Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Tools and Code Analysis practice sets

PT0-002 Tools and Code Analysis • Complete Question Bank

PT0-002 Tools and Code Analysis — All Questions With Answers

Complete PT0-002 Tools and Code Analysis question bank — all 0 questions with answers and detailed explanations.

100
Questions
Free
No signup
Certifications/PT0-002/Practice Test/Tools and Code Analysis/All Questions
Question 1mediummultiple choice
Study the full Python automation breakdown →

A penetration tester wrote a Python script to automate HTTP request fuzzing. The script uses the 'requests' library to send payloads and checks for reflected content in the response. The tester wants to analyze the script for potential improvements. Which of the following code changes would MOST directly reduce false positives in detecting reflection?

Question 2mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a PowerShell script used for post-exploitation on a Windows domain. The script contains the following line: Invoke-Command -ComputerName $target -ScriptBlock { get-process -Name "explorer" }. What is the primary purpose of this command?

Question 3easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to identify live hosts on a large internal network. Which Nmap option would be the FASTEST for initial host discovery?

Question 4mediummultiple choice
Study the full Python automation breakdown →

A penetration tester writes a Python script to test an API for vulnerabilities. The script sends requests with multiple payloads and checks if the response contains an error message indicating a potential injection. Which of the following code snippets would BEST reduce false positives by verifying that the injected parameter is processed?

Question 5mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is reviewing a Python script that uses the `requests` library to send HTTP POST requests to a login endpoint. The script attempts to bypass authentication by sending SQL injection payloads in the username field. Which of the following code changes would MOST effectively help the tester identify successful injections by reducing false negatives?

Question 6mediummultiple choice
Study the full Python automation breakdown →

A penetration tester writes a Python script to test for directory traversal vulnerabilities in a web application. The script uses the requests library to send a payload like '../../etc/passwd' and checks if the response contains the string 'root:'. However, the tester notices many false negatives because the application requires URL encoding of the dots and slashes. Which code modification would BEST improve the detection rate?

Question 7easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to enumerate SMB shares, user lists, and operating system information from a Windows target without authenticating. Which of the following tools is BEST suited for this task?

Question 8mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is reviewing a Python script that attempts to exploit a command injection vulnerability. The script uses the 'subprocess' module with the 'shell=True' argument. Which of the following code changes would be MOST effective to reduce the risk of unintended consequences when executing system commands?

Question 9mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is writing a Bash script to automate enumeration of a Linux system after gaining a shell. The script needs to extract user information from the /etc/passwd file. Which command would be most efficient for listing only the usernames?

Question 10mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the Impacket library to perform an SMB relay attack. The script is failing to capture NTLM hashes from target machines. Which part of the script is MOST likely misconfigured?

Question 11mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is using Burp Suite to test a web application. The tester notices that the application relies on client-side JavaScript validation to restrict input. To bypass this validation and test for server-side vulnerabilities, which Burp Suite feature is MOST useful for automatically modifying requests before they are sent to the server?

Question 12mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is writing a Bash script to enumerate users from the /etc/passwd file on a compromised Linux system. Which command will efficiently print only the usernames?

Question 13mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'paramiko' library to automate SSH key-based authentication across multiple servers. The script fails with 'AuthenticationException' for some servers that the tester is certain have the correct private key configured. Which of the following is the most likely cause of this failure?

Question 14hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is writing a return-oriented programming (ROP) exploit for a Linux binary to bypass Data Execution Prevention (DEP). The binary has DEP enabled, but the tester identifies a gadget in a dynamically linked library that is not affected by ASLR. Which condition must be true for the ROP chain to succeed?

Question 15mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is using Burp Suite to intercept and modify HTTP traffic. When browsing to an HTTPS site, the tester observes that the requests are encrypted and not being intercepted by Burp. Which configuration step is most likely missing?

Question 16easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to quickly capture and analyze network packets during an internal test to identify unencrypted protocols. Which command-line tool is commonly used for packet capture on Linux?

Question 17mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is using an Nmap NSE script to enumerate SMB shares on a target Windows server. The script runs without errors but returns no shares, even though the server has shares configured. Which is the MOST likely cause?

Question 18easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester has obtained a dump of NTLM password hashes from a Windows Domain Controller. The tester wants to crack these hashes as quickly as possible using GPU acceleration. Which tool is the BEST choice for this task?

