Exam Questions with Correct Answers
(Verified Answers) Plus Rationales 2026
Q&A | Instant Download Pdf
1. During an authorized web application assessment, a tester discovers that a
user can modify a parameter in a URL and access another user's account
information. Which vulnerability is MOST likely present?
A. Insecure Direct Object Reference (IDOR)
B. SQL Injection
C. Cross-Site Scripting
D. DNS Spoofing
Answer: A. Insecure Direct Object Reference (IDOR)
Rationale: IDOR vulnerabilities occur when access controls fail to validate
authorization for requested resources.
2. A cloud security assessment reveals that a storage bucket is publicly
accessible. Which risk should be evaluated FIRST?
A. Exposure of sensitive data
B. CPU utilization
C. Network latency
D. Disk fragmentation
Answer: A. Exposure of sensitive data
Rationale: Publicly accessible storage can lead to unauthorized disclosure of
confidential information.
3. During an Active Directory assessment, a tester identifies accounts with
Service Principal Names (SPNs). Why might these accounts receive additional
scrutiny?
,A. They may be susceptible to Kerberos service ticket attacks if poorly configured
B. They cannot authenticate
C. They disable domain controllers
D. They prevent auditing
Answer: A. They may be susceptible to Kerberos service ticket attacks if poorly
configured
Rationale: Service accounts with weak credentials may create elevated risk within
Active Directory environments.
4. A tester discovers that a web application fails to validate user-supplied file
paths. Which vulnerability should be suspected?
A. Directory Traversal
B. Clickjacking
C. Session Fixation
D. DNS Poisoning
Answer: A. Directory Traversal
Rationale: Improper path validation may permit unauthorized file access.
5. During a wireless assessment, a rogue access point is identified within the
corporate environment. What is the PRIMARY concern?
A. Unauthorized network access and traffic interception
B. Improved wireless coverage
C. Reduced network segmentation
D. Increased throughput
Answer: A. Unauthorized network access and traffic interception
Rationale: Rogue devices may bypass security controls and expose network traffic.
6. A penetration tester obtains low-privileged access to a Windows server. What
should be evaluated NEXT if authorized?
A. Privilege escalation opportunities
B. Data destruction procedures
C. Log deletion methods
D. Service shutdown processes
, Answer: A. Privilege escalation opportunities
Rationale: Authorized testing often evaluates whether privilege boundaries can be
bypassed.
7. During an incident response investigation, unusual outbound traffic is
observed at regular intervals. What should be suspected FIRST?
A. Potential command-and-control communications
B. Hardware upgrades
C. Scheduled backups only
D. Printer maintenance
Answer: A. Potential command-and-control communications
Rationale: Repeated outbound connections may indicate compromised systems
communicating externally.
8. A tester discovers an API endpoint that exposes sensitive data without
authentication. What security principle is MOST directly affected?
A. Confidentiality
B. Availability
C. Scalability
D. Redundancy
Answer: A. Confidentiality
Rationale: Unauthorized data exposure compromises confidentiality.
9. A cloud environment contains virtual machines with unnecessary
administrative ports exposed to the internet. Which risk increases MOST
significantly?
A. Unauthorized access opportunities
B. Compression failures
C. Disk optimization issues
D. Hardware redundancy
Answer: A. Unauthorized access opportunities
Rationale: Exposed management services expand the attack surface.