PT0-003Preview

A penetration tester wants to send a specific network packet with custom flags and sequence numbers to a vulnerable target. Which of the following should the tester use?

A penetration tester needs to test a very large number of URLs for public access. Given the following code snippet:

Which of the following changes is required?

During a penetration test, a tester captures information about an SPN account. Which of the following attacks requires this information as a prerequisite to proceed?

HOTSPOT -
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.

INSTRUCTIONS -
Select the tool the penetration tester should use for further investigation.
Select the three entries in the robots.txt file that the penetration tester should recommend for removal.
If at any time you would like to bring back the inital state of the simulation, please click the Reset All button.

While performing an internal assessment, a tester uses the following command: crackmapexec smb 192.168.1.0/24 -u user.txt -p Summer123@
Which of the following is the main purpose of the command?

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

A penetration tester is performing network reconnaissance. The tester wants to gather information about the network without causing detection mechanisms to flag the reconnaissance activities. Which of the following techniques should the tester use?

During a security assessment, a penetration tester uses a tool to capture plaintext log-in credentials on the communication between a user and an authentication system. The tester wants to use this information for further unauthorized access. Which of the following tools is the tester using?

A penetration tester established an initial compromise on a host. The tester wants to pivot to other targets and set up an appropriate relay. The tester needs to enumerate through the compromised host as a relay from the tester's machine. Which of the following commands should the tester use to do this task from the tester's host?

A penetration tester is unable to identify the Wi-Fi SSID on a client's cell phone. Which of the following techniques would be most effective to troubleshoot this issue?

A client recently hired a penetration testing firm to conduct an assessment of their consumer-facing web application. Several days into the assessment, the client's networking team observes a substantial increase in DNS traffic. Which of the following would most likely explain the increase in DNS traffic?

A penetration tester performs a service enumeration process and receives the following result after scanning a server using the Nmap tool:

Based on the output, which of the following services provides the best target for launching an attack?

Which of the following explains the reason a tester would opt to use DREAD over PTES during the planning phase of a penetration test?

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

A penetration tester finds that an application responds with the contents of the /etc/passwd file when the following payload is sent:

Which of the following should the tester recommend in the report to best prevent this type of vulnerability?

A penetration tester is working on an engagement in which a main objective is to collect confidential information that could be used to exfiltrate data and perform a ransomware attack. During the engagement, the tester is able to obtain an internal foothold on the target network. Which of the following is the next task the tester should complete to accomplish the objective?

A penetration testing team needs to determine whether it is possible to disrupt the wireless communications for PCs deployed in the client's offices. Which of the following techniques should the penetration tester leverage?

Which of the following tasks would ensure the key outputs from a penetration test are not lost as part of the cleanup and restoration activities?

A penetration tester is conducting reconnaissance for an upcoming assessment of a large corporate client. The client authorized spear phishing in the rules of engagement. Which of the following should the tester do first when developing the phishing campaign?

A penetration tester reviews a SAST vulnerability scan report. The following lines of code have been reported as vulnerable:

Which of the following is the best method to remediate this vulnerability?

A penetration tester attempts unauthorized entry to the company’s server room as part of a security assessment. Which of the following is the best technique to manipulate the lock pins and open the door without the original key?

Which of the following technologies is most likely used with badge cloning? (Choose two.)

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example of?

During a penetration test of a web application, the tester gains full access to the application's source code. The application repository includes thousands of code files. Given that the assessment timeline is very short, which of the following approaches would allow the tester to identify hard-coded credentials most effectively?

A penetration tester is evaluating a SCADA system. The tester receives local access to a workstation that is running a single application. While navigating through the application, the tester opens a terminal window and gains access to the underlying operating system. Which of the following attacks is the tester performing?