PT0-002 exam

A penetration tester ran the following command on a staging server: python Cm SimpleHTTPServer 9891 Which of the following commands could be used to download a file named exploit to a target machine for execution?A . nc 10.10.51.50 9891 < exploitB . powershell Cexec bypass Cf \10.10.51.509891C . bash Ci...

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this...

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:A . devices produce more heat and consume more power.B . devices are obsolete and are no longer available for replacement.C . protocols are more difficult to understand.D . devices may cause physical world effects.View...

A penetration tester is exploring a client’s website. The tester performs a curl command and obtains the following: * Connected to 10.2.11.144 (::1) port 80 (#0) > GET /readmine.html HTTP/1.1 > Host: 10.2.11.144 > User-Agent: curl/7.67.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200...

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?A . PLCs...

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has...

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?A . Forensically acquire the backdoor Trojan and perform attributionB . Utilize the backdoor in support of the engagementC ....

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?A . A quick description of the vulnerability and a high-level control to fix itB . Information regarding the business impact...

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?A . Reach out to the primary point of contactB . Try to take down the attackersC . Call law enforcement officials...

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)A . WiresharkB . NessusC . RetinaD . Burp SuiteE . ShodanF . NiktoView AnswerAnswer: A,E Explanation: Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/