Multiple Choice
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and password information. Which of the following is the MOST effective way to notify management of this finding and its importance?
A) Document the findings with an executive summary, recommendations, and screenshots of the web application disclosure.
B) Connect to the SQL server using this information and change the password to one or two non-critical accounts to demonstrate a proof--of-concept to management.
C) Notify the development team of the discovery and suggest that input validation be implemented with a professional penetration testing company.
D) Request that management create an RFP to begin a formal engagement with a professional penetration testing company.
Correct Answer:
Verified
Correct Answer:
Verified
Q94: A penetration tester is checking a script
Q95: Click the exhibit button. <img src="https://d2lvgg3v3hfg70.cloudfront.net/C1257/.jpg" alt="Click
Q96: A penetration tester is able to move
Q97: If a security consultant comes across a
Q98: While performing privilege escalation on a Windows
Q100: Which of the following actions BEST matches
Q101: Which of the following BEST explains why
Q102: After several attempts, an attacker was able
Q103: A penetration tester is attempting to open
Q104: A penetration tester is performing a wireless