PT0-002 exam

A penetration tester obtained the following results after scanning a web server using the dirb utility: ... GENERATED WORDS: 4612 ---- Scanning URL: http://10.2.10.13/ ---- + http://10.2.10.13/about (CODE:200|SIZE:1520) + http://10.2.10.13/home.html (CODE:200|SIZE:214) + http://10.2.10.13/index.html (CODE:200|SIZE:214) + http://10.2.10.13/info (CODE:200|SIZE:214) ... DOWNLOADED: 4612 C FOUND: 4 Which of the following elements is MOST...

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type...

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet. Which of the following tools or techniques would BEST support...

An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?A . OpenVAS B. Drozer C. Burp Suite D. OWASP ZAPView AnswerAnswer: A Explanation: OpenVAS...

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?A . Perform XSS. B. Conduct a watering-hole attack. C. Use BeEF. D....

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)A . Open-source research B. A ping sweep C. Traffic sniffing D. Port knocking E. A vulnerability scan F. An Nmap scanView AnswerAnswer: A,C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/passive-reconnaissance

Which of the following is the MOST effective person to validate results from a penetration test?A . Third party B. Team leader C. Chief Information Officer D. ClientView AnswerAnswer: B

A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)A . Spawned shells B. Created user accounts C. Server logs D. Administrator accounts E. Reboot system F. ARP...

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in...

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...