Which of the following is an example of a spear phishing attack?

• A.Targeting an executive with an SMS attack
• B.Targeting a specific team with an email attack
• C.Targeting random users with a USB key drop
• D.Targeting an organization with a watering hole attack

Comment: *

Name: *

Email: *

Verification: *

A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?

• A.The client's preferred wireless access point vendor
• B.The number of wireless devices owned by the client
• C.The physical location and network ESSIDs to be tested
• D.The bands and frequencies used by the client's devices

Comment: *

Name: *

Email: *

Verification: *

A company requested a penetration tester review the security of an in-house-developed Android application. The penetration tester received an APK file to support the assessment.
The penetration tester wants to run SAST on the APK file. Which of the following preparatory steps must the penetration tester do FIRST? (Select TWO)

• A.Cross-compile the application
• B.Decompile
• C.Attach to ADB
• D.Convert to JAR
• E.Re-sign the APK
• F.Convert JAR files to DEX

Comment: *

Name: *

Email: *

Verification: *

A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is functioning correctly. Which of the following is MOST likely the issue?

• A.The penetration tester was not provided with a WSDL file.
• B.The tester has provided an incorrect password for the application.
• C.An IPS/WAF whitelist is in place to protect the environment.
• D.The penetration tester needs an OAuth bearer token.

Comment: *

Name: *

Email: *

Verification: *

A system security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR files. Which of the following would be the MOST detailed method to gather information on the inner working of these applications?

• A.Decompile the applications to approximate source code and then conduct a manual review
• B.Use a static code analyzer on the JAR filet to look for code Quality deficiencies
• C.Launch the applications and use dynamic software analysis tools, including fuzz testing
• D.Review the details and extensions of the certificate used to digitally sign the code and the application

Comment: *

Name: *

Email: *

Verification: *