PT0-002 Free Practice Test

A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

1. A. Nmap
2. B. Nikto
3. C. Cain and Abel
4. D. Ethercap

Correct Answer: B
https://hackertarget.com/nikto-website-scanner/

A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

1. A. Patch installations
2. B. Successful exploits
3. C. Application failures
4. D. Bandwidth limitations

Correct Answer: B
Successful exploits could cause network disruptions, service outages, or data corruption, which could affect the connectivity and functionality of the oil rig network. Patch installations, application failures, and bandwidth limitations are less likely to be related to the penetration testing activities.

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

1. A. Badge cloning
2. B. Watering-hole attack
3. C. Impersonation
4. D. Spear phishing

Correct Answer: D
Spear phishing is a type of targeted attack where the attacker sends emails that appear to come from a legitimate source, often a company or someone familiar to the target, with the goal of tricking the target into clicking on a malicious link or providing sensitive information. In this case, the penetration tester has already gathered OSINT on the IT system administrator, so they can use this information to craft a highly targeted spear phishing attack to try and gain access to the target system.

A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

1. A. tcpdump
2. B. Snort
3. C. Nmap
4. D. Netstat
5. E. Fuzzer

Correct Answer: C

A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP. Which of the following methods would BEST support the objective?

1. A. Gain access to the target host and implant malware specially crafted for this purpose.
2. B. Exploit the local DNS server and add/update the zone records with a spoofed A record.
3. C. Use the Scapy utility to overwrite name resolution fields in the DNS query response.
4. D. Proxy HTTP connections from the target host to that of the spoofed host.

Correct Answer: D