PT0-001 Practice Questions

A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities: XSS HTTP DELETE metho...

A security guard observes an individual entering the building after scanning a badge. The facility has a strict badge-in and badge-out requirement with a turnstile. The security gu...

After successfully enumerating users on an Active Directory domain controller using enum4linux a penetration tester wants to conduct a password-guessing attack Given the below outp...

Joe, a penetration tester, was able to exploit a web application behind a firewall He is trying to get a reverse shell back to his machine but the firewall blocks the outgoing traf...

A penetration tester is performing an annual security assessment for a repeat client The tester finds indicators of previous compromise Which of the following would be the most log...

A file contains several hashes. Which of the following can be used in a pass-the-hash attack?

A penetration tester must assess a web service. Which of the following should the tester request during the scoping phase?

A penetration tester is exploiting the use of default public and private community strings Which of the following protocols is being exploited?

A consultant is identifying versions of Windows operating systems on a network Which of the following Nmap commands should the consultant run?

A penetration tester is using the Onesixtyone tool on Kali Linux to try to exploit the SNMP protocol on a target that has SNMP enabled Which of the following types of attacks is th...

A web server is running PHP, and a penetration tester is using LFI to execute commands by passing parameters through the URL. This is possible because server logs were poisoned to...

When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?

A penetration tester generates a report for a host-based vulnerability management agent that is running on a production web server to gather a list of running processes. The tester...

A penetration tester executed a vulnerability scan against a publicly accessible host and found a web server that is vulnerable to the DROWN attack. Assuming this web server is usi...

A penetration tester obtained access to an internal host of a given target. Which of the following is the BEST tool to retrieve the passwords of users of the machine exploiting a w...

Defining exactly what is to be tested and the results to be generated from the test will help prevent?

A consultant is attempting to harvest credentials from unsecure network protocols in use by the organization. Which of the following commands should the consultant use?

An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?

A penetration tester is reviewing a Zigbee Implementation for security issues. Which of the following device types is the tester MOST likely testing?

A vulnerability scan is run against a domain hosing a banking application that accepts connections over MTTPS and HTTP protocols Given the following results: · SSU3 supported · HST...

A penetration tester discovers Heartbleed vulnerabilities in a target network Which of the following impacts would be a result of exploiting this vulnerability?

A system security engineer is preparing to conduct a security assessment of some new applications. The applications were provided to the engineer as a set that contains only JAR fi...

Which of the following can be used with John the Ripper to crack passwords?

What elements should you be sure to remove from an exploited system before finalizing a penetration test?

When running an Nmap SYN scan, what will be the Nmap result if ports on the target device do not respond?

A company's corporate policies state that employees are able to scan any global network as long as it is done within working hours. Government laws prohibit unauthorized scanning....

After successfully exploiting a local file inclusion vulnerability within a web application a limited reverse shell is spawned back to the penetration tester's workstation Which of...

When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?

During a penetration test a tester Identifies traditional antivirus running on the exploited server. Which of the following techniques would BEST ensure persistence in a post-explo...

Which of the following attacks is commonly combined with cross-site scripting for session hijacking?

During an internal network penetration test the tester is able to compromise a Windows system and recover the NTLM hash for a local wrltsrnAdrain account Attempting to recover the...

A penetration tester is performing a validation scan after an organization remediated a vulnerability on port 443 The penetration tester observes the following output: Which of the...

When communicating the findings of a network vulnerability scan to a client's IT department which of the following metrics BEST prioritize the severity of the findings? (Select TWO...

While reviewing logs, a web developer notices the following user input string in a field: Which of the following types of attacks was done to the website?

You can find XSS vulnerabilities in which of the following?

A potential customer is looking to test the security of its network. One of the customer's primary concerns is the security awareness of its employees. Which type of test would you...

Which tool included in Kali is most helpful in compiling a quality penetration testing report?

Software developers should escape all characters (including spaces but excluding alphanumeric characters) with the HTML entity &#xHH; format to prevent what type of attack?

A security consultant finds a folder in "C VProgram Files" that has writable permission from an unprivileged user account Which of the following can be used to gam higher privilege...

Which of the following documents BEST describes the manner in which a security assessment will be conducted?

A penetration tester found a network with NAC enabled Which of the following commands can be used to bypass the NAC?

An internal network penetration test is conducted against a network that is protected by an unknown NAC system In an effort to bypass the NAC restrictions the penetration tester sp...

A penetration tester is performing a code review against a web application Given the following URL and source code: Which of the following vulnerabilities is present in the code ab...

After an Nmap NSE scan, a security consultant is seeing inconsistent results while scanning a host. Which of the following is the MOST likely cause?

Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

A penetration tester calls human resources and begins asking open-ended questions Which of the following social engineering techniques is the penetration tester using?

An attacker is attempting to gain unauthorized access to a WiR network that uses WPA2-PSK Which of the following attack vectors would the attacker MOST likely use?

The SELinux and AppArmor security frameworks include enforcement rules that attempt to prevent which of the following attacks?

A _______ vulnerability scan would typically be focused on a specific set of requirements.

Which of the following can be used for post-exploitation activities?