A penetration tester is assessing a wireless network. Althou...; Question 63: A penetration tester is conducting a penetration test. The t...; Question 64: A penetration tester is cleaning up and covering tracks at t...; Question 65: Which of the following tools would be best suited to perform...; Question 66: The output from a penetration testing tool shows 100 hosts c...; Question 67: A mail service company has hired a penetration tester to con...; Question 68: When planning a penetration-testing effort, clearly expressi...; Question 69: The following PowerShell snippet was extracted from a log of...; Question 70: A penetration tester who is performing a physical assessment...; Question 71: A penetration tester is looking for a particular type of ser...; Question 72: A penetration tester conducted an assessment on a web server...; Question 73: A potential reason for communicating with the client point o...; Question 74: A penetration tester created the following script to use in ...; Question 75: The results of an Nmap scan are as follows: Starting Nmap 7....; Question 76: User credentials were captured from a database during an ass...; Question 77: A penetration tester discovers during a recent test that an ...; Question 78: A penetration tester was conducting a penetration test and d...; Question 79: A penetration tester learned that when users request passwor...; Question 80: A penetration tester executes the following Nmap command and...; Question 81: A penetration tester is testing a new version of a mobile ap...; Question 82: A penetration tester is conducting an assessment on 192.168....; Question 83: The delivery of a penetration test within an organization re...; Question 84: After compromising a system, a penetration tester wants more...; Question 85: A penetration tester is enumerating shares and receives the ...; Question 86: A security engineer identified a new server on the network a...; Question 87: A penetration tester is conducting an engagement against an ...; Question 88: Which of the following tools would help a penetration tester...; Question 89: A penetration tester conducted a discovery scan that generat...; Question 90: Given the following user-supplied data: www.comptia.com/info...; Question 91: A penetration tester was able to compromise a server and esc...; Question 92: A penetration tester is attempting to discover live hosts on...; Question 93: A penetration tester is performing an assessment for an orga...; Question 94: A penetration tester will be performing a vulnerability scan...; Question 95: A new client hired a penetration-testing company for a month...; Question 96: A software development team is concerned that a new product'...; Question 97: A penetration tester runs the following command: l.comptia.l...; Question 98: A company is concerned that its cloud VM is vulnerable to a ...; Question 99: During an assessment, a penetration tester emailed the follo...; Question 100: Which of the following situations would require a penetratio...; Question 101: A penetration tester is able to capture the NTLM challenge-r...; Question 102: During a vulnerability scan a penetration tester enters the ...; Question 103: In Java and C/C++, variable initialization is critical becau...; Question 104: A penetration tester ran a ping -A command during an unknown...; Question 105: Which of the following provides a matrix of common tactics a...; Question 106: Appending string values onto another string is called:...; Question 107: PCI DSS requires which of the following as part of the penet...; Question 108: A penetration tester is contracted to attack an oil rig netw...; Question 109: Which of the following is the most important aspect to consi...; Question 110: A Chief Information Security Officer wants to evaluate the s...; Question 111: During the scoping phase of an assessment, a client requeste...; Question 112: For an engagement, a penetration tester is required to use o...; Question 113: A penetration tester has completed an analysis of the variou...; Question 114: Which of the following types of assessments MOST likely focu...; Question 115: A penetration tester is starting an assessment but only has ...; Question 116: A company requires that all hypervisors have the latest avai...; Question 117: A security analyst needs to perform a scan for SMB port 445 ...; Question 118: Which of the following is a rules engine for managing public...; Question 119: A penetration tester attempted a DNS poisoning attack. After...; Question 120: A security company has been contracted to perform a scoped i...; Question 121: A penetration tester has established an on-path attack posit...; Question 122: Which of the following should be included in scope documenta...; Question 123: A penetration tester downloaded a Java application file from...; Question 124: When accessing the URL http://192.168.0-1/validate/user.php,...; Question 125: A penetration tester examines a web-based shopping catalog a...; Question 126: A penetration tester discovered a vulnerability that provide...; Question 127: A penetration tester writes the following script: (Exhibit) ...; Question 128: Which of the following is the MOST