Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
PT0-002
Free trial
Verified
Question 26
A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?
- A: Launch an external scan of netblocks.
- B: Check WHOIS and netblock records for the company.
- C: Use DNS lookups and dig to determine the external hosts.
- D: Conduct a ping sweep of the company's netblocks.
Question 27
A penetration tester captured the following traffic during a web-application test:
Which of the following methods should the tester use to visualize the authorization information being transmitted?
- A: Decode the authorization header using UTF-8.
- B: Decrypt the authorization header using bcrypt.
- C: Decode the authorization header using Base64.
- D: Decrypt the authorization header using AES.
Question 28
A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food. Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?
- A: Tailgating
- B: Dumpster diving
- C: Shoulder surfing
- D: Badge cloning
Question 29
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?
- A: Netcraft
- B: CentralOps
- C: Responder
- D: FOCA
Question 30
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.
Which of the following methods will MOST likely work?
- A: Try to obtain the private key used for S/MIME from the CEO's account.
- B: Send an email from the CEO's account, requesting a new account.
- C: Move laterally from the mail server to the domain controller.
- D: Attempt to escalate privileges on the mail server to gain root access.
Question 31
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?
- A: Nmap
- B: Nikto
- C: Cain and Abel
- D: Ethercap
Question 32
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?
- A: Wireshark
- B: Aircrack-ng
- C: Kismet
- D: Wifite
Question 33
A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible. Which of the following Nmap scan syntaxes would BEST accomplish this objective?
- A: nmap ג€"sT ג€"vvv ג€"O 192.168.1.0/24 ג€"PO
- B: nmap ג€"sV 192.168.1.0/24 ג€"PO
- C: nmap ג€"sA ג€"v ג€"O 192.168.1.0/24
- D: nmap ג€"sS ג€"O 192.168.1.0/24 ג€"T1
Question 34
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?
- A: TCP port 443 is not open on the firewall
- B: The API server is using SSL instead of TLS
- C: The tester is using an outdated version of the application
- D: The application has the API certificate pinned.
Question 35
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
- A: Unsupported operating systems
- B: Susceptibility to DDoS attacks
- C: Inability to network
- D: The existence of default passwords
Question 36
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?
- A: OpenVAS
- B: Nikto
- C: SQLmap
- D: Nessus
Question 37
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter, with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
- A: Data flooding
- B: Session riding
- C: Cybersquatting
- D: Side channel
Question 38
Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?
- A: Scope details
- B: Findings
- C: Methodology
- D: Statement of work
Question 39
A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?
- A: Send an SMS with a spoofed service number including a link to download a malicious application.
- B: Exploit a vulnerability in the MDM and create a new account and device profile.
- C: Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.
- D: Infest a website that is often used by employees with malware targeted toward x86 architectures.
Question 40
A penetration tester ran a ping `"A command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?
- A: Windows
- B: Apple
- C: Linux
- D: Android
Question 41
A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)
- A: Shoulder surfing
- B: Call spoofing
- C: Badge stealing
- D: Tailgating
- E: Dumpster diving
- F: Email phishing
Question 42
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
Which of the following attacks is being attempted?
- A: Clickjacking
- B: Session hijacking
- C: Parameter pollution
- D: Cookie hijacking
- E: Cross-site scripting
Question 43
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
- A: A signed statement of work
- B: The correct user accounts and associated passwords
- C: The expected time frame of the assessment
- D: The proper emergency contacts for the client
Question 44
An Nmap scan of a network switch reveals the following:
Which of the following technical controls will most likely be the FIRST recommendation for this device?
- A: Encrypted passwords
- B: System-hardening techniques
- C: Multifactor authentication
- D: Network segmentation
Question 45
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the ymic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
- A: Alternate data streams
- B: PowerShell modules
- C: MP4 steganography
- D: ProcMon
Question 46
Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?
- A: To remove hash-cracking registry entries
- B: To remove the tester-created Mimikatz account
- C: To remove tools from the server
- D: To remove a reverse shell from the system
Question 47
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?
- A: Check the scoping document to determine if exfiltration is within scope.
- B: Stop the penetration test.
- C: Escalate the issue.
- D: Include the discovery and interaction in the daily report.
Question 48
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
- A: SQLmap
- B: DirBuster
- C: w3af
- D: OWASP ZAP
Question 49
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
- A: MSA
- B: NDA
- C: SOW
- D: ROE
Question 50
A penetration tester runs a scan against a server and obtains the following output:
Which of the following command sequences should the penetration tester try NEXT?
- A: ftp 192.168.53.23
- B: smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 -U guest
- C: ncrack -u Administrator -P 15worst_passwords.txt -p rdp 192.168.53.23
- D: curl -X TRACE https://192.168.53.23:8443/index.aspx
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!