Browse Exams Pricing

ExamsPT0-002Questions

PT0-002 Exam Questions

593 real PT0-002 exam questions with expert-verified answers and explanations. Page 1 of 12.

Question #1Attacks and Exploits
Given the following code: ie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
Cross-Site Scripting (XSS)Input ValidationOutput EncodingWeb Application Security
Question #2Reporting and Communication
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tes...
Client communicationIncident handling (pentest)Professional ethicsEngagement protocols
Question #3Vulnerability discovery and analysis
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the...
Vulnerability validationProof-of-conceptExploit testingVulnerability analysis
Question #4Information Gathering and Vulnerability Scanning
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be intere...
NmapPort scanningService discoveryReconnaissance
Question #5Tools and Code Analysis
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration te...
Binary analysisReverse engineeringDebuggersPenetration testing tools
Question #6Reconnaissance and enumeration
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still...
SMTP enumerationUser enumerationVRFY commandEXPN command
Question #7Attacks and Exploits
Which of the following tools provides Python classes for interacting with network protocols?
ImpacketPython toolsNetwork protocolsOffensive security tools
Question #8Post-exploitation and lateral movement
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Wh...
Post-exploitationWindows executionWMIPowerShell
Question #9Reporting and Communication
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal...
Internal ControlsFraud PreventionOrganizational Security
Question #10Information Gathering and Vulnerability Scanning
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
NmapIDS EvasionPort ScanningStealth Scan
Question #11Engagement management
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
Incident ResponseProfessional ConductEngagement ScopeCommunication Protocols
Question #12Post-exploitation and lateral movement
A penetration tester runs the following command on a system: find /-user root -perm -4000 -print 2>/dev/null Which of the following is the tester trying to accomplish?
Linux commandsFile permissionsSUIDPrivilege escalation
Question #13Attacks and Exploits
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:...
Web Application ExploitationSource Code AnalysisExploitation ToolsCommand-line Utilities
Question #14Reporting and Communication
Which of the following would MOST likely be included in the final report of a static application- security test that was written with a team of application developers as the intend...
Static Application Security TestingSecurity ReportDeveloper AudienceVulnerability Remediation
Question #15Vulnerability discovery and analysis
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The servic...
Nmap Scripting EngineCustom Vulnerability ScriptingProtocol InteractionAutomated Discovery
Question #16Attacks and Exploits
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits...
Cloud securityCredential harvestingIaaSVM exploitation
Question #17Information Gathering and Vulnerability Scanning
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the syste...
PCI DSS ComplianceVulnerability ScanningScan FrequencyRegulatory Compliance
Question #18Engagement management
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
DeconflictionCommunication protocolsPenetration test executionRules of engagement
Question #19Information Gathering and Vulnerability Scanning
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?
NmapVulnerability ScanningCVE DiscoveryService Enumeration
Question #20Tools and Code Analysis
A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the exi...
PacuAWS IAMPermission enumerationCloud pentesting
Question #21Tools and Code Analysis
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the comp...
Dependency managementSoftware supply chain securityVulnerability managementPenetration testing recommendations
Question #22Attacks and Exploits
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the...
Server-side request forgeryCloud securityMetadata service exploitationCredential theft
Question #23Planning and Scoping
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration test...
Statement of Work (SOW)Pre-engagementScope DefinitionPenetration Testing Engagement
Question #24Engagement management
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive perso...
Red TeamingRules of EngagementIncident ReportingProfessional Conduct
Question #25Reconnaissance and enumeration
A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?
Network DiscoveryHost DiscoveryReconnaissancePing Scan
Question #26Engagement management
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?
Cloud Penetration TestingAuthorizationEthical HackingRules of Engagement
Question #27Attacks and Exploits
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should t...
ClickjackingXSSClient-side attacksWeb exploitation
Question #28Reconnaissance and enumeration
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the follo...
Passive ReconnaissanceOSINTInformation GatheringWeb Presence
Question #29Reporting and Communication
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration test...
Immediate ReportingEthical ConductClient CommunicationIncident Escalation
Question #30Reporting and Communication
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
Penetration Test ReportingReport ContentVulnerability IdentificationRemediation Guidance
Question #32Post-exploitation and lateral movement
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?
Password crackingHash dumpingJohn the RipperLinux commands
Question #33Information Gathering and Vulnerability Scanning
A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the test...
Vulnerability scanningAuthenticated scansService accountsAccount types
Question #34Reporting and Communication
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 emplo...
Penetration testing methodologyVulnerability documentationSensitive data exposureReporting
Question #35Reporting and Communication
Which of the following is the MOST effective person to validate results from a penetration test?
penetration testing rolesreport validationquality assuranceteam lead responsibilities
Question #36Engagement management
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following: Pre-engagement interaction (scoping and ROE) Intell...
Penetration Testing MethodologiesPTESEngagement PhasesScoping
Question #37Information Gathering and Vulnerability Scanning
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using th...
NmapPort ScanningFirewallIPS
Question #38Engagement management
A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with...
ConfidentialityLegal agreementsProfessional ethicsNon-disclosure agreement
Question #39Information Gathering and Vulnerability Scanning
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
NmapUDP ScanningPort NumbersService Enumeration
Question #40Attacks and Exploits
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service...
Denial of ServiceFraggle AttackNetwork ProtocolsVulnerability Assessment
Question #41Reporting and Communication
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and techn...
Penetration Testing ReportRemediationTechnical ReportingReport Structure
Question #42Attacks and Exploits
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits =...
ShellshockCommand InjectionWeb ExploitationUser Context
Question #43Attacks and Exploits
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?
MITRE ATT&CKCybersecurity frameworksAttacker TTPsThreat intelligence
Question #44Attacks and Exploits
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
Web application securitySession managementSession hijackingCookies
Question #45Information Gathering and Vulnerability Scanning
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy pol...
Penetration Testing ToolsDatabase SecurityVulnerability ScanningSQL Injection
Question #46Post-exploitation and lateral movement
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to m...
PersistenceWindowsScheduled TasksPost-exploitation
Question #47Information Gathering and Vulnerability Scanning
A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authenticati...
ShodanReconnaissanceVulnerability ScanningUnauthenticated Access
Question #48Attacks and Exploits
A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www...
SQL InjectionWeb Application HackingDatabase ExploitationError-based Injection
Question #49Vulnerability discovery and analysis
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following: Which of the following would be a recommendation for remediation?
Vulnerability ScanningRemediationPatch ManagementVulnerability Management
Question #50Engagement management
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetra...
Third-party risk managementVendor assessmentSubcontracting security servicesEthical considerations
Question #51Attacks and Exploits
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of succes...
Social EngineeringSpear PhishingInitial AccessPenetration Testing Strategy

Page 1 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.