PT0-002 Free Practice Test

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?

1. A. Perform vertical privilege escalation.
2. B. Replay the captured traffic to the server to recreate the session.
3. C. Use John the Ripper to crack the password.
4. D. Utilize a pass-the-hash attack.

Correct Answer: D

A penetration tester wants to scan a target network without being detected by the client’s IDS. Which of the following scans is MOST likely to avoid detection?

1. A. nmap –p0 –T0 –sS 192.168.1.10
2. B. nmap –sA –sV --host-timeout 60 192.168.1.10
3. C. nmap –f --badsum 192.168.1.10
4. D. nmap –A –n 192.168.1.10

Correct Answer: A

You are a penetration tester reviewing a client’s website through a web browser. INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present. Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.







Solution:
Graphical user interface Description automatically generated

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

A consultant is reviewing the following output after reports of intermittent connectivity issues:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?

1. A. A device on the network has an IP address in the wrong subnet.
2. B. A multicast session was initiated using the wrong multicast group.
3. C. An ARP flooding attack is using the broadcast address to perform DDoS.
4. D. A device on the network has poisoned the ARP cache.

Correct Answer: D
The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address. With this on the same network, intermittent connectivity will be inevitable as along as the gateway remains unreachable on the IP known by the others machines on the network, and given that the new machine claiming to be the gateway has not been configured to route traffic.

A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.
Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

1. A. Closing open services
2. B. Encryption users' passwords
3. C. Randomizing users' credentials
4. D. Users' input validation
5. E. Parameterized queries
6. F. Output encoding

Correct Answer: DE