PT0-002 exam

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?A . sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds....

A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output?A ....

CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80 B. nmap192.168.1.1-5CPA22-25,80 C. nmap192.168.1.1-5CPS22-25,80 D. nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: C Explanation: PS/PA/PU/PY are host discovery flags which use TCP...

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . Weekly B. Monthly C. Quarterly D. AnnuallyView AnswerAnswer: C Explanation: https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration...

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?A . Data flooding B. Session riding...

Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?A . Wireshark B. EAPHammer C. Kismet D. Aircrack-ngView AnswerAnswer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows...

A penetration tester writes the following script: Which of the following is the tester performing?A . Searching for service vulnerabilities B. Trying to recover a lost bind shell C. Building a reverse shell listening on specified ports D. Scanning a network for specific open portsView AnswerAnswer: D Explanation: -z zero-I/O...

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVAS B. Drozer C. Burp Suite D. OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...

Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?A . The IP address is wrong. B. The server is unreachable. C. The IP address is on the blocklist. D. The IP address is on the allow list.View AnswerAnswer: C Explanation:...