Tag - PT0-002 exam

During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?A . Changing to Wi-Fi equipment that supports strong encryptionB . Using directional...

A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDBB . Burp SuiteC . SearchSpliotD . NetcatView AnswerAnswer: A

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?A . sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.B...

CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023

A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?A . WiresharkB . Aircrack-ngC . KismetD . WifiteView AnswerAnswer: B Explanation: Reference: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/ https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-using-aircrack-ng-and-dnsmasq-part-2-the-attack/

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80B . nmap192.168.1.1-5CPA22-25,80C . nmap192.168.1.1-5CPS22-25,80D . nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: D Explanation: The -sS option in nmap is for SYN...

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation.B . Allow the client to only view the information while in secure spaces.C ....

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?A . Run nmap with the Co, -p22, and CsC options set against the targetB . Run nmap with...

Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . WiresharkB . EAPHammerC . KismetD . Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...