Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
PT0-002
Free trial
Verified
Question 76
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?
- A: nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt
- B: nmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d "" -f5 > live-hosts.txt
- C: nmap -Pn -sV -O -iL target.txt -oA target_text_Service
- D: nmap -sS -Pn -n -iL target.txt -oA target_txtl
Question 77
SIMULATION -
Using the output, identify potential attack vectors that should be further investigated.
Question 78
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?
- A: To meet PCI DSS testing requirements
- B: For testing of the customer's SLA with the ISP
- C: Because of concerns regarding bandwidth limitations
- D: To ensure someone is available if something goes wrong
Question 79
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address.
Which of the following MOST likely describes what happened?
- A: The penetration tester was testing the wrong assets.
- B: The planning process failed to ensure all teams were notified.
- C: The client was not ready for the assessment to start.
- D: The penetration tester had incorrect contact information.
Question 80
An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?
- A: nmap -sA 192.168.0.1/24
- B: nmap -sS 192.168.0.1/24
- C: nmap -oG 192.168.0.1/24
- D: nmap 192.168.0.1/24
Question 81
During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?
- A: Deny that the vulnerability existed
- B: Investigate the penetration tester.
- C: Accept that the client was right.
- D: Fire the penetration tester.
Question 82
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?
- A: Patch installations
- B: Successful exploits
- C: Application failures
- D: Bandwidth limitations
Question 83
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the number of the service. Which of the following methods would BEST support validation of the possible findings?
- A: Manually check the version number of the VoIP service against the CVE release.
- B: Test with proof-of-concept code from an exploit database on a non-production system.
- C: Review SIP traffic from an on-path position to look for indicators of compromise.
- D: Execute an nmap -sV scan against the service.
Question 84
The results of an Nmap scan are as follows:
Which of the following device types will MOST likely have a similar response?
- A: Active Directory domain controller
- B: IoT/embedded device
- C: Exposed RDP
- D: Print queue
Question 85
Which of the following are the MOST important items for prioritizing fixes that should be included in the final report for a penetration test? (Choose two.)
- A: The CVSS score of the finding
- B: The network location of the vulnerable device
- C: The vulnerability identifier
- D: The client acceptance form
- E: The name of the person who found the flaw
- F: The tool used to find the issue
Question 86
User credentials were captured from a database during an assessment and cracked using rainbow tables Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?
- A: MD5
- B: bcrypt
- C: SHA-1
- D: PBKDF2
Question 87
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
- A: Cross-site request forgery
- B: Server-side request forgery
- C: Remote file inclusion
- D: Local code inclusion
Question 88
A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?
- A: GDB
- B: Burp Suite
- C: SearchSpliot
- D: Netcat
Question 89
Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?
- A: Scraping social media for personal details
- B: Registering domain names that are similar to the target company's
- C: Identifying technical contacts at the company
- D: Crawling the company's website for company information
Question 90
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?
- A: Uncover potential criminal activity based on the evidence gathered.
- B: Identify all the vulnerabilities in the environment.
- C: Limit invasiveness based on scope.
- D: Maintain confidentiality of the findings.
Question 91
A penetration tester is testing a new API for the company's existing services and is preparing the following script:
Which of the following would the test discover?
- A: Default web configurations
- B: Open web ports on a host
- C: Supported HTTP methods
- D: Listening web servers in a domain
Question 92
Given the following script:
Which of the following BEST characterizes the function performed by lines 5 and 6?
- A: Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
- B: Performs a single DNS query for www.comptia.org and prints the raw data output
- C: Loops through variable b to count the results returned for the DNS query and prints that count to screen
- D: Prints each DNS query result already stored in variable b
Question 93
A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement?
- A: Prying the lock open on the records room
- B: Climbing in an open window of the adjoining building
- C: Presenting a false employee ID to the night guard
- D: Obstructing the motion sensors in the hallway of the records room
That’s the end of your free questions
You’ve reached the preview limit for PT0-002Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!