PT0-002 exam

autonumThe delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted. Which of the following BEST identifies this concept?A . Statement of workB . Program scopeC . Non-disclosure agreementD . Rules...

autonumA penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?A . Run nmap with the Co, -p22, and CsC options set against the targetB . Run nmap with...

autonumDuring a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames. Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?A . Sniff and then crack the WPS PIN...

autonumA penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?A . Delete the scheduled batch job.B . Close the reverse shell connection.C . Downgrade the svsaccount permissions.D . Remove the tester-created credentials.View AnswerAnswer: D

autonumWhich of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?A . Analyze the malware to see what it does.B . Collect the proper evidence and then remove the malware.C . Do a root-cause analysis to find out...

autonumDuring the reconnaissance phase, a penetration tester obtains the following output: Reply from 192.168.1.23: bytes=32 time<54ms TTL=128 Reply from 192.168.1.23: bytes=32 time<53ms TTL=128 Reply from 192.168.1.23: bytes=32 time<60ms TTL=128 Reply from 192.168.1.23: bytes=32 time<51ms TTL=128 Which of the following operating systems is MOST likely installed on the host?A . LinuxB...

autonumA penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel. Which of the following would the tester MOST likely describe as a benefit of the framework?A . Understanding the tactics of a security intrusion can help disrupt them.B . Scripts that are part of the...

autonumA penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?A . Check the scoping document to determine if exfiltration is...

autonumA company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the...

autonumA penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...