PT0-001 Online Practice Questions and Answers
A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?
A. Insider threat
B. Nation state
C. Script kiddie
D. Cybercrime organization.
A penetration tester is utilizing social media to gather information about employees at a company. The tester has created a list of popular words used in employee profile s. For which of the following types of attack would this information be used?
A. Exploit chaining
B. Session hijacking
C. Dictionary
D. Karma
Which of the following is an example of a spear phishing attack?
A. Targeting an executive with an SMS attack
B. Targeting a specific team with an email attack
C. Targeting random users with a USB key drop
D. Targeting an organization with a watering hole attack
A penetration tester has compromised a host. Which of the following would be the correct syntax to create a Netcat listener on the device?
A. nc -lvp 4444 /bin/bash
B. nc -vp 4444 /bin/bash
C. nc -p 4444 /bin/bash
D. nc -lp 4444 -e /bin/bash
After performing a security assessment for a firm, the client was found to have been billed for the time the client's test environment was unavailable The Client claims to have been billed unfairly. Which of the following documents would MOST likely be able to provide guidance in such a situation?
A. SOW
B. NDA
C. EULA
D. BPA
During a vulnerability assessment, the security consultant finds an XP legacy system that is running a critical business function. Which of the following mitigations is BEST for the consultant to conduct?
A. Update to the latest Microsoft Windows OS.
B. Put the machine behind the WAF.
C. Segment the machine from the main network.
D. Disconnect the machine.
A client needs to be PCI compliant and has external-facing web servers. Which of the following CVSS vulnerability scores would automatically bring the client out of compliance standards such as PCI 3.x?
A. 2.9
B. 3.0
C. 4.0
D. 5.9
A penetration tester needs to provide the code used to exploit a DNS server in the final report. In which of the following parts of the report should the penetration tester place the code?
A. Executive summary
B. Remediation
C. Conclusion
D. Technical summary
A penetration tester wants to check manually if a "ghost" vulnerability exists in a system. Which of the following methods is the correct way to validate the vulnerability?
A. Download the GHOST file to a Linux system and compile gcc –o GHOST test i: ./GHOST
B. Download the GHOST file to a Windows system and compile gcc –o GHOST GHOST.c test i: ./GHOST
C. Download the GHOST file to a Linux system and compile gcc –o GHOST GHOST.c test i: ./GHOST
D. Download the GHOST file to a Windows system and compile gcc –o GHOST test i: ./GHOST
A penetration tester needs to use Nmap to scan a host with a very low speed so the WAF or IPS/IDS is not triggered. Which of the following command-line parameters should be added to the Nmap command?
A. -t 5
B. -sP 10
C. -sV
D. -t 1
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.