PT0-001 Online Practice Questions and Answers
Click the exhibit button.
Given the Nikto vulnerability, scan output shown in the exhibit, which of the following exploitation techniques might be used to exploit the target system? (Choose two.)
A. Arbitrary code execution
B. Session hijacking
C. SQL injection
D. Login credential brute-forcing
E. Cross-site request forgery
A tester has determined that null sessions are enabled on a domain controller. Which of the following attacks can be performed to leverage this vulnerability?
A. RID cycling to enumerate users and groups
B. Pass the hash to relay credentials
C. Password brute forcing to log into the host
D. Session hijacking to impersonate a system account
Given the following script:
Which of the following BEST describes the purpose of this script?
A. Log collection
B. Event logging
C. Keystroke monitoring
D. Debug message collection
Which of the following tools is used to perform a credential brute force attack?
A. Hydra
B. John the Ripper
C. Hashcat
D. Peach
A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?
A. Whitelisting prevents a possible inadvertent DoS attack against the IPS and supporting log-monitoring systems.
B. Penetration testing of third-party IPS systems often requires additional documentation and authorizations; potentially delaying the time-sensitive test.
C. IPS whitelisting rules require frequent updates to stay current, constantly developing vulnerabilities and newly discovered weaknesses.
D. Testing should focus on the discovery of possible security issues across all in-scope systems, not on determining the relative effectiveness of active defenses such as an IPS.
A penetration tester is in the process of writing a report that outlines the overall level of risk to operations. In which of the following areas of the report should the penetration tester put this?
A. Appendices
B. Executive summary
C. Technical summary
D. Main body
A penetration tester is performing an annual security assessment for a repeat client The tester finds indicators of previous compromise Which of the following would be the most logical steps to follow NEXT?
A. Report the incident to the tester's immediate manager and follow up with the client immediately
B. Report the incident to the clients Chief Information Security Officer (CISO) immediately and alter the terms of engagement accordingly
C. Report the incident to the client's legal department and then follow up with the client's security operations team
D. Make note of the anomaly, continue with the penetration testing and detail it in the final report
A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report.
Which of the following is the MOST likely reason for the reduced severity?
A. The client has applied a hot fix without updating the version.
B. The threat landscape has significantly changed.
C. The client has updated their codebase with new features.
D. Thera are currently no known exploits for this vulnerability.
A penetration tester has been asked to conduct a penetration test on a REST-based web service. Which of the following items is required?
A. The latest vulnerability scan results
B. A list of sample application requests
C. An up-to-date list of possible exploits
D. A list of sample test accounts
After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?
A. Run a zero-day exploit.
B. Create a new domain user with a known password.
C. Modify a known boot time service to instantiate a call back.
D. Obtain cleartext credentials of the compromised user.