PT0-002 exam

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the...

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?A . Command injection B. Broken authentication C. Direct object reference D. Cross-site scriptingView AnswerAnswer: C...

Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?A . Executive summary B. Remediation C. Methodology D. Metrics and measuresView AnswerAnswer: B

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?A . Aircrack-ng B. Wireshark C. Wifite D. KismetView AnswerAnswer: A Explanation: Reference: https://purplesec.us/perform-wireless-penetration-test/

A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?A . iam_enum_permissions B. iam_privesc_scan C. iam_backdoor_assume_role D. iam_bruteforce_permissionsView AnswerAnswer: A Explanation: Reference: https://essay.utwente.nl/76955/1/Szabo_MSc_EEMCS.pdf (37)

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?A . Nmap B. Wireshark C. Metasploit D. NetcatView AnswerAnswer: B

A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDB B. Burp Suite C. SearchSpliot D. NetcatView AnswerAnswer: A

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power. B. devices are obsolete and are no longer available for replacement. C. protocols are more difficult to understand. D. devices may cause physical world effects.View...

A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?A . Look for open ports. B. Listen for a reverse shell. C. Attempt to flood open ports. D. Create an encrypted tunnel.View AnswerAnswer: A

Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?A . An unknown-environment assessment B. A known-environment assessment C. A red-team assessment D. A compliance-based assessmentView AnswerAnswer: B Explanation: A known environment test is often more complete, because testers can get...