PT0-001 Online Practice Questions and Answers

HOTSPOT

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

Hot Area:

An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling. Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?

A. Selection of the appropriate set of security testing tools

B. Current and load ratings of the ICS components

C. Potential operational and safety hazards

D. Electrical certification of hardware used in the test

While prioritizing findings and recommendations for an executive summary, which of the following considerations would De MOST valuable to the client?

A. Levels of difficulty to exploit identified vulnerabilities

B. Time taken to accomplish each step

C. Risk tolerance of the organization

D. Availability of patches and remediations

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?

A. Randomize the credentials used to log in

B. Install host-based intrusion detection

C. Implement input normalization

D. Perform system hardening

After a recent penetration test, a company has a finding regarding the use of dictionary and seasonal passwords by its employees. Which of the following is the BEST control to remediate the use of common dictionary terms?

A. Expand the password length from seven to 14 characters

B. Implement password history restrictions

C. Configure password filters

D. Disable the accounts after five incorrect attempts

E. Decrease the password expiration window

Which of the following actions BEST matches a script kiddie's threat actor?

A. Exfiltrate network diagrams to perform lateral movement

B. Steal credit cards from the database and sell them in the deep web

C. Install a rootkit to maintain access to the corporate network

D. Deface the website of a company in search of retribution

An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?

A. Null sessions

B. Xmas scan

C. ICMP flood

D. SYN flood

A penetration tester has run multiple vulnerability scans against a target system. Which of the following would be unique to a credentialed scan?

A. Exploits for vulnerabilities found

B. Detailed service configurations

C. Unpatched third-party software

D. Weak access control configurations

An Internet-accessible database server was found with the following ports open: 22, 53, 110, 1433, and 3389. Which of the following would be the BEST hardening technique to secure the server?

A. Ensure all protocols are using encryption.

B. Employ network ACLs.

C. Disable source routing on the server.

D. Ensure the IDS rules have been updated.

An attacker receives a DHCP address and notices the hostname was populated in the corporate DNS server. Which of the following BEST describes how the attacker can use this information?

A. VLAN hopping

B. DCSync operation

C. Setting custom SRV records

D. WPAD attack