PT0-002 Free Practice Test

A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ‘ ; DROP TABLE SERVICES; -
Which of the following attacks is being attempted?

1. A. Clickjacking
2. B. Session hijacking
3. C. Parameter pollution
4. D. Cookie hijacking
5. E. Cross-site scripting

Correct Answer: C

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the tester to take NEXT with this information?

1. A. Create a custom password dictionary as preparation for password spray testing.
2. B. Recommend using a password manage/vault instead of text files to store passwords securely.
3. C. Recommend configuring password complexity rules in all the systems and applications.
4. D. Document the unprotected file repository as a finding in the penetration-testing report.

Correct Answer: D

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

1. A. NIST SP 800-53
2. B. OWASP Top 10
3. C. MITRE ATT&CK framework
4. D. PTES technical guidelines

Correct Answer: C

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

1. A. Analyze the malware to see what it does.
2. B. Collect the proper evidence and then remove the malware.
3. C. Do a root-cause analysis to find out how the malware got in.
4. D. Remove the malware immediately.
5. E. Stop the assessment and inform the emergency contact.

Correct Answer: E

Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

1. A. To provide feedback on the report structure and recommend improvements
2. B. To discuss the findings and dispute any false positives
3. C. To determine any processes that failed to meet expectations during the assessment
4. D. To ensure the penetration-testing team destroys all company data that was gathered during the test

Correct Answer: C