Valid PT0-002 Dumps shared by ExamDiscuss.com for Helping Passing PT0-002 Exam! ExamDiscuss.com now offer the newest PT0-002 exam dumps, the ExamDiscuss.com PT0-002 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PT0-002 dumps with Test Engine here:
Access PT0-002 Dumps Premium Version
(460 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 12/213
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?
Correct Answer: A
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
The certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities. However, it can also be abused by attackers to download files from remote servers using the -urlcache option. In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
The certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities. However, it can also be abused by attackers to download files from remote servers using the -urlcache option. In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.
- Question List (213q)
- Question 1: A client asks a penetration tester to retest its network a w...
- Question 2: A penetration tester enters a command into the shell and rec...
- Question 3: A penetration tester runs a scan against a server and obtain...
- Question 4: A security firm is discussing the results of a penetration t...
- Question 5: Which of the following documents should be consulted if a cl...
- Question 6: Which of the following assessment methods is the most likely...
- Question 7: Which of the following describes the reason why a penetratio...
- Question 8: During a web application test, a penetration tester was able...
- Question 9: A penetration tester runs a reconnaissance script and would ...
- Question 10: After obtaining a reverse shell connection, a penetration te...
- Question 11: Which of the following should be included in scope documenta...
- Question 12: A penetration tester has obtained a low-privilege shell on a...
- Question 13: A penetration tester ran an Nmap scan on an Internet-facing ...
- Question 14: A penetration tester wants to validate the effectiveness of ...
- Question 15: An assessor wants to use Nmap to help map out a stateful fir...
- Question 16: A security professional wants to test an IoT device by sendi...
- Question 17: ion tester is attempting to get more people from a target co...
- Question 18: Which of the following components should a penetration teste...
- Question 19: A penetration tester wants to identify CVEs that can be leve...
- Question 20: A client evaluating a penetration testing company requests e...
- Question 21: A company becomes concerned when the security alarms are tri...
- Question 22: When accessing the URL http://192.168.0-1/validate/user.php,...
- Question 23: Running a vulnerability scanner on a hybrid network segment ...
- Question 24: A penetration tester exploited a vulnerability on a server a...
- Question 25: A penetration tester is assessing a wireless network. Althou...
- Question 26: During an assessment, a penetration tester emailed the follo...
- Question 27: A penetration tester wrote the following script to be used i...
- Question 28: During an assessment, a penetration tester obtains a list of...
- Question 29: An Nmap scan of a network switch reveals the following: (Exh...
- Question 30: A penetration tester issues the following command after obta...
- Question 31: Which of the following elements of a penetration testing rep...
- Question 32: A penetration tester initiated the transfer of a large data ...
- Question 33: A penetration tester logs in as a user in the cloud environm...
- Question 34: A penetration tester is testing input validation on a search...
- Question 35: During a penetration test, the domain names, IP ranges, host...
- Question 36: A client wants a security assessment company to perform a pe...
- Question 37: An Nmap network scan has found five open ports with identifi...
- Question 38: A software development team is concerned that a new product'...
- Question 39: A red team gained access to the internal network of a client...
- Question 40: The provision that defines the level of responsibility betwe...
- Question 41: During an assessment, a penetration tester was able to acces...
- Question 42: A company hired a penetration-testing team to review the cyb...
- Question 43: A penetration tester discovers during a recent test that an ...
- Question 44: A penetration tester requested, without express authorizatio...
- Question 45: Which of the following situations would MOST likely warrant ...
- Question 46: A penetration tester was able to compromise a server and esc...
- Question 47: During an assessment, a penetration tester discovers the fol...
- Question 48: A final penetration test report has been submitted to the bo...
- Question 49: A penetration tester was able to gather MD5 hashes from a se...
- Question 50: Given the following code: $p = (80, 110, 25) $network = (192...
- Question 51: Which of the following types of information would most likel...
- Question 52: SIMULATION Using the output, identify potential attack vecto...
- Question 53: A penetration tester learned that when users request passwor...
- Question 54: The results of an Nmap scan are as follows: Starting Nmap 7....
- Question 55: A company obtained permission for a vulnerability scan from ...
- Question 56: A penetration tester was brute forcing an internal web serve...
- Question 57: Which of the following documents would be the most helpful i...
- Question 58: Which of the following is most important to include in the f...
- Question 59: A new security firm is onboarding its first client. The clie...
- Question 60: A penetration tester discovers a file, key.enc. on a shared ...
- Question 61: A penetration tester is reviewing the following SOW prior to...
- Question 62: A penetration tester conducted an assessment on a web server...
- Question 63: A penetration tester is testing a company's public API and d...
- Question 64: A consulting company is completing the ROE during scoping. W...
- Question 65: Penetration-testing activities have concluded, and the initi...
