PT0-002 Tools and Code Analysis • Complete Question Bank
Complete PT0-002 Tools and Code Analysis question bank — all 0 questions with answers and detailed explanations.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Scope definition, rules of engagement, legal agreements
Collecting information about the target via OSINT
Identifying assets, threats, and attack vectors
Scanning and testing for vulnerabilities
Gaining unauthorized access using exploits
Drag a concept onto its matching description — or click a concept then click the description.
Payment card data security
Protected health information privacy
Personal data protection for EU citizens
Financial reporting and internal controls
Information security management system
Refer to the exhibit. ``` $ nmap -sV -sC 192.168.1.10 Starting Nmap 7.92 ( https://nmap.org ) Nmap scan report for 192.168.1.10 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) 80/tcp open http Apache httpd 2.4.6 443/tcp open ssl/http Apache httpd (SSL-only mode) ```
Refer to the exhibit. ```python import requests url = 'http://example.com/download?file=../../etc/passwd' response = requests.get(url) print(response.status_code) ```
Refer to the exhibit. ``` EAX = 0x00401234 EBX = 0x00000000 ECX = 0x00000000 ```
Refer to the exhibit. Output from a command: ``` Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-15 14:22 PDT Nmap scan report for 192.168.1.10 Host is up (0.0012s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https 8080/tcp open http-proxy MAC Address: 00:1A:2B:3C:4D:5E (Dell) Nmap done: 1 IP address (1 host up) scanned in 2.34 seconds ```
Refer to the exhibit. Error log from a web application: ``` [2024-03-15 14:25:12] Script: /var/www/html/search.php Input: q=test' OR '1'='1 SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'='1' at line 1 ```
A penetration tester is reviewing Python code for a web application and finds the following snippet:
import sqlite3 def get_user(username):
conn = sqlite3.connect('users.db') cursor = conn.cursor() query = "SELECT * FROM users WHERE username = '" + username + "'" cursor.execute(query)
return cursor.fetchall()
Which TWO of the following vulnerabilities are present in this code? (Select TWO.)
#!/usr/bin/env python3
import socket
import sys
target = sys.argv[1]
port = int(sys.argv[2])
payload = b"A" * 5000
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target, port))
s.send(payload)
response = s.recv(1024)
print(response)
except Exception as e:
print(f"Error: {e}")