PT0-002 exam

The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?A . A birthday attack on 64-bit ciphers (Sweet32) B. An attack that breaks RC4 encryption C. An attack on a session ticket extension (Ticketbleed) D....

A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds...

A penetration tester obtained the following results after scanning a web server using the dirb utility: ... GENERATED WORDS: 4612 ---- Scanning URL: http://10.2.10.13/ ---- + http://10.2.10.13/about (CODE:200|SIZE:1520) + http://10.2.10.13/home.html (CODE:200|SIZE:214) + http://10.2.10.13/index.html (CODE:200|SIZE:214) + http://10.2.10.13/info (CODE:200|SIZE:214) ... DOWNLOADED: 4612 C FOUND: 4 Which of the following elements is MOST...

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type...

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVAS B. Drozer C. Burp Suite D. OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?A . Perform XSS. B. Conduct a watering-hole attack. C. Use BeEF. D....

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)A . Open-source research B. A ping sweep C. Traffic sniffing D. Port knocking E. A vulnerability scan F. An Nmap scanView AnswerAnswer: A,C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/passive-reconnaissance

Which of the following is the MOST effective person to validate results from a penetration test?A . Third party B. Team leader C. Chief Information Officer D. ClientView AnswerAnswer: B

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)A . Spawned shells B. Created user accounts C. Server logs D. Administrator accounts E. Reboot system F. ARP...