The latest changes and updates from the administration for this exam.
Latest Update: Jun 15 2026
All questions are working fine.
Alex, is a security consultant who has captured encrypted communications between two specialized systems. They analyze the captured data and attempt to identify patterns in the ciphertext to reveal the original message without needing the decryption key. What type of attack are they conducting?
During the Open-source Intelligence (OSINT) phase of a social engineering engagement, you are attempting to build a targeted phishing list for a client’s domain. You need to identify the organization’s standard email naming convention (e.g., first initial + last name) to generate additional likely email addresses that were not directly discovered. Which Hunter.io feature would BEST help you determine the company’s common email format?
What is a formal document that states what activities will be performed during a penetration test, what deliverables are expected by the customer, and the specific expectations of the business arrangement between the penetration tester and the organization?
During a web application penetration test of an e-commerce platform, a tester observes that item pricing is passed from the client to the server during checkout within hidden HTML form fields. By intercepting the request using a proxy tool, the tester modifies the price parameter before submission and successfully completes a purchase at a significantly reduced cost. Subsequent investigation confirms no evidence of database compromise or IDS (Intrusion Detection System) alerts. Which of the following techniques was MOST likely used to manipulate the transaction?
During a cloud security assessment, a penetration tester reviews a CI/CD (Continuous Integration/Continuous Delivery) pipeline used to build and deploy containerized workloads. The tester discovers that several container images stored in the organization’s registry have been modified to include unauthorized binaries that initiate outbound connections when deployed, despite no corresponding changes in the source repository. Which of the following attack surfaces BEST describes this scenario?
During a penetration test remediation review, an assessor reports a vulnerability that cannot be fully patched due to legacy application dependencies within the target environment. The organization determines that removing the vulnerable component would disrupt critical business operations. Which of the following should the organization implement to reduce the likelihood that the penetration tester could successfully exploit the vulnerability?
During the OSINT phase of a penetration test, an assessor is attempting to locate potentially exposed credential files hosted by the target organization. To narrow the search results, the tester crafts the following Google query to identify documents that might contain sensitive information:
https://www.google.com/search?q=password+filetype%3Axls+site%3Adiontraining.com&pws=0&filter=p
Which of the following statements correctly describe the behavior of this query? (SELECT THREE)
Select all that apply
A tester runs the following command:
The output shows:The application is scheduled for deployment within 24 hours. What should the tester prioritize?
During a cloud security assessment, a penetration tester identifies that several compute instances allow unauthenticated HTTP requests to an internal endpoint commonly used to retrieve instance configuration details. By issuing crafted requests to this endpoint, the tester is able to enumerate temporary credentials and role-based access information associated with the instance. Which of the following attack techniques is the tester MOST likely performing?
You are working as part of a DevSecOps team at an organization on a new practice exam web application. Which of the following tools should you utilize to scan the web application's database to determine if it is vulnerable to injection flaws?