Question 19mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is writing a Bash script to automate the extraction of password hashes from a Windows system after gaining SYSTEM-level access. The script uses 'reg.exe' to save the SAM and SYSTEM hives. Which command should the tester include in the script to export the SAM hive to a file?

Question 20easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to quickly identify the listening services on a target Linux server without performing a full port scan. The tester has obtained an unauthenticated shell as a low-privileged user. Which built-in command is most likely available on a modern Linux distribution to list all listening TCP sockets?

Question 21mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a web application's JavaScript files to discover hidden API endpoints and potential client-side vulnerabilities. Which tool is specifically designed to extract URLs and endpoints from JavaScript files?

Question 22mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the requests library to automate web vulnerability scanning. The script sends POST requests with payloads but receives 403 Forbidden responses for many requests, even though manual testing with the same payloads works. Which is the most likely cause?

Question 23mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is writing a Bash script to enumerate network shares on multiple Windows hosts. The script uses smbclient to list shares. Which command should be used within the script to attempt to connect to a host with a known username and password?

Question 24mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is using Hashcat to crack NTLM hashes obtained from a Windows system. The tester wants to use a rule-based attack to maximize cracking success. Which Hashcat mode should be used for NTLM hashes?

Question 25mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script used for web application testing. The script imports the 'socket' module and uses it to create a raw socket. Which of the following is the most likely purpose of the script?

Question 26easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Bash script that contains the following line: 'for ip in $(cat ip_list.txt); do nc -zv $ip 22; done'. What is the primary purpose of this script?

Question 27mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is reviewing a Python script that uses the 'mitmproxy' library. The script sets up a proxy and captures HTTP traffic, then modifies certain requests in real time. Which of the following is the most likely purpose of this script?

Question 28easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is performing internal reconnaissance on a Windows domain. The tester wants to enumerate SMB shares on multiple hosts quickly. Which tool is best suited for this task?

Question 29hardmultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that imports the 'scapy' library. The script defines a function that sends a series of TCP SYN packets to a target IP and port range, and then waits for SYN-ACK responses. Which attack is the script performing?

Question 30mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'subprocess' module to execute shell commands. The tester notices that the script passes user-supplied input directly to the shell without any sanitization or validation. Which vulnerability class is most likely present in this script?

Question 31mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Bash script that uses 'curl' to send HTTP requests with payloads and checks for a specific string in the response. The script contains: 'if echo $response | grep -q "root:x:0:0"'. Which vulnerability is the script most likely testing for?

Question 32mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'requests' library to send HTTP POST requests to a target URL with different payloads. The script also implements a retry mechanism with exponential backoff. What is the most likely purpose of this script?

Question 33mediummultiple choice
Read the full NAT/PAT explanation →

A penetration tester is analyzing a PowerShell script that contains the following code: Get-WmiObject -Class Win32_Service | Where-Object {$_.PathName -like "* *"} | Select-Object Name, PathName, State What is the primary purpose of this script?

Question 34hardmultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that performs a buffer overflow attack. The script imports the struct module and the socket module. It constructs a payload by packing a pattern of characters, then overwriting a return address with a specific offset. Which of the following is the most critical piece of information the tester must determine before running this script against the target?

Question 35mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Bash script that uses the tool 'curl' to send HTTP requests. The script contains the following line: curl -X POST -d "username=admin&password[$ne]=a" http://target/login. Which type of attack is this script most likely attempting?

Question 36mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'scapy' library to craft and send packets. The script contains the following code snippet: 'send(IP(dst=target)/TCP(dport=port, flags='S'))'. The script then listens for responses and looks for packets with flags 'SA'. Which type of scan is this script performing?

Question 37easymultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'paramiko' library. The script reads a list of IP addresses from a file and attempts to connect to each host using the same username and a list of common passwords. Which attack technique is the script most likely performing?

Question 38mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester analyzes a PowerShell script that uses the 'Invoke-Command' cmdlet to run a command on multiple remote Windows systems. The script checks if the local Administrator account is using a default password. Which phase of the penetration test is this script most directly supporting?

Question 39easymultiple choice
Study the full Python automation breakdown →

A penetration tester is reviewing a Python script that automates a common network attack. The script imports the 'ftplib' and 'telnetlib' libraries. It reads a list of IP addresses from a file and, for each host, attempts to connect using a predefined username and password. If the connection succeeds, it logs the success. Which attack is the script most likely performing?

