Tag - PT0-002 exam

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVASB . DrozerC . Burp SuiteD . OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the...

A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?A . To provide protection against host OS vulnerabilitiesB . To reduce the probability of a VM escape attackC . To fix any misconfigurations...

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext.B . occurs during the monthly vulnerability scanning.C . uncovers indicators of prior compromise over the course of the assessment.D . proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: D Explanation: Deconfliction...

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?A . chmod u+x script.shB . chmod u+e script.shC . chmod o+e script.shD . chmod o+x script.shView AnswerAnswer: A Explanation: Reference: https://newbedev.com/chmod-u-x-versus-chmod-x

Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?A . SOWB . SLAC . MSAD . NDAView AnswerAnswer: A

A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds...

A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?A . Understanding the tactics of a security intrusion can help disrupt them.B . Scripts that are part of the...

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installationsB ....

A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?A . Configure wireless access to use a AAA server.B . Use random MAC addresses on the...