Free PT0-002 Exam Braindumps

A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false positives and increases the true positives of the results. Which of the following would MOST likely accomplish this goal?

1. A. Using OpenVAS in default mode
2. B. Using Nessus with credentials
3. C. Using Nmap as the root user
4. D. Using OWASP ZAP

Correct Answer: B
Using credentials during a vulnerability scan allows the scanner to gather more detailed information about the target system, including installed software, patch levels, and configuration settings. This helps to reduce the likelihood of false positives and increase the true positives of the results. Nessus is a popular vulnerability scanner that supports credential-based scanning and can be used to accomplish this goal. OpenVAS and Nmap are also popular scanning tools, but using default mode or running as the root user alone may not provide the necessary level of detail for accurate vulnerability identification. OWASP ZAP is a web application scanner and may not be applicable for non-web-based targets.

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

1. A. devices produce more heat and consume more power.
2. B. devices are obsolete and are no longer available for replacement.
3. C. protocols are more difficult to understand.
4. D. devices may cause physical world effects.

Correct Answer: D
"A significant issue identified by Wiberg is that using active network scanners, such as Nmap, presents a weakness when attempting port recognition or service detection on SCADA devices. Wiberg states that active tools such as Nmap can use unusual TCP segment data to try and find available ports. Furthermore, they can open a massive amount of connections with a specific SCADA device but then fail to close them gracefully." And since SCADA and ICS devices are designed and implemented with little attention having been paid to the operational security of these devices and their ability to handle errors or unexpected events, the presence idle open connections may result into errors that cannot be handled by the devices.

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

1. A. IP addresses and subdomains
2. B. Zone transfers
3. C. DNS forward and reverse lookups
4. D. Internet search engines
5. E. Externally facing open ports
6. F. Shodan results

Correct Answer: DF

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT?

1. A. Deny that the vulnerability existed
2. B. Investigate the penetration tester.
3. C. Accept that the client was right.
4. D. Fire the penetration tester.

Correct Answer: B

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

1. A. nmap –vv sUV –p 53, 123-159 10.10.1.20/24 –oA udpscan
2. B. nmap –vv sUV –p 53,123,161-162 10.10.1.20/24 –oA udpscan
3. C. nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan
4. D. nmap –vv sUV –p 53, 122-123, 160-161 10.10.1.20/24 –oA udpscan

Correct Answer: C