Question 40mediummultiple choice
Review the full subnetting walkthrough →

A penetration tester is analyzing a Bash script that performs network scanning. The script contains the following command: 'for ip in $(seq 1 254); do hping3 -S -p 22 -c 1 $TARGET_SUBNET.$ip 2>/dev/null | grep -q "flags=SA" && echo "$TARGET_SUBNET.$ip: open"; done'. What is the primary purpose of this script?

Question 41easymultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'socket' library. The script creates a socket, connects to a target IP and port, sends a payload, and then receives a response. The script is most likely designed for which type of attack?

Question 42mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is reviewing a Bash script that contains the following line: 'hydra -l admin -P /usr/share/wordlists/rockyou.txt $TARGET http-post-form "/login:username=^USER^&password=^PASS^:Invalid login"'. What is the primary purpose of this command?

Question 43easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester runs the following command: nmap -sS -p 1-65535 -T4 -A -O --reason target. What is the primary purpose of the -A option in this command?

Question 44mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a PowerShell script that uses Invoke-WebRequest and Invoke-RestMethod to interact with a target web service. The script parses JSON responses to extract session tokens and then uses those tokens in subsequent requests. Which attack technique is this script most likely performing?

Question 45mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'requests' library. The script sends a GET request to a target URL with a crafted parameter value containing a SQL sleep function, then measures the response time. What attack is the script most likely performing?

Question 46easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is reviewing a Bash script that contains the following command: 'openssl s_client -connect target:443 -servername target 2>/dev/null | openssl x509 -noout -text'. What is the primary purpose of this command?

Question 47mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script used during a test. The script contains the following code: 'import requests; r = requests.get('http://target', headers={'User-Agent': 'Mozilla/5.0'}); print(r.text)'. What is the primary purpose of setting the User-Agent header in this script?

Question 48hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Bash script that automates a password spraying attack. The script contains the following loop: 'for user in $(cat users.txt); do for pass in $(cat passwords.txt); do curl -s -o /dev/null -w "%{http_code}" --data "user=$user&pass=$pass" http://target/login; done; done'. The script runs but the output is a continuous stream of HTTP status codes that are hard to interpret. Which improvement would most effectively help the tester identify a successful login?

Question 49mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'scapy' library. The script contains the line: `packet = IP(dst='10.0.0.1')/TCP(dport=80, flags='S')`. The tester then uses `sr1(packet, timeout=2)`. What is the primary purpose of this code?

Question 50mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Ruby script that uses the 'metasploit-framework' gem. The script includes a line: `Msf::Simple::Framework.create` and then calls `run_single('use exploit/multi/handler')`. What is the primary purpose of this script?

Question 51mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'requests' library to send HTTP requests with a custom header that mimics a mobile device. The script also uses 'beautifulsoup4' to parse the response and extract specific data. Which task is this script most likely performing?

Question 52hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a PowerShell script that uses the 'Invoke-Command' cmdlet to execute commands on remote machines, and 'Set-Service' to change service startup types. What attack is this script most likely performing?

Question 53easymultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'socket' module to create a TCP connection to a target IP and port. The script then sends a payload (e.g., 'GET / HTTP/1.0\r\n\r\n') and waits for a response. Which tool function is this script most likely performing?

Question 54mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is reviewing a Bash script that uses 'nmap' with the '-sC' and '-sV' flags. The script runs the scan and saves the output to a text file. Later, the tester uses 'grep' to extract lines containing 'open'. What is the primary purpose of this script?

Question 55mediummultiple choice
Study the full Python automation breakdown →

A penetration tester is analyzing a Python script that uses the 'scapy' library to craft custom network packets. The relevant code is: ```python from scapy.all import * packet = IP(dst="192.168.1.1")/TCP(dport=80, flags="S") response = sr1(packet, timeout=2) if response.haslayer(TCP): print(response.getlayer(TCP).flags) ``` What is the primary goal of this script?

Question 56hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a PowerShell script used during an internal test. The script contains the following code block: ```powershell $cred = Get-Credential $session = New-PSSession -ComputerName 'Server01' -Credential $cred Invoke-Command -Session $session -ScriptBlock { Get-ChildItem C:\Secrets.txt } Remove-PSSession $session ``` What is the primary purpose of this script?