common vulnerability asso...; Question 129: A private investigation firm is requesting a penetration tes...; Question 130: A security firm is discussing the results of a penetration t...; Question 131: A large client wants a penetration tester to scan for device...; Question 132: A software company has hired a security consultant to assess...; Question 133: Which of the following BEST describes why a client would hol...; Question 134: A red team completed an engagement and provided the followin...; Question 135: While performing the scanning phase of a penetration test, t...; Question 136: A penetration tester wants to find hidden information in doc...; Question 137: A penetration tester who is doing a company-requested assess...; Question 138: A penetration tester has found indicators that a privileged ...; Question 139: A penetration tester wrote the following comment in the fina...; Question 140: During an engagement, a penetration tester found the followi...; Question 141: A security analyst is conducting an unknown environment test...; Question 142: A penetration tester has been hired to perform a physical pe...; Question 143: A penetration tester runs the following command: nmap -p- -A...; Question 144: A penetration tester is performing a vulnerability scan on a...; Question 145: An external consulting firm is hired to perform a penetratio...; Question 146: During an assessment, a penetration tester gathered OSINT fo...; Question 147: Performing a penetration test against an environment with SC...; Question 148: A penetration tester is testing a web application that is ho...; Question 149: Which of the following elements of a penetration testing rep...; Question 150: Which of the following describes the reason why a penetratio...; Question 151: Penetration tester is developing exploits to attack multiple...; Question 152: A penetration tester is conducting an assessment for an e-co...; Question 153: Which of the following documents describes activities that a...; Question 154: A penetration tester who is working remotely is conducting a...; Question 155: Which of the following web-application security risks are pa...; Question 156: Which of the following assessment methods is MOST likely to ...; Question 157: A company recruited a penetration tester to configure wirele...; Question 158: A penetration tester breaks into a company's office building...; Question 159: During an assessment, a penetration tester obtains a list of...; Question 160: Which of the following describes how a penetration tester co...; Question 161: A penetration tester logs in as a user in the cloud environm...; Question 162: A penetration tester is conducting an assessment on 192.168....; Question 163: A penetration tester wrote the following script on a comprom...; Question 164: A final penetration test report has been submitted to the bo...; Question 165: Which of the following is most important to include in the f...; Question 166: A penetration tester was able to compromise a web server and...; Question 167: Which of the following tools would be best to use to conceal...; Question 168: A penetration tester is reviewing the logs of a proxy server...; Question 169: During a penetration-testing engagement, a consultant perfor...; Question 170: A penetration tester is looking for vulnerabilities within a...; Question 171: During an assessment, a penetration tester manages to exploi...; Question 172: A penetration tester would like to obtain FTP credentials by...; Question 173: An executive needs to use Wi-Fi to connect to the company's ...; Question 174: A penetration tester is working to enumerate the PLC devices...; Question 175: Given the following code: <SCRIPT>var+img=new+Image();...; Question 176: Which of the following concepts defines the specific set of ...; Question 177: A consulting company is completing the ROE during scoping. W...; Question 178: Which of the following documents would be the most helpful i...; Question 179: A penetration tester issues the following command after obta...; Question 180: A company developed a new web application to allow its custo...; Question 181: A company uses a cloud provider with shared network bandwidt...; Question 182: A penetration tester opened a reverse shell on a Linux web s...; Question 183: A penetration tester wrote the following script to be used i...; Question 184: During a web application test, a penetration tester was able...; Question 185: A penetration tester needs to upload the results of a port s...; Question 186: Which of the following is the most common vulnerability asso...; Question 187: A penetration tester requested, without express authorizatio...; Question 188: A penetration tester wants to find the password for any acco...; Question 189: Which of the following tools would be BEST suited to perform...; Question 190: Which of the following would assist a penetration tester the...; Question 191: A penetration tester gains access to a system and establishe...; Question 192: A penetration tester wants to perform reconnaissance without...; Question 193: A penetration tester is testing input validation on a search...

Question 180/193

LEAVE A REPLY

Download PDF File