Security risks to web applications are common. Which does the OWASP deem as the most critical? (Select all that apply.) Select one or more: User Input Sanitization Insecure Data Transmission Lack of Code Signing Lack of Error Handling A PenTester is attempting to use PowerShell remoting to issue commands to remote systems, but it is not working. What could be the cause? Select one: It requires PSExec. It requires WinRM. It is deprecated. It is not a remote management system. An organization wants to implement video surveillance in all of its buildings but is concerned that threat actors may access the video feeds. Which of the following will NOT help the organization mitigate this threat? Select one: Use physical controls Patch the systems Use Wi-Fi Segregate the network An organization hired a PenTesting company to launch a social engineering attack. Who will the organization most likely inform of the attack prior to the launch? (Select all that apply.) Select one or more: The organization's department managers The organization's IT manager The organization's employees The organization's Chief Information Officer A Pentester needs to write a script to exploit a system and wants to keep it simple by using a general-purpose interpreted programming language that any new PenTesters joining the team in the future can easily understand. What options are available to the PenTester? (Select all that apply.) Select one or more: Python PowerShell Perl Ruby An administrator is troubleshooting the connection between an loT printer and a mobile device. What kind of connection is the administrator most likely troubleshooting? (Select all that apply.) Select one or more: BLE Bluetooth Wireless Ethernet A PenTester created an account in an organization's financial accounting system for testing, but the finance system does not provide a method to delete the account. Where will the PenTester need to remove this account when cleaning up after an exploit? Select one: Local machine User database AD DC An organization is following the recommendations on a PenTesting report by issuing all employees an RFID access card that each employee must use to enter the building. What kind of control is this? Select one: Video surveillance Role-based access control Biometric Access control vestibule An organization is working to determine their risk appetite. What kinds of issues will the organization need to consider? (Select all that apply.) Select one or more: Asset availability Employee turnover Catastrophic losses Personal harm A Pentesting company has provided an organization with a cost-benefit analysis to analyze the strengths and weaknesses of attematives and determine the best options available. Where would the PenTesting company include the cost-benefit analysis? Select one: Client acceptance Retest Lessons learned Attestation of findings An administrator is implementing multifactor authentication in an organization which will involve using at least fwo authentication types. Which of the following are valid authentication types? (Select all that apply.) Select one or more: Something you know Something you are Something you have Something you do An organization is reviewing a report from a recent PenTest. Which section of the report will help the organization understand the relationship between the PenTest findings and their implications to the organization? Select one: Risk prioritization Risk rating Risk appetite Business impact analysis A mobile device user installed a new task management application and allowed the app to have access to all the access permissions requested without checking to see why it wanted them. What kind of attack is this? Select one: Drive by downloads Spyware Execution of activities using root Over-reach of permissions A Pentester has accessed a host with the purpose of compromising other hosts that are not accessible without the pivot. What are some methods the Pentester can use to spread out to the other hosts? (Select all that apply.) Select one or more: X Window System (X) Virtual Network Computing (VNC) Port forwarding Modifying routing tables An organization is reviewing the contents of a report and has questions about the framework that the PenTesters used to conduct the penetration test. What section of the report is the organization referring to? Select one: Methodology Findings Attack narrative Scope