Question 57mediummultiple choice
Study the full Python automation breakdown →

A Python proof-of-concept sends repeated login attempts but does not preserve cookies between requests. The application sets a CSRF token in a session cookie. What change is most likely required for accurate testing?

Question 58easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a Bash script used for post-exploitation enumeration. The script contains the line: `cat /etc/shadow | awk -F: '{print $1, $2}'`. What is the primary purpose of this command?

Question 59mediumdrag order
Read the full Tools and Code Analysis explanation →

Drag and drop the steps to perform a vulnerability scan using Nessus into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 60mediumdrag order
Read the full Tools and Code Analysis explanation →

Drag and drop the steps to perform a social engineering campaign using a phishing email with a malicious attachment into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 61mediummatching
Read the full Tools and Code Analysis explanation →

Match each Phase of the Penetration Testing Execution Standard (PTES) to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Scope definition, rules of engagement, legal agreements

Collecting information about the target via OSINT

Identifying assets, threats, and attack vectors

Scanning and testing for vulnerabilities

Gaining unauthorized access using exploits

Question 62mediummatching
Read the full Tools and Code Analysis explanation →

Match each compliance standard to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Payment card data security

Protected health information privacy

Personal data protection for EU citizens

Financial reporting and internal controls

Information security management system

Question 63easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester needs to automate a series of web application attacks against a login page to identify weak credentials. Which tool is most appropriate?

Question 64mediummultiple choice
Read the full Tools and Code Analysis explanation →

During a penetration test, a tester discovers a binary that appears to be obfuscated. Which approach is best for deobfuscation?

Question 65hardmultiple choice
Read the full Tools and Code Analysis explanation →

A tester is analyzing a piece of malware and needs to identify the original entry point after unpacking. Which technique is most appropriate?

Question 66easymultiple choice
Study the full Python automation breakdown →

Which tool is best for performing static analysis of Python code to find security vulnerabilities?

Question 67mediummultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to fuzz a network protocol to find buffer overflows. Which tool is most appropriate?

Question 68mediummultiple choice
Read the full Tools and Code Analysis explanation →

While analyzing a malicious document, a tester extracts a VBA macro. Which tool can help decode the macro for analysis?

Question 69easymultiple choice
Read the full NAT/PAT explanation →

A tester is reviewing code and sees a function that concatenates user input directly into a SQL query. Which vulnerability is most likely present?

Question 70hardmultiple choice
Read the full Tools and Code Analysis explanation →

Which of the following best describes the purpose of a return-oriented programming (ROP) chain?

Question 71hardmultiple choice
Read the full Tools and Code Analysis explanation →

A tester needs to analyze a compiled .NET application. Which tool is most suitable?

Question 72mediummulti select
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a network packet capture to identify potential attacks. Which two indicators suggest a successful SQL injection attempt?

Question 73hardmulti select
Read the full Tools and Code Analysis explanation →

A tester is conducting a code review of a web application. Which three coding practices can help prevent cross-site scripting (XSS)?

Question 74easymulti select
Read the full Tools and Code Analysis explanation →

Which two tools are commonly used for password cracking in penetration testing?

Question 75easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester runs the following command and receives the output. What does this output indicate?

Exhibit

Refer to the exhibit.
```
$ nmap -sV -sC 192.168.1.10
Starting Nmap 7.92 ( https://nmap.org )
Nmap scan report for 192.168.1.10
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 7.4 (protocol 2.0)
80/tcp   open  http       Apache httpd 2.4.6
443/tcp  open  ssl/http   Apache httpd (SSL-only mode)
```
Question 76mediummultiple choice
Study the full Python automation breakdown →

A tester runs a Python script to perform a directory traversal attack. The output shows: 'Error: 403 Forbidden'. What is the most likely cause?

Exhibit

Refer to the exhibit.
```python
import requests
url = 'http://example.com/download?file=../../etc/passwd'
response = requests.get(url)
print(response.status_code)
```
Question 77hardmultiple choice
Read the full Tools and Code Analysis explanation →

A tester uses OllyDbg to step through a binary. The EAX register contains 0x00401234. What does this represent?

Exhibit

Refer to the exhibit.
```
EAX = 0x00401234
EBX = 0x00000000
ECX = 0x00000000
```
Question 78easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester needs to enumerate active hosts and open ports on a network segment with minimal network traffic. Which tool should the tester use?

