PT0-002 exam

Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . WiresharkB . EAPHammerC . KismetD . Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53B . OWASP Top 10C . MITRE ATT&CK frameworkD . PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework

A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any...

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . HashcatB . MimikatzC . PatatorD . John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/

A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilitiesB . Trying to recover a lost bind shellC . Building a reverse shell listening on specified portsD . Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...

Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?A . The IP address is wrong.B . The server is unreachable.C . The IP address is on the blocklist.D . The IP address is on the allow list.View AnswerAnswer: B Explanation:...

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration...

A penetration tester is exploring a client’s website. The tester performs a curl command and obtains the following: * Connected to 10.2.11.144 (::1) port 80 (#0) > GET /readmine.html HTTP/1.1 > Host: 10.2.11.144 > User-Agent: curl/7.67.0 > Accept: */* >  * Mark bundle as not supporting multiuse < HTTP/1.1 200...

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the...