PT0-002 exam

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?A . Specially craft and deploy phishing emails to key...

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?A . Shodan B. Nmap C. WebScarab-NG D. NessusView AnswerAnswer: A

A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?A . To provide protection against host OS vulnerabilities B. To reduce the probability of a VM escape attack C. To fix any misconfigurations...

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?A . certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe B. powershell (New-Object...

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . Weekly B. Monthly C. Quarterly D. AnnuallyView AnswerAnswer: C Explanation: https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration...

A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds...

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80 B. nmap192.168.1.1-5CPA22-25,80 C. nmap192.168.1.1-5CPS22-25,80 D. nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: D Explanation: The -sS option in nmap is for SYN...

A penetration tester has prepared the following phishing email for an upcoming penetration test: Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?A . Familiarity and likeness B. Authority and urgency C. Scarcity and fear D. Social proof and greedView...

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?A . Redact identifying information and provide a previous customer's documentation. B. Allow the client to only view the information while in secure spaces. C....

During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?A . Changing to Wi-Fi equipment that supports strong encryption B. Using directional...