PT0-002 Free Practice Test

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

1. A. Weekly
2. B. Monthly
3. C. Quarterly
4. D. Annually

Correct Answer: C
https://www.pcicomplianceguide.org/faq/#25
PCI DSS requires quarterly vulnerability/penetration tests, not weekly.

A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

1. A. Familiarity and likeness
2. B. Authority and urgency
3. C. Scarcity and fear
4. D. Social proof and greed

Correct Answer: B

A company provided the following network scope for a penetration test:
* 169.137.1.0/24
* 221.10.1.0/24
* 149.14.1.0/24
A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is responsible for this mistake?

1. A. The company that requested the penetration test
2. B. The penetration testing company
3. C. The target host's owner
4. D. The penetration tester
5. E. The subcontractor supporting the test

Correct Answer: A

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

1. A. The CVSS score of the finding
2. B. The network location of the vulnerable device
3. C. The vulnerability identifier
4. D. The client acceptance form
5. E. The name of the person who found the flaw
6. F. The tool used to find the issue

Correct Answer: CF

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

1. A. The reverse-engineering team may have a history of selling exploits to third parties.
2. B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
3. C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
4. D. The reverse-engineering team will be given access to source code for analysis.

Correct Answer: A