A penetration test must comply with PCI DSS requirements. Which scoping consideration is critical?

You’re reviewing a Bash script used in a pen test. Which command identifies a potential command injection flaw?

A client requests a report tailored for non-technical executives. Which section should you prioritize?

You’re tasked with exploiting a web app via cross-site scripting (XSS). Which payload tests for reflected XSS?

A scan reveals an open port 445 on a Windows host. Which command confirms if SMB is exploitable?

You need to analyze a Python script for potential vulnerabilities. Which tool identifies insecure coding practices?

After a penetration test, you identify a critical vulnerability. Which report section should detail steps to fix it?

A web server is vulnerable to SQL injection. Which payload tests for this without modifying data?

You’re conducting passive reconnaissance on a target. Which tool retrieves historical DNS records without alerting the target?

A client requires a penetration test but prohibits testing during business hours. Which document should you update to reflect this constraint?