Valid PT0-002 Dumps shared by ExamDiscuss.com for Helping Passing PT0-002 Exam! ExamDiscuss.com now offer the newest PT0-002 exam dumps, the ExamDiscuss.com PT0-002 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-002 dumps with Test Engine here:
Access PT0-002 Dumps Premium Version
(460 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 19/196
During a security assessment, a penetration tester decides to write the following Python script: import requests x= ['OPTIONS', 'TRACE', 'TEST'l for y in x; z - requests.request(y, 'http://server.net') print(y, z.status_code, z.reason) Which of the following is the penetration tester trying to accomplish? (Select two).
Correct Answer: B,D
The Python script mentioned in the question is designed to send HTTP requests using different methods ('OPTIONS', 'TRACE', 'TEST') to a specified URL ('http://server.net') and print out the method used along with the status code and reason for each response. The key objectives of this script are:
* HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in certain situations (e.g., Cross Site Tracing (XST) attacks).
* Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or understand the security posture of the server.
This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and F.
* HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in certain situations (e.g., Cross Site Tracing (XST) attacks).
* Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or understand the security posture of the server.
This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and F.
- Question List (196q)
- Question 1: You are a security analyst tasked with hardening a web serve...
- Question 2: During an engagement, a penetration tester was able to uploa...
- Question 3: Given the following output: User-agent:* Disallow: /author/ ...
- Question 4: During a penetration-testing engagement, a consultant perfor...
- Question 5: A penetration tester wants to perform a SQL injection test. ...
- Question 6: During an assessment, a penetration tester emailed the follo...
- Question 7: During a vulnerability scanning phase, a penetration tester ...
- Question 8: During a penetration test of a server application, a securit...
- Question 9: A penetration tester is evaluating a company's network perim...
- Question 10: After successfully compromising a remote host, a security co...
- Question 11: During a code review assessment, a penetration tester finds ...
- Question 12: Which of the following tools would be MOST useful in collect...
- Question 13: A penetration tester logs in as a user in the cloud environm...
- Question 14: A penetration tester was able to compromise a server and esc...
- Question 15: A penetration tester exploited a vulnerability on a server a...
- Question 16: Which of the following documents describes specific activiti...
- Question 17: A penetration tester approaches a company employee in the sm...
- Question 18: During an assessment, a penetration tester found a suspiciou...
- Question 19: During a security assessment, a penetration tester decides t...
- Question 20: A penetration tester ran the following commands on a Windows...
- Question 21: Which of the following would MOST likely be included in the ...
- Question 22: A penetration tester downloaded the following Perl script th...
- Question 23: During a REST API security assessment, a penetration tester ...
- Question 24: A penetration tester is working on a scoping document with a...
- Question 25: A penetration tester wrote the following comment in the fina...
- Question 26: A penetration tester writes the following script: (Exhibit) ...
- Question 27: Which of the following tools would be the best to use to int...
- Question 28: Which of the following is the most secure method for sending...
- Question 29: A penetration tester is conducting an assessment on 192.168....
- Question 30: A penetration tester is testing a company's public API and d...
- Question 31: A penetration tester downloaded a Java application file from...
- Question 32: A red team gained access to the internal network of a client...
- Question 33: For a penetration test engagement, a security engineer decid...
- Question 34: A penetration tester will be performing a vulnerability scan...
- Question 35: A company is concerned that its cloud service provider is no...
- Question 36: A company is concerned that its cloud VM is vulnerable to a ...
- Question 37: Which of the following provides a matrix of common tactics a...
- Question 38: A penetration tester was conducting a penetration test and d...
- Question 39: A penetration tester needs to perform a test on a finance sy...
- Question 40: Which of the following situations would MOST likely warrant ...
- Question 41: A penetration tester has established an on-path attack posit...
- Question 42: During a client engagement, a penetration tester runs the fo...
- Question 43: Penetration tester who was exclusively authorized to conduct...
- Question 44: A penetration tester was able to gain access to a system usi...
- Question 45: During a security assessment, a penetration tester decides t...
- Question 46: Performing a penetration test against an environment with SC...
- Question 47: During an assessment, a penetration tester was able to acces...
- Question 48: A company that developers embedded software for the automobi...
- Question 49: Which of the following is a ROE component that provides a pe...
- Question 50: A penetration tester writes the following script: (Exhibit) ...
- Question 51: A company uses a cloud provider with shared network bandwidt...
- Question 52: Which of the following is the MOST important information to ...
- Question 53: During a vulnerability scan a penetration tester enters the ...
- Question 54: Which of the following members of a client organization are ...