- Question 66: A penetration tester wants to accomplish ARP poisoning as pa...
- Question 67: Given the following script: while True: print ("Hello World"...
- Question 68: A penetration tester is exploring a client's website. The te...
- Question 69: A penetration tester conducted a vulnerability scan against ...
- Question 70: The results of an Nmap scan are as follows: (Exhibit) Which ...
- Question 71: A penetration tester wants to perform reconnaissance without...
- Question 72: During a vulnerability scanning phase, a penetration tester ...
- Question 73: A penetration tester has gained access to a network device t...
- Question 74: Which of the following situations would require a penetratio...
- Question 75: A security analyst is conducting an unknown environment test...
- Question 76: A penetration tester ran the following command on a staging ...
- Question 77: A penetration tester is conducting an assessment on a web ap...
- Question 78: During a penetration test, you gain access to a system with ...
- Question 79: A penetration tester finds a PHP script used by a web applic...
- Question 80: A penetration tester has established an on-path attack posit...
- Question 81: A penetration tester is looking for a particular type of ser...
- Question 82: A penetration tester needs to upload the results of a port s...
- Question 83: A penetration tester is performing DNS reconnaissance and ha...
- Question 84: Which of the following can be used to store alphanumeric dat...
- Question 85: Given the following output: User-agent:* Disallow: /author/ ...
- Question 86: In a standard engagement, a post-report document is provided...
- Question 87: A penetration tester has been given an assignment to attack ...
- Question 88: During an assessment, a penetration tester manages to exploi...
- Question 89: A vulnerability assessor is looking to establish a baseline ...
- Question 90: During an assessment, a penetration tester found an applicat...
- Question 91: A penetration tester ran the following commands on a Windows...
- Question 92: A security engineer is working to identify all email servers...
- Question 93: A penetration tester gives the following command to a system...
- Question 94: During the reconnaissance phase, a penetration tester obtain...
- Question 95: Which of the following is a regulatory compliance standard t...
- Question 96: Which of the following best explains why a penetration teste...
- Question 97: Which of the following identifies a condensed, high-level di...
- Question 98: A security analyst is conducting an unknown environment test...
- Question 99: A company has recruited a penetration tester to conduct a vu...
- Question 100: A penetration tester is explaining the MITRE ATT&CK fram...
- Question 101: During a client engagement, a penetration tester runs the fo...
- Question 102: An external consulting firm is hired to perform a penetratio...
- Question 103: Which of the following tools is commonly used for network sc...
- Question 104: During an internal penetration test against a company, a pen...
- Question 105: A penetration tester ran a simple Python-based scanner. The ...
- Question 106: A penetration tester analyzed a web-application log file and...
- Question 107: A consultant is reviewing the following output after reports...
- Question 108: A penetration tester has compromised a customer's internal n...
- Question 109: A CentOS computer was exploited during a penetration test. D...
- Question 110: In the process of active service enumeration, a penetration ...
- Question 111: You are a security analyst tasked with hardening a web serve...
- Question 112: Which of the following concepts defines the specific set of ...
- Question 113: A penetration tester is required to perform a vulnerability ...
- Question 114: A penetration tester has obtained shell access to a Windows ...
- Question 115: A penetration tester has identified several newly released C...
- Question 116: A penetration tester runs the unshadow command on a machine....
- Question 117: A physical penetration tester needs to get inside an organiz...
- Question 118: A tester who is performing a penetration test on a website r...
- Question 119: A penetration tester exploits a vulnerable service to gain a...
- Question 120: A penetration tester, who is doing an assessment, discovers ...
- Question 121: Which of the following is the most secure method for sending...
- Question 122: Given the following code: Which of the following data struct...
- Question 123: A penetration tester gained access to one of the target comp...
- Question 124: A company is concerned that its cloud service provider is no...
- Question 125: A penetration tester wants to find hidden information in doc...
- Question 126: A consultant just performed a SYN scan of all the open ports...
- Question 127: As part of an active reconnaissance, a penetration tester in...
- Question 128: A penetration tester is looking for a vulnerability that ena...
- Question 129: A penetration tester who is working remotely is conducting a...
- Question 130: During an engagement, a junior penetration tester found a mu...
- Question 131: After performing a web penetration test, a security consulta...
- Question 132: A penetration tester is conducting an assessment for an e-co...
- Question 133: A penetration tester has gained access to the Chief Executiv...
- Question 134: Deconfliction is necessary when the penetration test:...
- Question 135: An executive needs to use Wi-Fi to connect to the company's ...
- Question 136: After gaining access to a Linux system with a non-privileged...
- Question 137: A penetration tester managed to exploit a vulnerability usin...
- Question 138: Which of the following protocols or technologies would provi...
- Question 139: A red team completed an engagement and provided the followin...
