PT0-002 exam

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...

A penetration tester is exploring a client’s website. The tester performs a curl command and obtains the following: * Connected to 10.2.11.144 (::1) port 80 (#0) > GET /readmine.html HTTP/1.1 > Host: 10.2.11.144 > User-Agent: curl/7.67.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200...

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has...

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?A . Forensically acquire the backdoor Trojan and perform attributionB . Utilize the backdoor in support of the engagementC ....

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?A . A quick description of the vulnerability and a high-level control to fix itB . Information regarding the business impact...

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?A . Reach out to the primary point of contactB . Try to take down the attackersC . Call law enforcement officials...

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)A . WiresharkB . NessusC . RetinaD . Burp SuiteE . ShodanF . NiktoView AnswerAnswer: A,E Explanation: Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)A . Scraping social...

A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?A . Immunity DebuggerB . OllyDbgC . GDBD...