Question 79mediummultiple choice
Read the full NAT/PAT explanation →

During a web application test, a penetration tester discovers that the server returns verbose error messages containing full file paths. Which type of attack is directly facilitated by this information disclosure?

Question 80hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a malicious script found on a compromised Linux server. The script uses obfuscation techniques including base64 encoding and variable substitution. Which tool or method is most effective for deobfuscating the script to understand its functionality?

Question 81easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to perform a slow and stealthy port scan to avoid intrusion detection systems. Which Nmap option should be used?

Question 82mediummultiple choice
Read the full Tools and Code Analysis explanation →

During a penetration test, a tester needs to capture and analyze the traffic between a client and a server over an encrypted HTTPS connection. The tester has access to the server's private key. Which technique or tool should the tester employ?

Question 83hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is assessing a custom web application that uses JSON Web Tokens (JWT) for authentication. The tester suspects the token may be using a weak secret. Which tool is best suited to attempt cracking the JWT secret?

Question 84easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester wants to quickly identify known vulnerabilities in a web application without triggering many alarms. Which tool should the tester use?

Question 85mediummultiple choice
Read the full Tools and Code Analysis explanation →

During a penetration test, a tester needs to perform a man-in-the-middle (MITM) attack on a local network to capture credentials. Which tool should the tester use to ARP spoof and intercept traffic?

Question 86hardmultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is analyzing a password hash obtained from a Windows domain controller. The hash format is $NT$70676e... and the tester wants to crack it using a rule-based attack. Which tool is best suited for this task?

Question 87mediummulti select
Read the full Tools and Code Analysis explanation →

Which TWO of the following are valid uses of the 'socat' tool during a penetration test? (Select TWO.)

Question 88hardmulti select
Read the full Tools and Code Analysis explanation →

Which TWO of the following are benefits of using a fuzzing tool during the code analysis phase of a penetration test? (Select TWO.)

Question 89hardmulti select
Read the full Tools and Code Analysis explanation →

Which THREE of the following are common elements found in a Burp Suite project file? (Select THREE.)

Question 90mediummultiple choice
Read the full Tools and Code Analysis explanation →

Based on the exhibit, which additional Nmap command should the tester run to gather the most useful information for a web application test?

Exhibit

Refer to the exhibit.

Output from a command:
```
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-15 14:22 PDT
Nmap scan report for 192.168.1.10
Host is up (0.0012s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy
MAC Address: 00:1A:2B:3C:4D:5E (Dell)

Nmap done: 1 IP address (1 host up) scanned in 2.34 seconds
```
Question 91hardmultiple choice
Read the full Tools and Code Analysis explanation →

Based on the exhibit, which tool would be most effective for exploiting this vulnerability?

Exhibit

Refer to the exhibit.

Error log from a web application:
```
[2024-03-15 14:25:12] Script: /var/www/html/search.php
Input: q=test' OR '1'='1
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'='1' at line 1
```
Question 92hardmultiple choice
Read the full NAT/PAT explanation →

You are a penetration tester performing an internal assessment of a corporate network. The network consists of a Windows Active Directory domain with Windows 10 clients and Windows Server 2019 servers. The goal is to escalate privileges from a standard domain user to domain administrator. You have obtained initial access to a workstation as a low-privileged user named 'jdoe'. During reconnaissance, you discover that the workstation has PowerShell Remoting (WinRM) enabled and that a scheduled task runs every 5 minutes with the credentials of a service account 'svc_app'. The service account is a member of the 'Backup Operators' group, which has SeBackupPrivilege. You also find that the system has an outdated version of the PsExec tool in the PATH. Which of the following is the most effective course of action to escalate privileges?

Question 93mediummultiple choice
Review the full subnetting walkthrough →

A penetration tester is performing an internal network assessment and needs to quickly identify all live hosts and their open ports across a large subnet (10.0.0.0/16). The tester wants to minimize network disruption and avoid IDS detection. Which tool and technique should the tester use?

Question 94easymulti select
Study the full Python automation breakdown →

A penetration tester is reviewing Python code for a web application and finds the following snippet:

import sqlite3
def get_user(username):

conn = sqlite3.connect('users.db') cursor = conn.cursor() query = "SELECT * FROM users WHERE username = '" + username + "'" cursor.execute(query)

return cursor.fetchall()

Which TWO of the following vulnerabilities are present in this code? (Select TWO.)

