PT0-002 Free Practice Test

For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

1. A. [removed].= 'https://evilcorp.com'
2. B. crossDomain: true
3. C. geturlparameter ('username')
4. D. redirectUrl = 'https://example.com'

Correct Answer: B

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

1. A. Edit the discovered file with one line of code for remote callback
2. B. Download .pl files and look for usernames and passwords
3. C. Edit the smb.conf file and upload it to the server
4. D. Download the smb.conf file and look at configurations

Correct Answer: C

A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?

1. A. Steganography
2. B. Metadata removal
3. C. Encryption
4. D. Encode64

Correct Answer: B
All other answers are a form of encryption or randomizing the data.

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.
Which of the following changes should the tester apply to make the script work as intended?

1. A. Change line 2 to $ip= €10.192.168.254€;
2. B. Remove lines 3, 5, and 6.
3. C. Remove line 6.
4. D. Move all the lines below line 7 to the top of the script.

Correct Answer: B
https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html Example script:
#!/usr/bin/perl
$ip=$argv[1]; attack($ip);
sub attack { print("x");
}

Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

1. A. Executive summary
2. B. Remediation
3. C. Methodology
4. D. Metrics and measures

Correct Answer: B
The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.