Browse Exams Pricing

ExamsPT0-002Questions

PT0-002 Exam Questions

593 real PT0-002 exam questions with expert-verified answers and explanations. Page 8 of 12.

Question #366Attacks and Exploits
A penetration tester is performing a social engineering penetration test and was able to create a remote session. Which of the following social engineering techniques was most like...
Social EngineeringSMS PhishingInitial AccessPenetration Testing
Question #367Engagement management
A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following...
Rules of EngagementPenetration testing ethicsAuthorizationVulnerability disclosure
Question #368Attacks and Exploits
A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the or...
Web application vulnerabilitiesAccess control bypassIDORExploitation techniques
Question #369Reporting and Communication
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
Penetration Testing LifecycleReportingClient CommunicationEngagement Close
Question #370Reconnaissance and enumeration
A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of act...
NmapHost DiscoveryCommand Line ToolsReconnaissance
Question #372Reporting and Communication
A penetration tester identified numerous flaws that could lead to unauthorized modification of critical data. Which of the following would be best for the penetration tester to rec...
Role-based access controlAccess control modelsPenetration testing recommendationsData integrity
Question #373Tools and Code Analysis
Which of the following tools would be the best to use to intercept an HTTP response of an API, change its content, and forward it back to the origin mobile device?
Proxy toolsAPI testingMobile securityWeb application security
Question #374Reporting and Communication
A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?
Client CommunicationEscalation ProceduresRules of EngagementIncident Handling
Question #376Post-exploitation and lateral movement
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following...
MAC address spoofingPost-exploitationEvasionScript analysis
Question #377Reporting and Communication
During an assessment, a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target...
Penetration Testing EthicsCritical Vulnerability HandlingClient CommunicationEngagement Best Practices
Question #378Attacks and Exploits
During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?
Hash crackingPassword attacksResponder toolOffline attacks
Question #379Information Gathering and Vulnerability Scanning
A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of...
Vulnerability ScanningNmapLow-impact scanningNetwork impact
Question #380Planning and Scoping
Which of the following OSSTM testing methodologies should be used to test under the worst conditions?
OSSTMPenetration Testing MethodologiesBlack Box TestingTesting Types
Question #381Vulnerability discovery and analysis
Penetration on an assessment for a client organization, a penetration tester notices numerous outdated software package versions were installed ...s-critical servers. Which of the...
Vulnerability managementPatch managementChange control
Question #382Attacks and Exploits
A penetration tester managed to exploit a vulnerability using the following payload: IF (1=1) WAIT FOR DELAY '0:0:15' Which of the following actions would best mitigate this type o...
SQL InjectionWeb Application SecurityVulnerability MitigationParameterized Queries
Question #383Planning and Scoping
Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?
Penetration test pricingScope of workService costingEngagement planning
Question #384Planning and Scoping
Which of the following should be included in scope documentation?
Scope documentationEngagement planningPenetration testingLegal considerations
Question #385Information Gathering and Vulnerability Scanning
Given the following Nmap scan command: [root@kali ~]# nmap 192.168.0 .* -- exclude 192.168.0.101 Which of the following is the total number of servers that Nmap will attempt to sca...
NmapNetwork ScanningTarget SpecificationHost Discovery
Question #386Reporting and Communication
A penetration tester is testing a company's public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the follo...
Client communicationCritical vulnerability notificationEthical hackingPenetration testing process
Question #387Engagement management
A security firm is discussing the results of a penetration test with a client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Wh...
Engagement managementClient communicationScope adjustmentPrioritization
Question #388Engagement management
A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?
Penetration testing lifecycleRetestingRemediation verificationPost-engagement activities
Question #389Reconnaissance and enumeration
A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output: Which of the following is the most likely explanation...
FuzzingDirectory EnumerationWeb Application ResponsesVulnerability Discovery
Question #390Information Gathering and Vulnerability Scanning
Which of the following assessment methods is the most likely to cause harm to an ICS environment?
ICS SecurityVulnerability ScanningNetwork ScanningOperational Technology
Question #391Reconnaissance and enumeration
A penetration tester runs the following command: nmap -p- -A 10.0.1.10 Given the execution of this command, which of the following quantities of ports will Nmap scan?
nmapport scanningcommand-line toolsreconnaissance
Question #392Attacks and Exploits
