Question 1

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following

tools would BEST test the effectiveness of the wireless IDS solutions?

Options :

A : Aircrack-ng

B : Wireshark

C : Wifite

D : Kismet

Answer: A

Question 2

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

Options :

A :

This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle

heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

B : This device is most likely a gateway with in-band management services.

C :

This device is most likely a proxy server forwarding requests over TCP/443.

D :

This device may be vulnerable to remote code execution because of a butter overflow vulnerability in

the method used to extract DNS names from packets prior to DNSSEC validation.

Answer: A

Question 3

A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client

confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s

Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings

by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical?

(Choose two.)

Options :

A :

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for

auditing and inspection

B :

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the

engagement

C :

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease

the client’s senior leadership team

D :

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP

address

E : Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

F :

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan

future engagements

Answer: A,C

Question 4

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory

traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected

machine?

Options :

A : Edit the discovered file with one line of code for remote callback

B :

Download .pl files and look for usernames and passwords

C : Edit the smb.conf file and upload it to the server

D : Download the smb.conf file and look at configurations

Answer: C

Question 5

Which of the following should a penetration tester do NEXT after identifying that an application being tested

has already been compromised with malware?

Options :

A :

Analyze the malware to see what it does.

B :

Collect the proper evidence and then remove the malware.

C :

Do a root-cause analysis to find out how the malware got in.

D :

Remove the malware immediately.

E :

Stop the assessment and inform the emergency contact.

Answer: D

Higher Test Marks with Free Online PT1-002 Exam Practice

Buying Options: