PT0-002 Exam Questions
593 real PT0-002 exam questions with expert-verified answers and explanations. Page 5 of 12.
- Question #208Engagement management
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engage...
Legal documentsClient engagementConfidentialityNon-disclosure agreement - Question #209Information Gathering and Vulnerability Scanning
A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an int...
NmapPort ScanningOutput FormatsData Export - Question #210Planning and Scoping
During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:
Rules of EngagementPenetration Testing ScopeEngagement Planning - Question #211Attacks and Exploits
A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target...
DNS spoofingNetwork redirectionOn-path attacksLocal network exploitation - Question #212Reporting and Communication
hich of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)
Application securityVulnerability reportingInput sanitizationCode vulnerabilities - Question #213Attacks and Exploits
A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identi...
HydraOnline Password AttacksCredential TestingBrute-force Attacks - Question #214Post-exploitation and lateral movement
A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified targ...
Post-exploitation cleanupPenetration testing methodologyFootprint removalEthical hacking - Question #215Planning and Scoping
A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig: ... ;; ANSWER SECTION comptia.org. 3569 IN MX comptia.org-mail.protection.outlo...
DNS reconnaissanceScopingInformation Gathering - Question #216Reconnaissance and enumeration
A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the fol...
NmapService identificationActive reconnaissanceNetwork scanning - Question #217Engagement management
Deconfliction is necessary when the penetration test:
DeconflictionPenetration Testing EthicsIncident Response CoordinationEngagement Boundaries - Question #218Attacks and Exploits
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?
Password crackingBrute-forceSSHPenetration testing tools - Question #219Planning and Scoping
PCI DSS requires which of the following as part of the penetration-testing process?
PCI DSSPenetration TestingNetwork SegmentationRegulatory Compliance - Question #220Engagement management
A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens N...
Penetration testing lifecyclePost-assessment activitiesRemediationClient responsibilities - Question #221Reconnaissance and enumeration
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?
NmapHost DiscoveryNetwork ScanningPing Scan - Question #222Attacks and Exploits
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the t...
DLP bypassExfiltration techniquesMetadataPenetration testing - Question #223Engagement management
A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs...
Penetration testing scopeRules of EngagementEngagement managementScope change - Question #224Attacks and Exploits
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain acce...
Social EngineeringPhysical Penetration TestingImpersonationBypassing Physical Security - Question #225Attacks and Exploits
A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP....
Wireless penetration testingDeauthentication attackWPA/WPA2 HandshakeNetwork attacks - Question #226Attacks and Exploits
A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command: Which...
Double-tagging attackVLAN hoppingNetwork segmentation bypassScapy - Question #227Reconnaissance and enumeration
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct ho...
nmapHost DiscoveryNetwork ScanningReconnaissance - Question #229Planning and Scoping
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this...
Penetration Test ScopingRisk ManagementEngagement PlanningClient Coordination - Question #230Information Gathering and Vulnerability Scanning
An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
NmapACK ScanFirewall MappingStateful Firewall - Question #231Information Gathering and Vulnerability Scanning
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues co...
Penetration testing impactNetwork saturationBandwidth limitationsOperational disruption - Question #232Reconnaissance and enumeration
The results of an Nmap scan are as follows: Which of the following device types will MOST likely have a similar response?
NmapDevice identificationIoTReconnaissance - Question #233Reporting and Communication
Which of the following are the MOST important items for prioritizing fixes that should be included in the final report for a penetration test? (Choose two.)
Vulnerability PrioritizationPenetration Test ReportingRisk AssessmentRemediation Planning - Question #234Tools and Code Analysis
A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?
Buffer OverflowVulnerability TestingDebuggingPenetration Testing Tools - Question #235Reconnaissance and enumeration
Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?
Social EngineeringReconnaissanceOSINTTarget Profiling - Question #236Reconnaissance and enumeration
A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?
API TestingHTTP MethodsEnumerationWeb Application Security - Question #237Engagement management
During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fi...
Professional ethicsPenetration testing reportingProfessional misconductIncident response - Question #238Reconnaissance and enumeration
Given the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?
Scripting fundamentalsDNS enumerationInformation outputReconnaissance techniques - Question #239Planning and Scoping
A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours...
Rules of engagementScope adherencePhysical penetration testingNon-destructive entry - Question #240Engagement management
A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the...
ConfidentialityVPNRemote AccessNetwork Security - Question #241Post-exploitation and lateral movement
A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the foll...
Reverse ShellShell UpgradePost-exploitationPython Exploits - Question #242Post-exploitation and lateral movement
A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all la...
PivotingDeauthentication attackWireless attacksLateral movement - Question #243Engagement management
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP...
Scope managementClient communicationRules of engagementEthical hacking - Question #244Attacks and Exploits
A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following str...
SQL InjectionStacked QueriesWeb Application ExploitsVulnerability Exploitation - Question #245Attacks and Exploits
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
Dictionary attacksWordlistsPenetration testing toolsBrute-forcing - Question #246Reconnaissance and enumeration
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?
Google DorkingOSINTReconnaissanceSearch operators - Question #247Planning and Scoping
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of...
Penetration testing methodologiesMITRE ATT&CKTTPsCybersecurity frameworks - Question #248Information Gathering and Vulnerability Scanning
During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester u...
Penetration TestingWeb ScannersIP BlockingSecurity Defenses - Question #249Attacks and Exploits
A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server: x' OR role LIKE '%admin% Which of the fo...
SQL InjectionWeb Application SecurityVulnerability RemediationSecure Coding - Question #250Vulnerability discovery and analysis
The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?
HeartbleedVulnerability AnalysisReconnaissanceSSL/TLS Vulnerabilities - Question #251Planning and Scoping
Which of the following documents is agreed upon by all parties associated with the penetration- testing engagement and defines the scope, contacts, costs, duration, and deliverable...
SOWPenetration Testing EngagementContract DocumentsProject Scoping - Question #252Tools and Code Analysis
In Python socket programming, SOCK_DGRAM type is:
Python SocketsNetworkingUDPConnectionless Protocol - Question #253Reporting and Communication
Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?
Penetration testing reportReport contentAudience tailoringRemediation guidance - Question #254Post-exploitation and lateral movement
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file: Which of the following actions should the tester perform F...
Privilege escalationPost-exploitationLinux securityPenetration testing methodology - Question #255Planning and Scoping
Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?
Red Team AssessmentPenetration Testing TypesAssessment ObjectivesTargeted Attacks - Question #256Engagement management
A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, whic...
Rules of EngagementScope ManagementEthical HackingSituational Awareness - Question #257Attacks and Exploits
A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the pa...
Reverse ShellsPayload EvasionIPS BypassNext-Gen Firewalls - Question #258Engagement management
A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server...
DeconflictionEngagement CommunicationPenetration Testing ScopeWeb Application Testing