PT0-002 Online Practice Questions and Answers

A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?

A. Prohibiting exploitation in the production environment

B. Requiring all testers to review the scoping document carefully

C. Never assessing the production networks

D. Prohibiting testers from joining the team during the assessment

Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?

A. An unknown-environment assessment

B. A known-environment assessment

C. A red-team assessment

D. A compliance-based assessment

During the reconnaissance phase, a penetration tester obtains the following output: Reply from 192.168.1.23: bytes=32 time<54ms TTL=128 Reply from 192.168.1.23: bytes=32 time<53ms TTL=128 Reply from 192.168.1.23: bytes=32 time<60ms TTL=128 Reply from 192.168.1.23: bytes=32 time<51ms TTL=128 Which of the following operating systems is MOST likely installed on the host?

A. Linux

B. NetBSD

C. Windows

D. macOS

A penetration tester wrote the following Bash script to brute force a local service password:

..ting as expected.

Which of the following changes should the penetration tester make to get the script to work?

A. ..e cho "The correct password is $p" andand break) ho "The correct password is $p" I| break

B. .e cho "The correct password is $p" andand break)

o "The correct password is $p" I break

C. e cho "The correct password is Sp" andand break) echo "The correct password is $p" andand break)

D. . { echo "The correct password is $p" andand break ) With

E. ( echo "The correct password is $p" andand break )

A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:

Which of the following represents what the penetration tester is attempting to accomplish?

A. DNS cache poisoning

B. MAC spoofing

C. ARP poisoning

D. Double-tagging attack

A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

A. Cost ofthe assessment

B. Report distribution

C. Testing restrictions

D. Liability

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

A. After detection of a breach

B. After a merger or an acquisition

C. When an organization updates its network firewall configurations

D. When most of the vulnerabilities have been remediated

Which of the following actions would BEST explain why a testing team would need to reach out to a customer's emergency contact during an assessment?

A. To confirm assessment dates

B. To escalate the detection of a prior compromise

C. To submit the weekly status report

D. To announce that testing will begin

A penetration tester who is performing a physical assessment has achieved physical access to a call center for the assessed company. The tester is able to move freely around the room. Which of the following attack types is most likely to result in the tester obtaining personal or confidential information quickly?

A. Dumpster diving

B. Warwalking

C. Vishing

D. Smishing

E. Shoulder surfing

A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?

A. file=http://192.168. 1. 78?+document.cookie

B. file =.. / .. / .. /proc/self/environ

C. file='%20or%2054365=54365 ;-

D. file=http://169.254.169.254/latest/meta-data/