A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following: Which of the following would be a recommendation for remediation?

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack?

A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?