PT0-002 Free Practice Test

Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

1. A. Acceptance by the client and sign-off on the final report
2. B. Scheduling of follow-up actions and retesting
3. C. Attestation of findings and delivery of the report
4. D. Review of the lessons learned during the engagement

Correct Answer: C

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a
social-engineering method that, if successful, would MOST likely enable both objectives?

1. A. Send an SMS with a spoofed service number including a link to download a malicious application.
2. B. Exploit a vulnerability in the MDM and create a new account and device profile.
3. C. Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.
4. D. Infest a website that is often used by employees with malware targeted toward x86 architectures.

Correct Answer: A
Since it doesn't indicate company owned devices, sending a text to download an application is best. And it says social-engineering so a spoofed text falls under that area.

A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

1. A. The injection was too slow.
2. B. The DNS information was incorrect.
3. C. The DNS cache was not refreshed.
4. D. The client did not receive a trusted response.

Correct Answer: C

A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

1. A. A handheld RF spectrum analyzer
2. B. A mask and personal protective equipment
3. C. Caution tape for marking off insecure areas
4. D. A dedicated point of contact at the client
5. E. The paperwork documenting the engagement
6. F. Knowledge of the building's normal business hours

Correct Answer: DE
Always carry the contact information and any documents stating that you are approved to do this.

A penetration tester performs the following command: curl –I –http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: A