Practice Free PT0-002 Exam Online Questions
Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?
- A . Dictionary
- B . Directory
- C . Symlink
- D . Catalog
- E . For-loop
A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code?
salt = ‘123’ hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(‘sha256’, plaintext, salt, 10000)
Which of the following steps should the penetration tester recommend?
- A . Changing passwords that were created before this code update
- B . Keeping hashes created by both methods for compatibility
- C . Rehashing all old passwords with the new code
- D . Replacing the SHA-256 algorithm to something more secure
C
Explanation:
The penetration tester recommended using a randomly generated salt for each password instead of a fixed salt, which is a security best practice. Therefore, to ensure that all stored passwords benefit from the increased security provided by the use of unique salts, all existing passwords that were hashed using the old method should be rehashed using the new method. This would involve forcing all users to change their passwords, or the system could rehash the existing passwords the next time each user logs in.
A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?
- A . Phishing
- B . Tailgating
- C . Baiting
- D . Shoulder surfing
C
Explanation:
Reference: https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.
Which of the following concerns would BEST support the software company’s request?
- A . The reverse-engineering team may have a history of selling exploits to third parties.
- B . The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
- C . The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
- D . The reverse-engineering team will be given access to source code for analysis.
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
- A . Buffer overflows
- B . Cross-site scripting
- C . Race-condition attacks
- D . Zero-day attacks
- E . Injection flaws
- F . Ransomware attacks
B,E
Explanation:
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring
Reference: https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf
A penetration tester noticed that an employee was using a wireless headset with a smartphone.
Which of the following methods would be best to use to intercept the communications?
- A . Multiplexing
- B . Bluejacking
- C . Zero-day attack
- D . Smurf attack
B
Explanation:
To intercept the communications between an employee’s wireless headset and smartphone, the penetration tester would likely use "Bluejacking" (B). Bluejacking involves sending unsolicited messages to Bluetooth-enabled devices, but in the context of penetration testing and security, it can also encompass techniques for intercepting or hijacking Bluetooth connections. This could allow the tester to eavesdrop on communications or even take control of the headset.
A penetration tester logs in as a user in the cloud environment of a company.
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
- A . iam_enum_permissions
- B . iam_privesc_scan
- C . iam_backdoor_assume_role
- D . iam_bruteforce_permissions
A
Explanation:
Reference: https://essay.utwente.nl/76955/1/Szabo_MSc_EEMCS.pdf (37)
A penetration tester approaches a company employee in the smoking area and starts a conversation about the company’s recent social event. After a few minutes, the employee holds the badge-protected door open for the penetration tester and both enter the company’s building.
Which of the following attacks did the penetration tester perform?
- A . Dumpster diving
- B . Phishing
- C . Badge cloning
- D . Tailgating
D
Explanation:
In this scenario, the penetration tester performed a "Tailgating" attack (D), where the tester follows closely behind a legitimate employee to gain unauthorized access to a secure area without being noticed. This social engineering technique relies on exploiting human tendencies to be polite or avoid confrontation, rather than using technical hacking methods. The tester engaged the employee in casual conversation to appear less suspicious and took advantage of the situation when the employee, perhaps distracted or feeling socially obliged, held the door open for them.
Which of the following is the most secure method for sending the penetration test report to the client?
- A . Sending the penetration test report on an online storage system.
- B . Sending the penetration test report inside a password-protected ZIP file.
- C . Sending the penetration test report via webmail using an HTTPS connection.
- D . Encrypting the penetration test report with the client’s public key and sending it via email.
D
Explanation:
This is the most secure method for sending the penetration test report to the client because it ensures that only the client can decrypt and read the report using their private key. Encrypting the report with the client’s public key prevents anyone else from accessing the report, even if they intercept or compromise the email. The other methods are not as secure because they rely on weaker or no encryption, or they expose the report to third-party services that may not be trustworthy or compliant.
A penetration tester would like to crack a hash using a list of hashes and a predefined set of rules. The tester runs the following command: hashcat.exe -a 0 .hash.txt .rockyou.txt -r .rulesreplace.rule
Which of the following is the penetration tester using to crack the hash?
- A . Hybrid attack
- B . Dictionary
- C . Rainbow table
- D . Brute-force method
B
Explanation:
The command hashcat.exe -a 0 .hash.txt .rockyou.txt -r .rulesreplace.rule indicates that the penetration tester is using a dictionary attack combined with rule-based modifications. The -a 0 option specifies a dictionary attack mode, where .rockyou.txt is the dictionary file containing potential passwords, and -r .rulesreplace.rule applies predefined rules to mutate these passwords. This method leverages a known list of potential passwords and augments them with additional variations based on the rules provided.
Reference: Hashcat Dictionary Attack
Hashcat Rule-based Attack