21. 21. A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

23. A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

51. An organization wants a third-party vendor to do a penetration test that targets a specific device.

The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

74. An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

135. Which of the following provides the details about the terms of a test with a third-party penetration tester?

150. A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

167. Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?