Home > CompTIA PenTest+ Certification > Quizzes > CompTIA PenTest+ Certification Exam: Web and Database Attacks
CompTIA PenTest+ Certification Exam: Web and Database Attacks
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 88% Most missed: “One of the members of your pentest team is trying to insert a malicious record i…”
CompTIA PenTest+ Certification Exam: Web and Database Attacks
Time left 00:00
9 Questions

1. A user-defined function can help facilitate command execution during a pentest if the compromised database user has admin rights (e.g., root) or elevated privileges and the database is configured with the sys_exec() and __________ functions.
2. What is the purpose of the following PHP code?
3. One of the members of your pentest team is trying to insert a malicious record in the MySQL database that will execute some proof-of-concept code to steal cookies from a user’s web browser. However, the INSERT statement is not working. Looking at the following syntax, what is the likely cause of the error?
4. What is the purpose of the following PHP code?
5. Which of the following options could be an IDOR, .jpg' width='400px'> the following URLs?
6. You come across a web page that requires authentication with a valid username and login. Using CeWL, you decide to build your own wordlist using content derived from the website. The website has many pages, and you decide to start from the index.html page and go five pages deeper into the site to identify word lengths that are a minimum of eight characters. Which command options will help you build the wordlist you are looking for?
7. Which of the following options could be an IDOR, .jpg' width='400px'> the following URLs?
8. Given the following URL, which two methods could be used to test for SQL injection against the database within the web parameters?
http://example.com/page.php?id=1&acct=162;jsessionid=567323456798
9. While testing a web application running on Windows Server 2016, you find a web parameter vulnerability to a path traversal attack. Which of the following choices would be the best choice at demonstrating a path traversal attack?