PT0-002 exam

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?A . HTTPS communicationB . Public and private keysC . Password encryptionD . Sessions and cookiesView AnswerAnswer: D

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:A . will reveal vulnerabilities in the Modbus protocol.B . may cause unintended failures in control systems.C . may reduce the true positive rate of findings.D . will create a denial-of-service condition on...

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?A . <#B . <$C . ##D . #$E . #!View AnswerAnswer: D Explanation:...

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80B . nmap192.168.1.1-5CPA22-25,80C . nmap192.168.1.1-5CPS22-25,80D . nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: C

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . WeeklyB . MonthlyC . QuarterlyD . AnnuallyView AnswerAnswer: A Explanation: Reference: https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf (24)

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?A . Edit...

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?A . SmurfB . Ping floodC . FraggleD . Ping of deathView AnswerAnswer: A Explanation: Reference: https://resources.infosecinstitute.com/topic/icmp-attacks/

DRAG DROP You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like...

A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO)...

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?A . Acceptance by the client and sign-off on the final reportB . Scheduling of follow-up actions and retestingC . Attestation of findings and delivery...