A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses.
Which of the following is the MOST efficient to utilize?

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration tester MOST likely perform?

Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

A penetration tester has been asked to conduct OS fingering with Nmap using a company-provided text file that contains a list of IP addresses. Which of the following are needed to conduct this scan? (Choose two.)

A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpRequest, resulting in exploiting features to which only an administrator should have access.
Which of the following controls would BEST mitigate the vulnerability?