CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

A penetration testing team is contracted to assess the security of an organization's web application. The scope of engagement explicitly states that social engineering attacks are not allowed. During the reconnaissance phase, which of the following activities should the penetration testers avoid to comply with the engagement rules?

  • Conduct a Cross-Site Request Forgery (CSRF) attack to test for anti-CSRF token implementation.

  • Scan the application's login page for SQL injection vulnerabilities.

  • Execute a Cross-Site Scripting (XSS) attack to test for output encoding and input validation measures.

  • Perform phishing attempts to gauge the organization's employee awareness and resilience to such attacks.

This question is for objective:
Planning and Scoping
Your Score:
Planning and Scoping
Information Gathering and Vulnerability Scanning
Attacks and Exploits
Reporting and Communication
Tools and Code Analysis