PT0-002 exam

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following: Which of the following combinations of tools would the penetration tester use to exploit this script?A . Hydra and crunch B. Netcat...

A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?A . Maximizing the likelihood of finding vulnerabilities B. Reprioritizing...

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?A . The penetration tester conducts a retest. B. The penetration tester deletes all scripts from the client machines. C. The client applies...

A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?A . Look for open ports. B. Listen for a reverse shell. C. Attempt to flood open ports. D. Create an encrypted tunnel.View AnswerAnswer: A

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?A . Clarify the statement of work. B. Obtain an asset inventory from the client. C. Interview all stakeholders. D. Identify...

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig: comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org. 3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org. Which of the following potential...

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?A . Utilize the...

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)A . The CVSS score of the finding B. The network location of the vulnerable device C. The vulnerability identifier D. The client acceptance form E. The name of the...

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?A . Socat B. tcpdump C. Scapy D. digView AnswerAnswer: C Explanation: https://thepacketgeek.com/scapy/building-network-tools/part-09/

A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100 B. nmap 192.168.0.10-100 -O > results C. nmap -A 192.168.0.10-100 -oX...