[&] What does the OWASP Web Security Testing Guide (WSTG) provide for penetration testers?
- Tools for automatically exploiting all vulnerabilities
- A list of common passwords to test
- Guidance on testing and documenting vulnerabilities
- Tips on speeding up penetration tests

[&] How can testing for weak lockout mechanisms enhance security?
- It increases the speed of the login process
- It ensures accounts cannot be brute-forced easily
- It simplifies user authentication
- It reduces the number of authentication attempts needed

[&] What is the primary purpose of authentication testing?
- To ensure faster login page load times
- To promote stronger encryption methods
- To identify and exploit weaknesses in authentication mechanisms
- To improve user experience on a website

[&] Why is testing for default credentials important in authentication testing?
- They often indicate poorly configured security settings
- Default credentials are hard to guess
- They help in optimizing application speed
- Every application securely modifies them

[&] Which of the following vulnerabilities could be identified during authentication testing?
- Cross-site scripting (XSS)
- Weak password policies
- SQL injection
- CSRF attacks

[&] Why might a penetration tester test for the effectiveness of CAPTCHA on a login form?
- To ensure it does not store user data
- To improve session timeout durations
- To determine its resilience against bypass techniques
- To verify it enhances the website's aesthetics