Tag - PT0-002 exam

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has...

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?A . Forensically acquire the backdoor Trojan and perform attributionB . Utilize the backdoor in support of the engagementC ....

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?A . A quick description of the vulnerability and a high-level control to fix itB . Information regarding the business impact...

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?A . Reach out to the primary point of contactB . Try to take down the attackersC . Call law enforcement officials...

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)A . WiresharkB . NessusC . RetinaD . Burp SuiteE . ShodanF . NiktoView AnswerAnswer: A,E Explanation: Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...

A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?A . Immunity DebuggerB . OllyDbgC . GDBD...

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?A . schtasks /create /sc /ONSTART /tr C:TempWindowsUpdate.exeB . wmic startup get caption,commandC ....

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods usedB . Bill of materials including supplies, subcontracts, and costs incurred during...