PT0-002 exam

A penetration tester wrote the following script to be used in one engagement: Which of the following actions will this script perform?A . Look for open ports. B. Listen for a reverse shell. C. Attempt to flood open ports. D. Create an encrypted tunnel.View AnswerAnswer: A

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?A . Clarify the statement of work. B. Obtain an asset inventory from the client. C. Interview all stakeholders. D. Identify...

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig: comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org. 3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org. Which of the following potential...

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?A . Utilize the...

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)A . The CVSS score of the finding B. The network location of the vulnerable device C. The vulnerability identifier D. The client acceptance form E. The name of the...

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?A . Socat B. tcpdump C. Scapy D. digView AnswerAnswer: C Explanation: https://thepacketgeek.com/scapy/building-network-tools/part-09/

A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?A . nmap -iL results 192.168.0.10-100 B. nmap 192.168.0.10-100 -O > results C. nmap -A 192.168.0.10-100 -oX...

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext. B. occurs during the monthly vulnerability scanning. C. uncovers indicators of prior compromise over the course of the assessment. D. proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: C Explanation: This...

A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to...

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?A . S/MIME B. FTPS C. DNSSEC D. AS2View AnswerAnswer: A Explanation: Reference: https://searchsecurity.techtarget.com/answer/What-are-the-most-important-email-security- protocols