PT0-002 exam

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?A . SmurfB . Ping floodC . FraggleD . Ping of deathView AnswerAnswer: C Explanation: Fraggle attack is...

A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?A . Decode the authorization header using UTF-8.B . Decrypt the authorization header using bcrypt.C . Decode the authorization header using Base64.D . Decrypt...

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?A . HashcatB . MimikatzC . PatatorD . John the RipperView AnswerAnswer: C Explanation: https://www.kali.org/tools/patator/

The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted. Which of the following BEST identifies this concept?A . Statement of workB . Program scopeC . Non-disclosure agreementD . Rules...

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of...

A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet. Which of the following OSs would MOST likely return a packet of this type?A . WindowsB . AppleC . LinuxD . AndroidView AnswerAnswer: A Explanation: Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/

A penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO)...

Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?A . DirBusterB . CeWLC . w3afD . PatatorView AnswerAnswer: B Explanation: CeWL, the Custom Word List Generator, is a Ruby application...

A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities. Which of the following tools would be BEST suited for this task?A . GDBB . Burp SuiteC . SearchSpliotD . NetcatView AnswerAnswer: A

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVASB . DrozerC . Burp SuiteD . OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...