Practice Free PT0-002 Exam Online Questions
A penetration tester writes the following script:
Which of the following is the tester performing?
- A . Searching for service vulnerabilities
- B . Trying to recover a lost bind shell
- C . Building a reverse shell listening on specified ports
- D . Scanning a network for specific open ports
D
Explanation:
-z zero-I/O mode [used for scanning] -v verbose
example output of script:
A penetration tester discovered that a client uses cloud mail as the company’s email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue.
Which of the following BEST describes this attack?
- A . Credential harvesting
- B . Privilege escalation
- C . Password spraying
- D . Domain record abuse
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?
- A . Understanding the tactics of a security intrusion can help disrupt them.
- B . Scripts that are part of the framework can be imported directly into SIEM tools.
- C . The methodology can be used to estimate the cost of an incident better.
- D . The framework is static and ensures stability of a security program overtime.
A
Explanation:
Reference: https://attack.mitre.org/
A penetration-testing team needs to test the security of electronic records in a company’s office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building.
Which of the following would be allowed under the terms of the engagement?
- A . Prying the lock open on the records room
- B . Climbing in an open window of the adjoining building
- C . Presenting a false employee ID to the night guard
- D . Obstructing the motion sensors in the hallway of the records room
B
Explanation:
From the given choices, climbing in an open window of the adjoining building would be the only option that doesn’t violate the conditions of the engagement as stated in the question. The penetration test is not allowed to include circumventing the alarm, performing destructive entry, or using deceptive methods like presenting a false ID. Hence, entering through an open window doesn’t involve any of these prohibited activities. However, it’s also important to mention that such actions should always be confirmed with the client and be explicitly allowed in the rules of engagement (ROE) to avoid legal complications and to maintain professional ethics.
A penetration tester exploits a vulnerable service to gain a shell on a target server.
The tester receives the following:
Directory of C:UsersGuest 05/13/2022 09:23 PM mimikatz.exe 05/18/2022 09:24 PM mimidrv.sys 05/18/2022 09:24 PM mimilib.dll
Which of the following best describes these findings?
- A . Indicators of prior compromise
- B . Password encryption tools
- C . False positives
- D . De-escalation attempts
A
Explanation:
The presence of files such as mimikatz.exe, mimidrv.sys, and mimilib.dll on a target server indicates prior compromise. Mimikatz is a well-known post-exploitation tool used for extracting plaintext passwords, hash dumps, PIN codes, and Kerberos tickets from memory. These files suggest that an attacker has previously gained access to the system and used Mimikatz for credential harvesting. This is a strong indicator of a prior security breach rather than tools used for password encryption or false positives.
Reference: Mimikatz Usage and Detection
Understanding Indicators of Compromise
A penetration tester observes an application enforcing strict access controls.
Which of the following would allow the tester to bypass these controls and successfully access the organization’s sensitive files?
- A . Remote file inclusion
- B . Cross-site scripting
- C . SQL injection
- D . Insecure direct object references
D
Explanation:
Insecure Direct Object Reference (IDOR) vulnerabilities when an application provides direct access to objects based on user-supplied input. This can allow an attacker to bypass authorization and access resources in the system directly, for example database records or files1. In this case, the penetration tester could potentially bypass the strict access controls and access the organization’s sensitive files. Reference: IDOR Vulnerability Overview
Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?
- A . MSA
- B . NDA
- C . SOW
- D . ROE
A penetration tester breaks into a company’s office building and discovers the company does not have a shredding service.
Which of the following attacks should the penetration tester try next?
- A . Dumpster diving
- B . Phishing
- C . Shoulder surfing
- D . Tailgating
A
Explanation:
The penetration tester should try dumpster diving next, which is an attack that involves searching through trash bins or dumpsters for discarded documents or items that may contain sensitive or useful information. Dumpster diving can reveal information such as passwords, account numbers, credit card numbers, invoices, receipts, memos, contracts, or employee records. The penetration tester can use this information to gain access to systems or networks, impersonate users or employees, or perform social engineering attacks. The other options are not likely attacks that the penetration tester should try next based on the discovery that the company does not have a shredding service. Phishing is an attack that involves sending fraudulent emails that appear to be from legitimate sources to trick users into revealing their credentials or clicking on malicious links or attachments. Shoulder surfing is an attack that involves observing or spying on users while they enter their credentials or perform other tasks on their devices. Tailgating is an attack that involves following authorized personnel into a restricted area without proper authorization or identification.
During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page.
Which of the following BEST explains what occurred?
- A . The SSL certificates were invalid.
- B . The tester IP was blocked.
- C . The scanner crashed the system.
- D . The web page was not found.
During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application.
Which of the following vulnerabilities has the penetration tester exploited?
- A . Command injection
- B . Broken authentication
- C . Direct object reference
- D . Cross-site scripting
C
Explanation:
Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does not implement authorization features to verify that someone accessing data on the site is allowed to access that data.