Browse Exams Pricing

ExamsPT0-002Questions

PT0-002 Exam Questions

593 real PT0-002 exam questions with expert-verified answers and explanations. Page 11 of 12.

Question #531Planning and Scoping
Which of the following describes why scoping and organizational requirements are important when planning a penetration test?
Penetration Test PlanningScopingEngagement ObjectivesOrganizational Requirements
Question #532Attacks and Exploits
During an assessment of a web application, a penetration tester would like to test the application for blind SQL injection. Which of the following techniques should the penetration...
SQL InjectionBlind SQL InjectionWeb Application SecurityPenetration Testing
Question #533Vulnerability discovery and analysis
A penetration tester discovered a vulnerability that has the following CVEs: Which of the following CVEs should be remediated first?
CVEVulnerability prioritizationRisk assessmentRemediation planning
Question #534Information Gathering and Vulnerability Scanning
A security engineer is working to identify all email servers on a network. Which of the following commands should the engineer use to identify the servers as well as the software v...
nmapPort ScanningService Version DetectionEmail Protocols
Question #535Information Gathering and Vulnerability Scanning
During the execution of a cloud penetration test, a tester was able to gain an initial footprint on the customer cloud infrastructure. Now the tester wants to scan the cloud resour...
Cloud Penetration TestingAWS Exploitation ToolsVulnerability ScanningMisconfiguration Detection
Question #536Reporting and Communication
During a penetration testing engagement, a penetration tester discovers a buffer overflow vulnerability. Which of the following actions should the tester take to maintain professio...
ProfessionalismEthical hackingClient communicationVulnerability reporting
Question #537Post-exploitation and lateral movement
A penetration tester has compromised a customer's internal network, gaining access to a file server that hosts email server backups. Which of the following is the best tool to assi...
Data ExfiltrationPost-exploitationSFTPPenetration Testing Tools
Question #538Information Gathering and Vulnerability Scanning
A local firewall is configured to drop all incoming packets with the TCP SYN or URG flags set. Which of the following Nmap commands should a penetration tester use to scan the port...
NmapPort ScanningFirewall EvasionTCP Flags
Question #539Tools and Code Analysis
Which of the following Python data structures is the best way to store a group of key-value pair objects?
PythonData StructuresKey-Value PairsProgramming Fundamentals
Question #540Vulnerability discovery and analysis
In order to improve the security of a company, an information security officer decided to implement multifactor authentication (MFA) technology. The company currently requires badg...
Multifactor Authentication (MFA)Authentication FactorsPhysical Access ControlSecurity Controls
Question #541Engagement management
Which of the following should penetration testers keep with them while conducting on-site security reviews to assist with de-escalating confrontational situations?
Penetration testing authorizationOn-site engagementDe-escalationProfessional conduct
Question #542Post-exploitation and lateral movement
A penetration tester compromised a system and wants to connect to a port on the system from the attacking machine in order to control the system. Which of the following commands sh...
NetcatReverse ShellPost-exploitationRemote Access
Question #543Tools and Code Analysis
During an assessment, a penetration tester compromised a mobile application by decompiling the APK binary file. Which of the following was most likely the issue?
Mobile Application SecurityReverse EngineeringHard-coded CredentialsCode Analysis
Question #544Tools and Code Analysis
A penetration tester is testing an Android application. Which of the following specialized tools would be best to use during the test?
Mobile SecurityAndroid PentestingPenetration Testing ToolsDrozer
Question #545Reporting and Communication
Given the following finding: Which of the following recommendations should a penetration tester make?
Account lockout policyBrute-force protectionSecurity recommendations
Question #546Attacks and Exploits
A penetration tester gained access to a customer's internal corporate network via a wireless guest network. The penetration tester's laptop was blocked by a NAC system after severa...
NAC evasionMAC spoofingNetwork Access ControlEvasion techniques
Question #547Tools and Code Analysis
A penetration tester would like to monitor the requests sent by Nikto with Burp Suite. Which of the following tools should the penetration tester use?