- Question 140: A penetration tester utilized Nmap to scan host 64.13.134.52...
- Question 141: A penetration tester was contracted to test a proprietary ap...
- Question 142: A penetration tester managed to get control of an internal w...
- Question 143: A penetration tester gains access to a web server and notice...
- Question 144: A penetration tester is evaluating a company's network perim...
- Question 145: Which of the following is the most important aspect to consi...
- Question 146: A penetration tester ran a ping -A command during an unknown...
- Question 147: Which of the following should a penetration tester do NEXT a...
- Question 148: A penetration tester is doing an assessment for a company th...
- Question 149: Which of the following is the MOST effective person to valid...
- Question 150: Which of the following tools would be BEST suited to perform...
- Question 151: A security firm is discussing the results of a penetration t...
- Question 152: A company developed a new web application to allow its custo...
- Question 153: A security company has been contracted to perform a scoped i...
- Question 154: A security consultant wants to perform a vulnerability asses...
- Question 155: A Chief Information Security Officer wants a penetration tes...
- Question 156: A penetration tester who is doing a company-requested assess...
- Question 157: Which of the following documents best ensures an external co...
- Question 158: A client evaluating a penetration testing company requests e...
- Question 159: A penetration tester attempted a DNS poisoning attack. After...
- Question 160: After running the enum4linux.pl command, a penetration teste...
- Question 161: Which of the following would assist a penetration tester the...
- Question 162: During a penetration test, a tester is able to change values...
- Question 163: A penetration tester completed an assessment, removed all ar...
- Question 164: A penetration tester observes an application enforcing stric...
- Question 165: A penetration tester received a 16-bit network block that wa...
- Question 166: A penetration tester has obtained root access to a Linux-bas...
- Question 167: A penetration tester runs the following command: l.comptia.l...
- Question 168: A penetration tester is conducting an assessment on 192.168....
- Question 169: A penetration tester will be performing a vulnerability scan...
- Question 170: A penetration tester breaks into a company's office building...
- Question 171: Which of the following assessment methods is MOST likely to ...
- Question 172: A red-team tester has been contracted to emulate the threat ...
- Question 173: A penetration tester was able to gain access to a plaintext ...
- Question 174: A penetration tester discovered that a client uses cloud mai...
- Question 175: Performing a penetration test against an environment with SC...
- Question 176: Which of the following is the most effective method for ensu...
- Question 177: A penetration tester needs to access a building that is guar...
- Question 178: During an engagement, a penetration tester found the followi...
- Question 179: A penetration testing team has gained access to an organizat...
- Question 180: SIMULATION A penetration tester performs several Nmap scans ...
- Question 181: During a security assessment, a penetration tester decides t...
- Question 182: A penetration tester has been hired to configure and conduct...
- Question 183: A penetration tester wants to scan a target network without ...
- Question 184: A penetration tester is performing a vulnerability scan on a...
- Question 185: A penetration tester is working to enumerate the PLC devices...
- Question 186: A penetration tester is configuring a vulnerability manageme...
- Question 187: A penetration tester is conducting an unknown environment te...
- Question 188: During an assessment of a web application, a penetration tes...
- Question 189: A penetration testing firm performs an assessment every six ...
- Question 190: Appending string values onto another string is called:...
- Question 191: A penetration tester is contracted to attack an oil rig netw...
- Question 192: A penetration tester is able to use a command injection vuln...
- Question 193: A penetration tester was conducting a penetration test and d...
- Question 194: A penetration tester is cleaning up and covering tracks at t...
- Question 195: Given the following code: <SCRIPT>var+img=new+Image();...
- Question 196: A Chief Information Security Officer wants a penetration tes...
- Question 197: Which of the following is the most important to include in t...
- Question 198: A penetration tester is looking for vulnerabilities within a...
- Question 199: A penetration tester executes the following Nmap command and...
- Question 200: A penetration tester exploited a unique flaw on a recent pen...
- Question 201: During a code review assessment, a penetration tester finds ...
- Question 202: Which of the following OSSTM testing methodologies should be...
- Question 203: Which of the following should a penetration tester consider ...
- Question 204: During an assessment, a penetration tester was able Jo get a...
- Question 205: A penetration tester is conducting a penetration test. The t...
- Question 206: During a REST API security assessment, a penetration tester ...
- Question 207: Within a Python script, a line that states print (var) outpu...
- Question 208: A penetration tester is trying to restrict searches on Googl...
- Question 209: A penetration tester wants to find the password for any acco...
- Question 210: The attacking machine is on the same LAN segment as the targ...
- Question 211: A penetration tester is working on a scoping document with a...
- Question 212: A mail service company has hired a penetration tester to con...
- Question 213: Which of the following BEST describe the OWASP Top 10? (Choo...
