PT0-002 Free Practice Test

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

1. A. A quick description of the vulnerability and a high-level control to fix it
2. B. Information regarding the business impact if compromised
3. C. The executive summary and information regarding the testing company
4. D. The rules of engagement from the assessment

Correct Answer: A
The systems administrator and the technical stuff would be more interested in the technical aspect of the findings

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

1. A. chmod u+x script.sh
2. B. chmod u+e script.sh
3. C. chmod o+e script.sh
4. D. chmod o+x script.sh

Correct Answer: A

Which of the following is the most secure method for sending the penetration test report to the client?

1. A. Sending the penetration test report on an online storage system.
2. B. Sending the penetration test report inside a password-protected ZIP file.
3. C. Sending the penetration test report via webmail using an HTTPS connection.
4. D. Encrypting the penetration test report with the client’s public key and sending it via email.

Correct Answer: D
This is the most secure method for sending the penetration test report to the client because it ensures that only the client can decrypt and read the report using their private key. Encrypting the report with the client’s public key prevents anyone else from accessing the report, even if they intercept or compromise the email. The other methods are not as secure because they rely on weaker or no encryption, or they expose the report to third-party services that may not be trustworthy or compliant.

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

1. A. devices produce more heat and consume more power.
2. B. devices are obsolete and are no longer available for replacement.
3. C. protocols are more difficult to understand.
4. D. devices may cause physical world effects.

Correct Answer: D
"A significant issue identified by Wiberg is that using active network scanners, such as Nmap, presents a weakness when attempting port recognition or service detection on SCADA devices. Wiberg states that active tools such as Nmap can use unusual TCP segment data to try and find available ports. Furthermore, they can open a massive amount of connections with a specific SCADA device but then fail to close them gracefully." And since SCADA and ICS devices are designed and implemented with little attention having been paid to the operational security of these devices and their ability to handle errors or unexpected events, the presence idle open connections may result into errors that cannot be handled by the devices.

After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

1. A. Change the file permissions.
2. B. Use privilege escalation.
3. C. Cover tracks.
4. D. Start a reverse shell.

Correct Answer: B
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.