Question 1

You have a sample URL:

``` http://www.derp.pro/vuln.php?user=ThisIsA"Test and in the resulting code you see: Hello ThisIsA"Test ```

What user value will result in XSS?

Options :

A : `a">alert(1)`

B : `a">VULNERABLE<`

C : `a" onError="alert(1)`

D : `a">

Answer: D

Question 2

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?

Options :

A : Create a custom password dictionary as preparation for password spray testing.

B : Recommend using a password manage/vault instead of text files to store passwords securely.

C : Recommend configuring password complexity rules in all the systems and applications.

D : Document the unprotected file repository as a finding in the penetration-testing report.

Answer: D

Question 3

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive

ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection

available at their desks. Which of the following is the BEST method available to pivot and gain additional

access to the network?

Options :

A : Set up a captive portal with embedded malicious code.

B : Capture handshakes from wireless clients to crack.

C : Span deauthentication packets to the wireless clients.

D : Set up another access point and perform an evil twin attack.

Answer: C

Question 4

A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:

IP Address: 192.168.1.63

Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

Options :

A : tcpdump -i eth01 arp and arp[6:2] == 2

B : arp -s 192.168.1.63 60-36-DD-A6-C5-33

C : ipconfig /all findstr /v 00-00-00 | findstr Physical

D : route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

Answer: B

Question 5

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

Options :

A : #

B : $

C : ##

D : #$

E : #!

Answer: E

Higher Test Marks with Free Online PT0-002 Exam Practice

Buying Options: