PT0-002 Exam Questions
593 real PT0-002 exam questions with expert-verified answers and explanations. Page 2 of 12.
- Question #52Information Gathering and Vulnerability Scanning
The results of an Nmap scan are as follows: Which of the following would be the BEST conclusion about this device?
NmapNetwork ScanningService IdentificationDevice Role Identification - Question #53Engagement management
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?
Lessons LearnedPost-engagementClient communicationProcess improvement - Question #54Information Gathering and Vulnerability Scanning
A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of...
Physical penetration testingDumpster divingInformation gatheringPhysical security assessment - Question #55Attacks and Exploits
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companie...
Side-channel attackCloud securityVirtualizationMulti-tenancy - Question #59Engagement management
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that prot...
Penetration TestingEngagement ManagementStatement of Work (SOW)Pre-engagement Activities - Question #60Planning and Scoping
Performing a penetration test against an environment with SCADA devices brings an additional safety risk because the:
SCADA securityOT securityPenetration testing risksPhysical safety - Question #61Engagement management
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
Engagement documentsStatement of WorkPenetration testing contractsProject scope - Question #62Vulnerability discovery and analysis
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both...
ICS/OT SecurityPLC VulnerabilitiesCommand ValidationPenetration Testing Assumptions - Question #63Engagement management
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not abl...
Pre-assessment preparationClient communicationEngagement logisticsIssue resolution - Question #65Reporting and Communication
Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?
Email securityConfidentialityS/MIMESecure communication - Question #66Reporting and Communication
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows: - The following request w...
Authentication VulnerabilitiesNetwork SegmentationSecurity RecommendationsWeb Security - Question #67Reconnaissance and enumeration
A penetration tester ran a ping -A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of thi...
OS FingerprintingNetwork ReconnaissanceTTLPing Utility - Question #68Attacks and Exploits
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST acc...
VLAN double taggingTag nestingNetwork attacksVLAN hopping - Question #69Information Gathering and Vulnerability Scanning
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following: Which of the following tools would be BEST for the penetration t...
Web application scanningVulnerability scanningWordPress securityPenetration testing tools - Question #70Reconnaissance and enumeration
A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?
Port scanningNetwork reconnaissanceScript analysisPenetration testing tools - Question #71Information Gathering and Vulnerability Scanning
The results of an Nmap scan are as follows: Which of the following device types will MOST likely have a similar response? (Choose two.)
NmapPort scanningDevice identificationNetwork reconnaissance - Question #72Attacks and Exploits
A penetration tester conducted an assessment on a web server. The logs from this session show the following: Which of the following attacks is being attempted?
Web application attacksHTTP parameter pollutionVulnerability identificationAttack types - Question #73Engagement management
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the...
Data confidentialityData retentionPost-assessmentEncryption - Question #74Reconnaissance and enumeration
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow...
ReconnaissancePassive ReconnaissanceEmail HarvestingOSINT - Question #75Post-exploitation and lateral movement
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: Which of the following commands should the pene...
Post-exploitation cleanupTemporary file managementEthical hackingCommand-line utilities - Question #76Vulnerability discovery and analysis
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
Open-source securityThird-party dependenciesVulnerability analysisSecure development - Question #77Reconnaissance and enumeration
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnais...
Passive ReconnaissanceOSINTNetwork SniffingReconnaissance Tools - Question #78Attacks and Exploits
A consultant is reviewing the following output after reports of intermittent connectivity issues: Which of the following is MOST likely to be reported by the consultant?
ARP poisoningNetwork attacksMan-in-the-Middle (MiTM)Connectivity issues - Question #79Vulnerability discovery and analysis
Which of the following BEST describe the OWASP Top 10? (Choose two.)
OWASP Top 10Web application securityRisk assessmentVulnerabilities - Question #80Information Gathering and Vulnerability Scanning
A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of act...
NmapHost DiscoveryCommand-line ToolsText Processing - Question #81Attacks and Exploits
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. T...
Wireless attacksDeauthentication attackEvil Twin APPenetration testing techniques - Question #82Information Gathering and Vulnerability Scanning
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Wh...
NmapOS FingerprintingService Version DetectionVulnerability Scanning - Question #83Tools and Code Analysis
Which of the following expressions in Python increase a variable val by one (Choose two.)
PythonVariablesOperatorsIncrement - Question #84Vulnerability discovery and analysis
A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employe...
PhishingSocial EngineeringCybersecurity AwarenessUser Education - Question #85Attacks and Exploits
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the securit...
Packet craftingScapyIoT securityProtocol fuzzing - Question #86Engagement management
A penetration tester is reviewing the following SOW prior to engaging with a client: "Network diagrams, logical and physical asset inventory, and employees' names are to be treated...
ConfidentialityEthical hackingSOW complianceReporting obligations - Question #87Attacks and Exploits
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
Wireless securityWireless IDSPenetration testing toolsAircrack-ng - Question #88Post-exploitation and lateral movement
A penetration tester gains access to a system and establishes persistence, and then runs the following commands: Which of the following actions is the tester MOST likely performing...
Post-exploitationCovering tracksBash historyOperational security - Question #89Vulnerability discovery and analysis
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
OWASP Top 10Web Application SecurityCross-site Scripting (XSS)Injection Flaws - Question #90Post-exploitation and lateral movement
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the...
ResponderCredential HarvestingUser HashesSMB - Question #91Information Gathering and Vulnerability Scanning
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
Vulnerability ScanningICS SecurityOT SystemsSystem Disruption Risks - Question #92Information Gathering and Vulnerability Scanning
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with...
Vulnerability scanningOpenVASPenetration testing tools - Question #93Attacks and Exploits
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on- path attack between the target and the server that has the FTP protocol. Which of the...
FTPPacket sniffingMan-in-the-MiddleCredential harvesting - Question #94Reporting and Communication
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
Engagement closureReporting processClient communicationPenetration test lifecycle - Question #95Attacks and Exploits
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerabi...
File Upload VulnerabilityDirectory TraversalRemote Code ExecutionReverse Shell - Question #96Attacks and Exploits
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities...
Packet craftingDNS attacksNetwork utilitiesScapy - Question #97Attacks and Exploits
A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit t...
HTTP serverFile transferwgetCommand-line tools - Question #98Tools and Code Analysis
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should b...
shell scriptingbashshebangscripting fundamentals - Question #99Engagement management
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copi...
Physical PentestingRules of EngagementAuthorizationLegal Compliance - Question #100Reconnaissance and enumeration
Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow: /wp-admin Disallow: /page/ During which of the following activities was this output MOST...
Robots.txtWebsite scrapingWeb reconnaissanceInformation gathering - Question #101Tools and Code Analysis
Appending string values onto another string is called:
String manipulationConcatenationProgramming basicsData types - Question #102Vulnerability discovery and analysis
A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vul...
Input validationSQL InjectionWeb application testingVulnerability discovery - Question #103Planning and Scoping
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had us...
Penetration test planningCommunication breakdownSOC coordinationRules of engagement - Question #104Reconnaissance and enumeration
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
ReconnaissancePassive Information GatheringStealth TechniquesOSINT - Question #105Reconnaissance and enumeration
A penetration tester obtained the following results after scanning a web server using the dirb utility: Which of the following elements is MOST likely to contain useful information...
Web server scanningDirectory enumerationReconnaissanceInformation gathering