PT0-002 exam

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?A . Create a one-shot system service to establish a reverse shell. B. Obtain /etc/shadow and brute force the root password....

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?A . nmap192.168.1.1-5CPU22-25,80 B. nmap192.168.1.1-5CPA22-25,80 C. nmap192.168.1.1-5CPS22-25,80 D. nmap192.168.1.1-5CSs22-25,80View AnswerAnswer: C Explanation: PS/PA/PU/PY are host discovery flags which use TCP...

HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?A . Smurf B. Ping flood C. Fraggle D. Ping of deathView AnswerAnswer: C Explanation: Fraggle attack is...

A penetration tester runs the following command on a system: find / -user root Cperm -4000 Cprint 2>/dev/null Which of the following is the tester trying to accomplish?A . Set the SGID on all files in the / directory B. Find the /root directory on the system C. Find files...

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?A . After detection of a breach B. After a merger or an acquisition C. When an organization updates its network firewall configurations D. When most of the vulnerabilities have been remediatedView AnswerAnswer: D

A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following BEST describes what happened?A . The penetration tester was testing...

An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?A . nmap 192.168.0.1/24 B. nmap 192.168.0.1/24 C. nmap oG 192.168.0.1/24 D. nmap 192.168.0.1/24View AnswerAnswer: A

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)A . Open-source research B. A ping sweep C. Traffic sniffing D. Port knocking E. A vulnerability scan F. An Nmap scanView AnswerAnswer: A,C Explanation: Reference: https://www.sciencedirect.com/topics/computer-science/passive-reconnaissance