Question 95hardmultiple choice
Read the full Tools and Code Analysis explanation →

You are conducting a penetration test on a web application that uses a JavaScript challenge-response authentication mechanism. During testing, you notice that the client-side JavaScript code is heavily obfuscated and includes a function that seems to compute a token based on user input and a server-provided nonce. Your goal is to bypass the authentication by generating valid tokens without interacting with the server's intended logic. You have extracted the obfuscated JavaScript and used a beautifier to make it more readable, but the logic is still complex. Which of the following approaches is most likely to succeed in bypassing the authentication?

Question 96mediummultiple choice
Study the full Python automation breakdown →

You are performing a web application penetration test for a client that uses a custom content management system (CMS). During the initial reconnaissance, you identify that the CMS has a file upload feature that accepts JPEG images. You suspect that the application may be vulnerable to unrestricted file upload, allowing you to upload a malicious PHP script to gain remote code execution. However, the application validates file extensions and checks the MIME type of the uploaded file. You have access to Burp Suite and a Python environment. Which of the following approaches is most likely to successfully bypass the file upload restrictions and achieve remote code execution?

Question 97easymultiple choice
Open the full VLAN trunking answer →

During a penetration test of a corporate network, you discover a Linux server running a custom Python application that handles authentication for a web portal. The server is configured to allow SSH access only from a specific management subnet. You have obtained a limited shell on a different host within the same VLAN as the target server. From your limited shell, you can reach the target server on TCP port 22, but you do not have valid credentials. The Python authentication script uses a flat file database to store user credentials in the format 'username:hashed_password'. You suspect the script has a vulnerability that allows reading arbitrary files, such as the password file. Which of the following actions should you take to exploit this vulnerability?

Question 98mediummulti select
Read the full Tools and Code Analysis explanation →

A penetration tester is examining a compiled binary obtained during an engagement. The tester wants to identify potential buffer overflow vulnerabilities and understand the control flow. Which TWO tools would be most appropriate for this task?

Question 99hardmultiple choice
Read the full Tools and Code Analysis explanation →

Refer to the exhibit. A penetration tester runs this script against a target service and receives the output 'Error: [Errno 104] Connection reset by peer'. What is the most likely cause?

Exhibit

#!/usr/bin/env python3
import socket
import sys

target = sys.argv[1]
port = int(sys.argv[2])
payload = b"A" * 5000

try:
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((target, port))
    s.send(payload)
    response = s.recv(1024)
    print(response)
except Exception as e:
    print(f"Error: {e}")
Question 100easymultiple choice
Read the full Tools and Code Analysis explanation →

A penetration tester is conducting an internal assessment of a company's web application. The application provides a file upload feature that accepts images but does not validate the file type on the server side. The tester has identified that the application runs on an Apache server with PHP support. The tester wants to execute a command on the server to establish a reverse shell. The tester has a Linux client and has already crafted a PHP reverse shell payload. The tester has also verified that outbound connections are allowed from the server. After uploading the malicious PHP file, the tester attempts to access it via a browser but receives a 404 error. The tester suspects the uploaded file may have been renamed or moved. Which of the following steps should the tester take next to achieve code execution?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

PT0-002 Practice Test 1 — 10 Questions→PT0-002 Practice Test 2 — 10 Questions→PT0-002 Practice Test 3 — 10 Questions→PT0-002 Practice Test 4 — 10 Questions→PT0-002 Practice Test 5 — 10 Questions→PT0-002 Practice Exam 1 — 20 Questions→PT0-002 Practice Exam 2 — 20 Questions→PT0-002 Practice Exam 3 — 20 Questions→PT0-002 Practice Exam 4 — 20 Questions→Free PT0-002 Practice Test 1 — 30 Questions→Free PT0-002 Practice Test 2 — 30 Questions→Free PT0-002 Practice Test 3 — 30 Questions→PT0-002 Practice Questions 1 — 50 Questions→PT0-002 Practice Questions 2 — 50 Questions→PT0-002 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Planning and ScopingInformation Gathering and Vulnerability ScanningAttacks and ExploitsReporting and CommunicationTools and Code Analysis

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Tools and Code Analysis setsAll Tools and Code Analysis questionsPT0-002 Practice Hub