A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

1. A. Whether sensitive client data is publicly accessible
2. B. Whether the connection between the cloud and the client is secure
3. C. Whether the client's employees are trained properly to use the platform
4. D. Whether the cloud applications were developed using a secure SDLC

Correct Answer: A

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

1. A. Specially craft and deploy phishing emails to key company leaders.
2. B. Run a vulnerability scan against the company's external website.
3. C. Runtime the company's vendor/supply chain.
4. D. Scrape web presences and social-networking sites.

Correct Answer: D

A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?

1. A. Key reinstallation
2. B. Deauthentication
3. C. Evil twin
4. D. Replay

Correct Answer: B
Deauth will make the client connect again

Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

1. A. Dictionary
2. B. Directory
3. C. Symlink
4. D. Catalog
5. E. For-loop

Correct Answer: A
A dictionary can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools. A dictionary is a collection of key-value pairs that can be accessed by using the keys. For example, a dictionary can store usernames and passwords, or IP addresses and hostnames, that can be used as input for brute-force or reconnaissance tools.

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

1. A. The web server is using a WAF.
2. B. The web server is behind a load balancer.
3. C. The web server is redirecting the requests.
4. D. The local antivirus on the web server Is rejecting the connection.

Correct Answer: A
A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.