- Question 55: A penetration tester runs the unshadow command on a machine....
- Question 56: A penetration tester opened a reverse shell on a Linux web s...
- Question 57: Which of the following assessment methods is MOST likely to ...
- Question 58: During a web application test, a penetration tester was able...
- Question 59: User credentials were captured from a database during an ass...
- Question 60: A penetration tester has gained access to part of an interna...
- Question 61: An organization is using Android mobile devices but does not...
- Question 62: Which of the following documents is agreed upon by all parti...
- Question 63: A company has recruited a penetration tester to conduct a vu...
- Question 64: A penetration tester is attempting to perform reconnaissance...
- Question 65: A penetration tester recently performed a social-engineering...
- Question 66: A penetration tester is cleaning up and covering tracks at t...
- Question 67: A tester who is performing a penetration test discovers an o...
- Question 68: Which of the following is the MOST common vulnerability asso...
- Question 69: A penetration tester captures SMB network traffic and discov...
- Question 70: Penetration tester has discovered an unknown Linux 64-bit ex...
- Question 71: A penetration tester performs the following command: curl -I...
- Question 72: A penetration-testing team needs to test the security of ele...
- Question 73: ion tester is attempting to get more people from a target co...
- Question 74: After compromising a system, a penetration tester wants more...
- Question 75: A security firm is discussing the results of a penetration t...
- Question 76: Penetration tester is developing exploits to attack multiple...
- Question 77: During an assessment, a penetration tester manages to exploi...
- Question 78: A penetration tester has obtained root access to a Linux-bas...
- Question 79: Given the following Nmap scan command: [root@kali ~]# nmap 1...
- Question 80: Which of the following OSSTM testing methodologies should be...
- Question 81: Which of the following tools would help a penetration tester...
- Question 82: A penetration tester was able to compromise a web server and...
- Question 83: A security engineer is trying to bypass a network IPS that i...
- Question 84: PCI DSS requires which of the following as part of the penet...
- Question 85: A penetration tester wrote the following Bash script to brut...
- Question 86: During enumeration, a red team discovered that an external w...
- Question 87: Which of the following describe the GREATEST concerns about ...
- Question 88: A security firm is discussing the results of a penetration t...
- Question 89: Which of the following is most important to include in the f...
- Question 90: A penetration tester is contracted to attack an oil rig netw...
- Question 91: Which of the following is the BEST resource for obtaining pa...
- Question 92: A penetration testing team has gained access to an organizat...
- Question 93: An assessment has been completed, and all reports and eviden...
- Question 94: A penetration tester discovered a code repository and notice...
- Question 95: You are a penetration tester running port scans on a server....
- Question 96: A penetration tester is conducting an on-path link layer att...
- Question 97: A penetration tester is enumerating shares and receives the ...
- Question 98: During an assessment, a penetration tester discovers the fol...
- Question 99: A company requires that all hypervisors have the latest avai...
- Question 100: Which of the following is a rules engine for managing public...
- Question 101: For an engagement, a penetration tester is required to use o...
- Question 102: A penetration tester has identified several newly released C...
- Question 103: A penetration tester is conducting a penetration test. The t...
- Question 104: A client evaluating a penetration testing company requests e...
- Question 105: A penetration tester is looking for a vulnerability that ena...
- Question 106: Which of the following tools would be BEST suited to perform...
- Question 107: A penetration tester received a 16-bit network block that wa...
- Question 108: A penetration tester is trying to bypass an active response ...
- Question 109: The attacking machine is on the same LAN segment as the targ...
- Question 110: When planning a penetration-testing effort, clearly expressi...
- Question 111: During a penetration test, the domain names, IP ranges, host...
- Question 112: Given the following script: (Exhibit) Which of the following...
- Question 113: A penetration tester is conducting a penetration test and di...
- Question 114: A penetration tester is performing an assessment against a c...
- Question 115: Which of the following would a company's hunt team be MOST i...
- Question 116: Which of the following should be included in scope documenta...
- Question 117: A company becomes concerned when the security alarms are tri...
- Question 118: A penetration tester is starting an assessment but only has ...
- Question 119: A client asks a penetration tester to retest its network a w...
- Question 120: A penetration tester is examining a Class C network to ident...
- Question 121: A security analyst needs to perform a scan for SMB port 445 ...
- Question 122: A penetration tester is required to perform a vulnerability ...
- Question 123: A penetration tester has been contracted to review wireless ...
- Question 124: A penetration tester is trying to restrict searches on Googl...
