PT0-002 exam

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which...

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?A . Executive summary of the penetration-testing methods used B. Bill of materials including supplies, subcontracts, and costs incurred during...

A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?A . Steganography B. Metadata removal C. Encryption D. Encode64View AnswerAnswer: B Explanation: All other answers are a...

DRAG DROP You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies. If at any time you would like...

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?A . VRFY and EXPN B. VRFY and...

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?A . NIST SP 800-53 B. OWASP Top 10 C. MITRE ATT&CK framework D. PTES technical guidelinesView AnswerAnswer: C Explanation: Reference: https://digitalguardian.com/blog/what-mitre-attck-framework

A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?A . Configure wireless access to use a AAA server. B. Use random MAC addresses on the...

A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?A . Cross-site request forgery B....

A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?A . Windows B. Apple C. Linux D. AndroidView AnswerAnswer: A Explanation: Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly. Which of the following changes should the tester apply to make the script work as intended?A . Change line 2 to $ip= 10.192.168.254; B. Remove...