PT0-003 exam

During an assessment, a penetration tester manages to get RDP access via a low-privilege user. The tester attempts to escalate privileges by running the following commands: Import-Module .PrintNightmare.ps1 Invoke-Nightmare -NewUser "hacker" -NewPassword "Password123!" -DriverName "Print" The tester attempts to further enumerate the host with the new administrative privileges by using...

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?A . IASTB . SBOMC . DASTD . SASTView AnswerAnswer: D Explanation: kube-hunter is a tool designed to...

During an assessment, a penetration tester exploits an SQLi vulnerability. Which of the following commands would allow the penetration tester to enumerate password hashes?A . sqlmap -u www.example.com/?id=1 --search -T userB . sqlmap -u www.example.com/?id=1 --dump -D accounts -T users -C credC . sqlmap -u www.example.com/?id=1 --tables -D accountsD ....

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?A ....

A penetration tester performs an assessment on the target company's Kubernetes cluster using kube-hunter. Which of the following types of vulnerabilities could be detected with the tool?A . Network configuration errors in Kubernetes servicesB . Weaknesses and misconfigurations in the Kubernetes clusterC . Application deployment issues in KubernetesD . Security...

A tester enumerated a firewall policy and now needs to stage and exfiltrate data captured from the engagement. Given the following firewall policy: Action | SRC | DEST | -- Block | 192.168.10.0/24: 1-65535 | 10.0.0.0/24: 22 | TCP Allow | 0.0.0.0/0: 1-65535 | 192.168.10.0/24:443 | TCP Allow | 192.168.10.0/24:...

During a vulnerability assessment, a penetration tester configures the scanner sensor and performs the initial vulnerability scanning under the client's internal network. The tester later discusses the results with the client, but the client does not accept the results. The client indicates the host and assets that were within scope...

A penetration testing team wants to conduct DNS lookups for a set of targets provided by the client. The team crafts a Bash script for this task. However, they find a minor error in one line of the script: 1 #!/bin/bash 2 for i in $(cat example.txt); do 3 curl...

Before starting an assessment, a penetration tester needs to scan a Class B IPv4 network for open ports in a short amount of time. Which of the following is the best tool for this task?A . Burp SuiteB . masscanC . NmapD . hpingView AnswerAnswer: B Explanation: When needing to...

A penetration tester has found a web application that is running on a cloud virtual machine instance. Vulnerability scans show a potential SSRF for the same application URL path with an injectable parameter. Which of the following commands should the tester run to successfully test for secrets exposure exploitability?A ....