Which of the following outcomes of manually inspecting web links indicates the highest risk and should be prioritized for further investigation during a penetration testing engagement?
Discovery of server-side scripts that are not executed but can be downloaded through a web link.
Discovery of backup files containing source code and database credentials left in a directory accessible through a web link.
Uncovering personal data that appears to be used for test purposes in the development version of the site.
Finding several web links that are mislabeled leading to pages with different content than expected.
The correct answer is 'Discovery of backup files containing source code and database credentials left in a directory accessible through a web link.'. This is the highest risk because backup files can contain sensitive information including source code and credentials that could be used to gain unauthorized access to systems. Finding personal data or server scripts, while important, does not immediately constitute a high risk, and mislabeled links usually represent a lower risk related to site usability rather than security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are backup files considered high risk in penetration testing?
Open an interactive chat with Bash
What kind of information might be found in source code or database credentials?
Open an interactive chat with Bash
What are the common consequences of leaving sensitive files accessible through the web?