PT0-002 exam

autonumA client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation.B . Allow the client to only view the information while in secure spaces.C ....

autonumA penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...

autonumA client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?A . OWASP Top 10B . MITRE ATT&CK frameworkC ....

autonumGiven the following script: Which of the following BEST characterizes the function performed by lines 5 and 6?A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10B . Performs a single DNS query for www.comptia.org and prints the raw data outputC . Loops through variable b to...

autonumDRAG DROP During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan. INSTRUCTIONS Analyze the code segments to determine which sections are needed to complete a port scanning...

autonumWhich of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53B . OWASP Top 10C . MITRE ATT&CK frameworkD . PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework

autonumWhich of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . ShodanB . NmapC . WebScarab-NGD . NessusView AnswerAnswer: A

autonumA penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgeryB ....

autonumWhich of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . WiresharkB . EAPHammerC . KismetD . Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...

autonumDuring a penetration test, the domain names, IP ranges, hosts, and applications are defined in the: A. SOW. B. SLA. C. ROE. D. NDAView AnswerAnswer: C Explanation: https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.