PT0-002 Attacks and Exploits • Complete Question Bank
Complete PT0-002 Attacks and Exploits question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Attacker injects malicious SQL queries
Attacker injects client-side scripts into web pages
Attacker tricks user into performing unwanted actions
Writing more data to a buffer than it can hold
Accessing files outside the web root directory
Drag a concept onto its matching description — or click a concept then click the description.
High-level overview for non-technical management
Detailed steps and tools used during testing
List of vulnerabilities with severity ratings
Recommended actions to fix vulnerabilities
Raw logs, scripts, and supporting evidence
Refer to the exhibit.
GET /search?q=<script>alert('XSS')</script> HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0
HTTP/1.1 200 OK
Content-Type: text/html
<html><body>
<p>You searched for: <script>alert('XSS')</script></p>
</body></html>Refer to the exhibit. msf6 > use auxiliary/scanner/portscan/tcp msf6 auxiliary(scanner/portscan/tcp) > set RHOSTS 10.0.0.1 msf6 auxiliary(scanner/portscan/tcp) > set PORTS 1-1000 msf6 auxiliary(scanner/portscan/tcp) > run [*] 10.0.0.1:22 - TCP OPEN [*] 10.0.0.1:80 - TCP OPEN [*] 10.0.0.1:443 - TCP OPEN [*] Scanned 1 of 1 hosts (100% complete)
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential-bucket/*"
},
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::confidential-bucket/*"
}
]
}Refer to the exhibit. Exhibit: ``` SMTP Banner: 220 mail.example.com ESMTP Postfix (Ubuntu) Open Ports: 25/tcp SMTP 80/tcp HTTP Apache httpd 2.4.29 443/tcp HTTPS Apache httpd 2.4.29 HTTP headers: Server: Apache/2.4.29 (Ubuntu) X-Powered-By: PHP/7.2.24 ```
Refer to the exhibit.
Exhibit:
```
firewall rules:
- direction: inbound
source: 10.0.0.0/8
destination: 192.168.1.100
port: 3389
action: allow
- direction: inbound
source: any
destination: 192.168.1.0/24
port: 80
action: allow
- direction: outbound
source: any
destination: any
port: 443
action: allow
- direction: outbound
source: any
destination: 10.0.0.0/8
port: 53
action: allow
```