A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?
Penetration Testing ToolsPassword CrackingActive Directory ExploitationAccount Lockout Prevention
Question #393Information Gathering and Vulnerability Scanning
Given the following code: Which of the following tasks could be accomplished with the script?
Port scanningScript analysisNetwork reconnaissanceInformation gathering
Question #394Reconnaissance and enumeration
A penetration tester is enumerating shares and receives the following output: Which of the following should the penetration tester enumerate next?
Share enumerationInformation gatheringSensitive data discoveryTarget prioritization
Question #395Reporting and Communication
During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reprod...
Vulnerability remediationReportingStakeholder communicationSoftware development lifecycle
Question #396Planning and Scoping
An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's syst...
ConfidentialityLegal AgreementsNDAPenetration Testing Planning
Question #397Information Gathering and Vulnerability Scanning
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection. The tester also wants to find version data information for services r...
NmapPort ScanningService Version DetectionStealth Scan
Question #398Vulnerability discovery and analysis
A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application w...
Cross-site scripting (XSS)Web application vulnerabilitiesInput validation
Question #399Reconnaissance and enumeration
As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by cap...
Active ReconnaissanceAPI Traffic AnalysisAuthentication TokensNetwork Interception
Question #400Information Gathering and Vulnerability Scanning
A penetration tester breaks into a company's office building and discovers the company does not have a shredding service. Which of the following attacks should the penetration test...
Physical securityInformation gatheringDumpster divingReconnaissance
Question #401Attacks and Exploits
An organization wants to identify whether a less secure protocol is being utilized on a wireless network. Which of the following types of attacks will achieve this goal?
Wireless securityDowngrade attackProtocol vulnerabilitiesAttack types
Question #402Reconnaissance and enumeration
Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?
Web enumerationDirectory brute-forcingPen testing toolsCMS security
Question #403Planning and Scoping
Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?
Pre-engagementAuthorization letterLegal authorizationStakeholder roles
Question #404Attacks and Exploits
Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?
MITRE ATT&CKAdversary tacticsThreat intelligenceCybersecurity frameworks
Question #405Reconnaissance and enumeration
Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in...
ReconnaissanceDNSMX recordsPhishing
Question #406Vulnerability discovery and analysis
A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code: salt = 'saltl23' hash = hashlib...
Password HashingRandom SaltVulnerability RemediationSecurity Best Practices
Question #408Reporting and Communication
A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscu...
Penetration Testing Best PracticesData ConfidentialitySensitive Data HandlingEvidence Collection
Question #409Reporting and Communication
Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).
Application Security AssessmentVulnerability ReportingSecure Coding PracticesDeveloper Communication
Question #410Engagement management
A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leav...
Penetration Testing Best PracticesClient CommunicationIncident HandlingRemediation
Question #411Information Gathering and Vulnerability Scanning
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
KismetWireless Network TestingInformation GatheringPenetration Testing Tools
Question #412Reconnaissance and enumeration
A penetration tester is looking for a particular type of service and obtains the output below: Which of the following commands was executed by the tester?
NmapNTP EnumerationUDP ScanningNSE Scripting
Question #413Vulnerability discovery and analysis
Which of the following is the most common vulnerability associated with loT devices that are directly connected to the internet?
IoT SecurityVulnerabilitiesDefault PasswordsInternet-connected devices
Question #414Post-exploitation and lateral movement
A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode Which of the following is the most likely...
Privilege EscalationUnquoted Service PathsWindows ServicesWMIC
Question #415Attacks and Exploits
Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?
Brute-forcingSSHPassword crackingPenetration testing tools
Question #416Tools and Code Analysis
Which of the following tools would be best to use to conceal data in various kinds of image files?
SteganographyData concealmentSecurity tools
Question #417Reconnaissance and enumeration
A penetration tester is working to enumerate the PLC devices on the 10.88.88.76/24 network. Which of the following commands should the tester use to achieve the objective in a way...
NmapPLC enumerationICS securityReconnaissance
Question #418Reconnaissance and enumeration
A penetration testing firm performs an assessment every six months for the same customer. While performing network scanning for the latest assessment, the penetration tester observ...
Network scanningIP address allocationReconnaissance findingsScope verification

PreviousPage 8 of 12Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.