Free CompTIA PenTest+ PT0-002 Practice Question
A penetration testing team is contracted to assess the security of an organization's web application. The scope of engagement explicitly states that social engineering attacks are not allowed. During the reconnaissance phase, which of the following activities should the penetration testers avoid to comply with the engagement rules?
Execute a Cross-Site Scripting (XSS) attack to test for output encoding and input validation measures.
Conduct a Cross-Site Request Forgery (CSRF) attack to test for anti-CSRF token implementation.
Scan the application's login page for SQL injection vulnerabilities.
Perform phishing attempts to gauge the organization's employee awareness and resilience to such attacks.
This question's topic:
CompTIA PenTest+ PT0-002 /
Planning and Scoping
SAVE $49