ProxyChainsBurp SuiteNiktoTool chaining
Question #548Planning and Scoping
Which of the following approaches would be the most appropriate for a penetration tester who is doing a one-week timeboxed assessment for a large electronics retail business with h...
Penetration test scopingEngagement planningTimeboxed assessmentsSampling methodology
Question #549Attacks and Exploits
During an engagement, a penetration tester runs a command and receives the following output: Which of the following is the most likely reason the penetration tester received the ou...
Cloud SecurityServer-Side Request Forgery (SSRF)Cloud Metadata ServicePenetration Testing
Question #550Vulnerability discovery and analysis
A penetration tester is assessing the security of a client's externally facing cloud infrastructure. After running reconnaissance, the tester notices that several services and syst...
Cloud Security MisconfigurationObject Storage SecurityData Exposure
Question #551Information Gathering and Vulnerability Scanning
A penetration tester would like to use a vulnerability scanner to assess the security of a web server. Which of the following specialized tools would be the best for the tester to...
Vulnerability ScanningWeb Security ToolsNiktoPenetration Testing Tools
Question #552Information Gathering and Vulnerability Scanning
A penetration tester is working to identify non-relational databases on the 10.0.0.1/24 subnet as well as the version of software. Which of the following commands should the tester...
NmapDatabase enumerationNon-relational databasesPort scanning
Question #553Reconnaissance and enumeration
A penetration tester is trying to identify the host's OS version on the subnet 10.7.8.1/25. Which of the following commands will achieve the objective the fastest?
nmapOS detectionnetwork scanningreconnaissance
Question #554Attacks and Exploits
A penetration tester obtains the hash of a service account within a customer's Active Directory. Which of the following attacks should the penetration tester attempt next?
Active DirectoryKerberoastingService AccountsHash Exploitation
Question #555Information Gathering and Vulnerability Scanning
A vulnerability scan returned the following results: Which of the following best describes the meaning of this output?
Null SessionEnumerationInformation DisclosureVulnerability Scanning
Question #556Tools and Code Analysis
A security analyst is conducting a wireless penetration test on a corporate network. The goal is to capture and analyze handshakes between wireless clients and the access point. Wh...
Wireless penetration testingHandshake captureAircrack-ngWireless security tools
Question #557Information Gathering and Vulnerability Scanning
While performing a vulnerability assessment over an OT/ICS environment, the tester runs a tool that causes a malfunction on one of the systems in charge of water pumping at the pla...
OT/ICS SecurityVulnerability ScanningPassive ScanningRisk Mitigation
Question #558Post-exploitation and lateral movement
A penetration tester accessed a database and viewed all the user information in order to access an application. However, the passwords for the application did not work. Which of th...
Password hashingDatabase securityCredential storage
Question #559Reconnaissance and enumeration
A penetration tester received the following output after running the Nmap command: Which of the following should the penetration tester try next?
File sharing enumerationNmap follow-upInformation gatheringSMB/NFS
Question #560Attacks and Exploits
During the reconnaissance phase, a penetration tester runs the following command: sudo responder -I tun0 The result of the command is a list of NTLMv2 hashes. Which of the followin...
Hash CrackingCredential AccessResponderHashcat
Question #561Attacks and Exploits
A penetration tester is testing a client's infrastructure and discovers an API that provides information about the infrastructure that can be used to configure or manage the instan...
Cloud SecurityAPI SecurityInstance Metadata ServiceCredential Theft
Question #562Attacks and Exploits
A penetration tester is performing a red-team assessment and needs to attempt to compromise the laptop that belongs to the customer's Chief Executive Officer (CEO). Which of the fo...
PhishingSocial EngineeringRed TeamingTarget Identification
Question #563Planning and Scoping
Which of the following is the most important for the tester to have during a physical penetration test?
Physical penetration testingAuthorizationLegal complianceEngagement planning
Question #564Reconnaissance and enumeration
