PT0-002 Exam Questions
593 real PT0-002 exam questions with expert-verified answers and explanations. Page 6 of 12.
- Question #259Attacks and Exploits
Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?
ExploitsPayloadsVulnerability DatabasesPenetration Testing Resources - Question #260Post-exploitation and lateral movement
A penetration tester gives the following command to a systems administrator to execute on one of the target servers: rm -f /var/www/html/G679h32gYu.php Which of the following BEST...
Web shellsPost-exploitation cleanupFile removalPenetration testing methodology - Question #261Tools and Code Analysis
The following PowerShell snippet was extracted from a log of an attacker machine: A penetration tester would like to identify the presence of an array. Which of the following line...
PowerShellArray DefinitionScript AnalysisCode Analysis - Question #262Planning and Scoping
A company provided the following network scope for a penetration test: - 169.137.1.0/24 - 221.10.1.0/24 - 149.14.1.0/24 A penetration tester discovered a remote command injection o...
Penetration test scopeClient responsibilityThird-party assetsEthical hacking ethics - Question #263Post-exploitation and lateral movement
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 emplo...
Penetration Testing MethodologySensitive Data HandlingData ContainmentPost-Exploitation Actions - Question #264Reconnaissance and enumeration
During the reconnaissance phase, a penetration tester obtains the following output: Reply from 192.168.1.23: bytes=32 time<54ms TTL=128 Reply from 192.168.1.23: bytes=32 time<53ms...
OS FingerprintingReconnaissanceTTLICMP - Question #265Planning and Scoping
A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production...
ScopingRules of engagementTeam communicationScope management - Question #266Post-exploitation and lateral movement
A penetration tester issues the following command after obtaining a shell: Which of the following describes this technique?
Living-off-the-landPost-exploitationNative toolsRed teaming - Question #267Attacks and Exploits
A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?
DNS poisoningDNS securityAttack failure analysisNetwork attacks - Question #268Vulnerability discovery and analysis
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the foll...
Wireless securityEncryptionRemediationNetwork security - Question #269Post-exploitation and lateral movement
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to o...
Post-exploitationPrivilege escalationNetwork enumerationPenetration testing methodology - Question #270Post-exploitation and lateral movement
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and t...
ARPStatic ARP entryNetwork commandsPost-exploitation - Question #271Post-exploitation and lateral movement
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information...
Network segmentationPCI complianceData protectionLateral movement - Question #272Information Gathering and Vulnerability Scanning
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task i...
NmapPort ScanningNetwork ScanningSMB - Question #273Tools and Code Analysis
Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?
Binary analysisDebugging toolsLinuxReverse engineering - Question #274Reporting and Communication
A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as so...
SQL injectionVulnerability remediationInput validationParameterized queries - Question #275Tools and Code Analysis
Which of the following is a rules engine for managing public cloud accounts and resources?
Cloud Security ToolsCloud GovernancePolicy EngineCloud Custodian - Question #276Information Gathering and Vulnerability Scanning
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vuln...
NmapVulnerability ScanningNmap Scripting EngineWeb Application Security - Question #277Attacks and Exploits
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent al...
Credential harvestingPhishingSocial engineering - Question #278Attacks and Exploits
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the...
Password SprayingAccount Lockout BypassBrute-force AttacksReconnaissance - Question #279Information Gathering and Vulnerability Scanning
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct ho...
NmapHost DiscoveryScanningExclusion - Question #280Reconnaissance and enumeration
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?
CeWLWordlist generationWeb reconnaissancePassword attacks - Question #282Information Gathering and Vulnerability Scanning
The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?
Vulnerability ScanningPatch ManagementPenetration Testing Tools - Question #283Information Gathering and Vulnerability Scanning
After running the enum4linux.pl command, a penetration tester received the following output: Which of the following commands should the penetration tester run NEXT?
SMB Enumerationenum4linuxsmbgetInformation Gathering - Question #284Attacks and Exploits
During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including cor...
OSINTSpear PhishingSocial EngineeringTargeted Attack - Question #285Planning and Scoping
Which of the following compliance requirements would be BEST suited in an environment that processes credit card data?
CompliancePCI DSSCredit card dataRegulatory frameworks - Question #286Post-exploitation and lateral movement
A penetration tester successfully infiltrated the targeted web server and created credentials with administrative privileges. After conducting data exfiltration, which of the follo...
Post-exploitationCovering tracksLog manipulationPenetration testing methodology - Question #287Attacks and Exploits
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Wh...
SQL injectionWeb application securityPayload analysisTime-based SQLi - Question #288Tools and Code Analysis
Given the following code: Which of the following data structures is systems?
Data StructuresDictionariesProgramming FundamentalsScripting - Question #289Vulnerability discovery and analysis
A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?
Vulnerability remediationPatch managementEternalBlueSecurity controls - Question #290Planning and Scoping
The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can...
Rules of engagementPenetration test planningEngagement parametersScoping - Question #291Post-exploitation and lateral movement
A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence...
Post-exploitationPass-the-HashPersistenceMimikatz - Question #292Engagement management
The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:
NDAConfidentialityLegal agreementsEngagement management - Question #293Tools and Code Analysis
A penetration tester created the following script to use in an engagement: However, the tester is receiving the following error when trying to run the script: Which of the followin...
Python scriptingPython modulesNameErrorCommand-line arguments - Question #294Post-exploitation and lateral movement
A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in t...
Linux loggingPost-exploitation reconnaissanceUser activity logsFile system analysis - Question #295Information Gathering and Vulnerability Scanning
A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign. Which of the following is the BEST passive method of o...
Passive ReconnaissanceInformation GatheringWHOISContact Discovery - Question #296Attacks and Exploits
Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?
wireless securityWi-Fi crackingAircrack-ngpenetration testing tools - Question #297Attacks and Exploits
A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?
BLE securityon-path attackMITMGattacker - Question #298Attacks and Exploits
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetra...
LFILog PoisoningCommand InjectionWeb Exploitation - Question #299Post-exploitation and lateral movement
A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root. During the engagement, the tester noticed that another user logged...
PersistenceLinux administrationPost-exploitationRoot access - Question #300Attacks and Exploits
A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?
Hypervisor securityPatch managementVM escapeVirtualization security - Question #301Vulnerability discovery and analysis
A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)
Secrets managementSecure SDLCSource code securityVulnerability mitigation - Question #302Attacks and Exploits
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which o...
WAFTCP resetsWeb application securityDefense mechanisms - Question #303Engagement management
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the...
Data RetentionData DestructionConfidentialityPost-engagement - Question #304Information Gathering and Vulnerability Scanning
A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the follow...
Vulnerability scanningAuthenticated scanFalse positivesNessus - Question #305Reporting and Communication
A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?
Client ConfidentialityProfessional EthicsReport DisclosureLegal Compliance - Question #306Attacks and Exploits
For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users...
PhishingCredential harvestingCross-Origin Resource Sharing (CORS)Web exploitation - Question #307Information Gathering and Vulnerability Scanning
Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?
Network scanningFirewall rulesBlocklistsPenetration testing issues - Question #308Attacks and Exploits
An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response re...
Data StructuresAlgorithm EfficiencyExploit DevelopmentProgramming Concepts - Question #309Attacks and Exploits
A penetration tester uncovered a flaw in an online banking web application that allows arbitrary requests to other internal network assets through a server-side request forgery. Wh...
Server-Side Request Forgery (SSRF)Input ValidationWeb Application SecurityVulnerability Mitigation