PT0-002 Practice Exam Questions
and Answers 100% GRADE A+
GUARANTEED
Question # 1
Which of the following is the MOST common vulnerability associated with IoT
devices that are directly connected to the Internet?
Options:
A.
Unsupported operating systems
B.
Susceptibility to DDoS attacks
C.
Inability to network
D.
The existence of default passwords
Question # 2
Which of the following should a penetration tester do NEXT after identifying that an
application being tested has already been compromised with malware?
Options:
A.
Analyze the malware to see what it does.
B.
Collect the proper evidence and then remove the malware.
,C.
Do a root-cause analysis to find out how the malware got in.
D.
Remove the malware immediately.
E.
Stop the assessment and inform the emergency contact.
Question # 3
A penetration tester has been hired to configure and conduct authenticated scans of all
the servers on a software company’s network. Which of the following accounts
should the tester use to return the MOST results?
Options:
A.
Root user
B.
Local administrator
C.
Service
D.
Network administrator
Question # 4
A penetration tester has gained access to part of an internal network and wants to
exploit on a different network segment. Using Scapy, the tester runs the following
command:
Which of the following represents what the penetration tester is attempting to
accomplish?
Options:
,A.
DNS cache poisoning
B.
MAC spoofing
C.
ARP poisoning
D.
Double-tagging attack
Question # 5
A penetration tester has completed an analysis of the various software products
produced by the company under assessment. The tester found that over the past
several years the company has been including vulnerable third-party modules in
multiple products, even though the quality of the organic code being developed is
very good. Which of the following recommendations should the penetration tester
include in the report?
Options:
A.
Add a dependency checker into the tool chain.
B.
Perform routine static and dynamic analysis of committed code.
C.
Validate API security settings before deployment.
D.
Perform fuzz testing of compiled binaries.
Question # 6
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Options:
, A.
The most critical risks of web applications
B.
A list of all the risks of web applications
C.
The risks defined in order of importance
D.
A web-application security standard
E.
A risk-governance and compliance framework
F.
A checklist of Apache vulnerabilities
Question # 7
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
and Answers 100% GRADE A+
GUARANTEED
Question # 1
Which of the following is the MOST common vulnerability associated with IoT
devices that are directly connected to the Internet?
Options:
A.
Unsupported operating systems
B.
Susceptibility to DDoS attacks
C.
Inability to network
D.
The existence of default passwords
Question # 2
Which of the following should a penetration tester do NEXT after identifying that an
application being tested has already been compromised with malware?
Options:
A.
Analyze the malware to see what it does.
B.
Collect the proper evidence and then remove the malware.
,C.
Do a root-cause analysis to find out how the malware got in.
D.
Remove the malware immediately.
E.
Stop the assessment and inform the emergency contact.
Question # 3
A penetration tester has been hired to configure and conduct authenticated scans of all
the servers on a software company’s network. Which of the following accounts
should the tester use to return the MOST results?
Options:
A.
Root user
B.
Local administrator
C.
Service
D.
Network administrator
Question # 4
A penetration tester has gained access to part of an internal network and wants to
exploit on a different network segment. Using Scapy, the tester runs the following
command:
Which of the following represents what the penetration tester is attempting to
accomplish?
Options:
,A.
DNS cache poisoning
B.
MAC spoofing
C.
ARP poisoning
D.
Double-tagging attack
Question # 5
A penetration tester has completed an analysis of the various software products
produced by the company under assessment. The tester found that over the past
several years the company has been including vulnerable third-party modules in
multiple products, even though the quality of the organic code being developed is
very good. Which of the following recommendations should the penetration tester
include in the report?
Options:
A.
Add a dependency checker into the tool chain.
B.
Perform routine static and dynamic analysis of committed code.
C.
Validate API security settings before deployment.
D.
Perform fuzz testing of compiled binaries.
Question # 6
Which of the following BEST describe the OWASP Top 10? (Choose two.)
Options:
, A.
The most critical risks of web applications
B.
A list of all the risks of web applications
C.
The risks defined in order of importance
D.
A web-application security standard
E.
A risk-governance and compliance framework
F.
A checklist of Apache vulnerabilities
Question # 7
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
