PT0-002 exam

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the...

During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the: A. SOW. B. SLA. C. ROE. D. NDAView AnswerAnswer: C Explanation: https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?A . sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds....

A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....

CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80 B. nmap192.168.1.1-5CPA22-25,80 C. nmap192.168.1.1-5CPS22-25,80 D. nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: C Explanation: PS/PA/PU/PY are host discovery flags which use TCP...

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . Weekly B. Monthly C. Quarterly D. AnnuallyView AnswerAnswer: C Explanation: https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration...

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?A . Data flooding B. Session riding...

Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . Wireshark B. EAPHammer C. Kismet D. Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...

A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilities B. Trying to recover a lost bind shell C. Building a reverse shell listening on specified ports D. Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...