A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?
PenTest+ Practice Tests Book - SYBEX - Chapter 7
A. A TCP SYN flood (also known as a SYN flood) is a form of denial of service (DoS) attack in which a tester sends a succession of SYN requests to the target’s system in an attempt to consume enough server resources to make the system unresponsive to genuine traffic. This exploits part of the normal TCP three-way handshake and consumes resources on the targeted server and renders it unresponsive.
Pentesters will perform whatever the client wants as long as there is permission to do that. if it is in the SOW, then DOS attack can be performed. are you a pentester, or you just cram to pass exams?
I'm going with B. It's asking you to test the WebApp for availability not the server it's being hosted on. SQL injection tests the web app and could also render the WebApp unavailable by deleting the underlying DB content.
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GOKU1984
Highly Voted 5 years, 1 month agowho__cares123456789___
4 years, 2 months agomr_robot
Highly Voted 5 years, 1 month agodeathfrom
5 years agodeathfrom
4 years, 11 months agowho__cares123456789___
4 years, 2 months agoMo911
4 years, 1 month agoeroms
3 years, 10 months agoLoosi
4 years, 11 months agokloug
Most Recent 2 years, 2 months agomiabe
2 years, 9 months agoCock
3 years, 2 months agolikeahoss
3 years, 6 months agodp12
3 years, 10 months agoJoker20
3 years, 10 months agomar7865p123
3 years, 11 months ago