A penetration tester is looking for insecure configurations. The tester wants to identify all hosts on the 10.0.0.0/16 network that are potentially vulnerable to an SMB relay attac...
SMB RelayReconnaissanceResponderNetwork Enumeration
Question #565Engagement management
A penetration tester runs the following command and obtains the output shown: After preparing the penetration test report, the penetration tester runs the following commands: rm -f...
Post-engagement cleanupData sanitizationJohn the RipperPenetration testing ethics
Question #566Reconnaissance and enumeration
During an assessment a penetration tester runs the following command: cme smb 192.168.9.14 -u alice -p Alice2021 --users Which of the following is the penetration tester trying to...
CrackMapExecUser enumerationSMBInformation gathering
Question #567Attacks and Exploits
A penetration tester wants to bypass a NAC mechanism that restricts access to a network circumvent the MAC and gain unauthorized access to the network. Which of the following techn...
MAC spoofingNAC bypassNetwork access controlUnauthorized access
Question #568Vulnerability discovery and analysis
During a penetration test, a team discovers that the Windows hosts share the same local administrator account password. Which of the following is the best remediation recommendatio...
RemediationPassword SecurityVulnerability ManagementLateral Movement Prevention
Question #569Engagement management
Which of the following standards or methodologies is the most widely recognized as a structured approach for conducting penetration testing engagements?
Penetration TestingMethodologyStandardsPTES
Question #570Attacks and Exploits
A penetration tester wants to launch an attack that intercepts and alters network traffic between a client and a server. Which of the following tools should the penetration tester...
Man-in-the-MiddleNetwork attacksEttercapPenetration testing tools
Question #571Reconnaissance and enumeration
A penetration tester is performing an assessment of a file server that the customer uses to exchange reports and other documents with business partners. The penetration tester exec...
DNSVPNNetwork ArchitectureReconnaissance
Question #572Reporting and Communication
Which of the following reasons explains why a penetration tester should communicate with a client during an assessment?
Client communicationFalse positivesVulnerability validationPenetration testing methodology
Question #573Planning and Scoping
Which of the following is the most important to include in the SOW during a wireless security assessment?
SOWWireless security assessmentScope definitionSSID
Question #574Attacks and Exploits
A penetration tester is performing various tests against an application and is repeatedly locked out due to excessive failed log-in attempts. After each attempt, the penetration te...
Business logic flawsWeb application securityAccount management vulnerabilitiesPenetration testing techniques
Question #575Reconnaissance and enumeration
During an assessment, a penetration tester is looking for API keys and tokens for an application so the tester can access the application. Which of the following is the most likely...
ReconnaissanceAPI keysInformation disclosurePublic repositories
Question #576Information Gathering and Vulnerability Scanning
A penetration tester performed an Nmap scan that revealed the presence of a web server, a file server, and a database server. Which of the following Nmap scans should the tester us...
NmapNetwork ScanningUDP ScanReconnaissance
Question #577Engagement management
A project manager needs to validate that members of the penetration testing team are technically qualified to perform work within the customer's environment. Which of the following...
Team qualificationProfessional certificationsEngagement managementProject management
Question #578Attacks and Exploits
A penetration tester team is looking for the best way to steal an active session cookie that is managed on an unprotected JavaScript variable on the client side. Which of the follo...
BeEFClient-side exploitationSession hijackingCross-Site Scripting (XSS)
Question #579Attacks and Exploits
A penetration tester would like to conduct an on-path attack against a target system in a local network. Which of the following techniques should the tester use in order to make th...
IP spoofingOn-path attackNetwork impersonationLocal area network attacks
Question #580Information Gathering and Vulnerability Scanning
A penetration tester is conducting a vulnerability scan on a remote oil rig, which has limited satellite internet connectivity. The bandwidth available for the scan is significantl...
Vulnerability scanningBandwidth managementNetwork performanceQuery throttling

PreviousPage 11 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.