Answers to Assessment Test

  1. B. Web applications commonly experience SQL injection, buffer overflow, and cross-site scripting vulnerabilities. Virtual machine (VM) escape attacks work against the hypervisor of a virtualization platform and are not generally exploitable over the Web. You’ll learn more about all of these vulnerabilities in Chapters 5 and 9.
  2. B. A nondisclosure agreement, or NDA, is a legal agreement that is designed to protect the confidentiality of the client’s data and other information that the penetration tester may encounter during the test. An SOW is a statement of work, which defines what will be done during an engagement, an MSA is a master services agreement that sets the overall terms between two organizations (which ...

Get CompTIA PenTest+ Study Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.