New Release PT0-002 PenTest+ Questions

Page: 5 / 32

Question 20

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

Options:

The reverse-engineering team may have a history of selling exploits to third parties.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

The reverse-engineering team will be given access to source code for analysis.

Question 21

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

Options:

The CVSS score of the finding

The network location of the vulnerable device

The vulnerability identifier

The client acceptance form

The name of the person who found the flaw

The tool used to find the issue

Question 22

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

Options:

HTTPS communication

Public and private keys

Password encryption

Sessions and cookies

Question 23

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?