- Question 125: In Python socket programming, SOCK_DGRAM type is:...
- Question 126: During an assessment, a penetration tester gathered OSINT fo...
- Question 127: A penetration tester is conducting an unknown environment te...
- Question 128: A CentOS computer was exploited during a penetration test. D...
- Question 129: A penetration tester is working to enumerate the PLC devices...
- Question 130: A penetration tester was brute forcing an internal web serve...
- Question 131: A penetration tester examines a web-based shopping catalog a...
- Question 132: A software company has hired a security consultant to assess...
- Question 133: A penetration tester was hired to test Wi-Fi equipment. Whic...
- Question 134: An exploit developer is coding a script that submits a very ...
- Question 135: A mail service company has hired a penetration tester to con...
- Question 136: A penetration tester receives the following results from an ...
- Question 137: Which of the following would assist a penetration tester the...
- Question 138: A penetration tester initiated the transfer of a large data ...
- Question 139: A penetration tester is reviewing the logs of a proxy server...
- Question 140: A penetration tester gains access to a system and establishe...
- Question 141: A penetration tester is testing a new API for the company's ...
- Question 142: A penetration tester conducted a vulnerability scan against ...
- Question 143: Which of the following is the most secure way to protect a f...
- Question 144: A penetration tester opened a shell on a laptop at a client'...
- Question 145: A penetration tester would like to crack a hash using a list...
- Question 146: Which of the following is the most important to include in t...
- Question 147: A penetration tester uncovers access keys within an organiza...
- Question 148: A security consultant wants to perform a vulnerability asses...
- Question 149: Which of the following tools would be the best to use to int...
- Question 150: A penetration tester is able to use a command injection vuln...
- Question 151: A penetration tester needs to perform a vulnerability scan a...
- Question 152: A security professional wants to test an IoT device by sendi...
- Question 153: A penetration tester is reviewing the security of a web appl...
- Question 154: A penetration tester exploited a unique flaw on a recent pen...
- Question 155: A red-team tester has been contracted to emulate the threat ...
- Question 156: Which of the following expressions in Python increase a vari...
- Question 157: Which of the following tools would BEST allow a penetration ...
- Question 158: A penetration tester is performing an assessment for an orga...
- Question 159: Appending string values onto another string is called:...
- Question 160: A penetration tester received a .pcap file to look for crede...
- Question 161: While performing the scanning phase of a penetration test, t...
- Question 162: A penetration tester wants to find hidden information in doc...
- Question 163: A penetration tester noticed that an employee was using a wi...
- Question 164: A company that requires minimal disruption to its daily acti...
- Question 165: A penetration tester managed to get control of an internal w...
- Question 166: A penetration tester has been hired to examine a website for...
- Question 167: Which of the following should a penetration tester consider ...
- Question 168: A penetration tester fuzzes an internal server looking for h...
- Question 169: A penetration tester wrote the following script to be used i...
- Question 170: During an engagement, a penetration tester found the followi...
- Question 171: An external consulting firm is hired to perform a penetratio...
- Question 172: A penetration tester would like to obtain FTP credentials by...
- Question 173: Which of the following types of assessments MOST likely focu...
- Question 174: After gaining access to a previous system, a penetration tes...
- Question 175: A security engineer identified a new server on the network a...
- Question 176: A penetration tester ran an Nmap scan on an Internet-facing ...
- Question 177: A software development team is concerned that a new product'...
- Question 178: The provision that defines the level of responsibility betwe...
- Question 179: Which of the following tools would be best suited to perform...
- Question 180: A software company has hired a penetration tester to perform...
- Question 181: As part of active reconnaissance, penetration testers need t...
- Question 182: A penetration tester is conducting an assessment for an e-co...
- Question 183: A penetration tester who is working remotely is conducting a...
- Question 184: A penetration testing firm performs an assessment every six ...
- Question 185: Which of the following is a regulatory compliance standard t...
- Question 186: Deconfliction is necessary when the penetration test:...
- Question 187: A penetration tester discovers a vulnerable web server at 10...
- Question 188: During a security assessment of a web application, a penetra...
- Question 189: A client would like to have a penetration test performed tha...
- Question 190: A Chief Information Security Officer wants a penetration tes...
- Question 191: A penetration tester successfully performed an exploit on a ...
- Question 192: A compliance-based penetration test is primarily concerned w...
- Question 193: Which of the following factors would a penetration tester mo...
- Question 194: A company developed a new web application to allow its custo...
- Question 195: A company's Chief Executive Officer has created a secondary ...
- Question 196: A consultant is reviewing the following output after reports...
