PT0-002 exam

Deconfliction is necessary when the penetration test:A . determines that proprietary information is being stored in cleartext. B. occurs during the monthly vulnerability scanning. C. uncovers indicators of prior compromise over the course of the assessment. D. proceeds in parallel with a criminal digital forensic investigation.View AnswerAnswer: C Explanation: This...

A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to...

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?A . S/MIME B. FTPS C. DNSSEC D. AS2View AnswerAnswer: A Explanation: Reference: https://searchsecurity.techtarget.com/answer/What-are-the-most-important-email-security- protocols

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?A . nmap Cf CsV Cp80 192.168.1.20 B. nmap...

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company’s network. Which of the following accounts should the tester use to return the MOST results?A . Root user B. Local administrator C. Service D. Network administratorView AnswerAnswer: C

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are: Which of the following is the BEST method to help an attacker gain internal access to the affected machine?A . Edit...

A penetration tester gains access to a system and establishes persistence, and then runs the following commands: cat /dev/null > temp touch Cr .bash_history temp mv temp .bash_history Which of the following actions is the tester MOST likely performing?A . Redirecting Bash history to /dev/null B. Making a copy of...

A tester who is performing a penetration test on a website receives the following output: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?A . <script>var adr= ‘../evil.php?test=’ + escape(document.cookie);</script> B....

HOTSPOT You are a security analyst tasked with hardening a web server. You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future. If...

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?A . Acceptance by the client and sign-off on the final report B. Scheduling of follow-up actions and retesting C. Attestation of findings and delivery...