Online Access Free PT0-001 Practice Test

A security assessor is attempting to craft specialized XML files to test the security of the parsing functions during ingest into a Windows application. Before beginning to test the application, which of the following should the assessor request from the organization?

• A.A protocol fuzzing utility
• B.The REST API documentation
• C.Sample SOAP messages
• D.An applicable XSD file

A penetration tester wants to target NETBIOS name service. Which of the following is the most likely command to exploit the NETBIOS name service?

• A.nmap
• B.burpsuite
• C.responder
• D.arPspoof

A penetration tester was able to enter an SQL injection command into a text box and gain access to the information store on the database. Which of the following is the BEST recommendation that would mitigate the vulnerability?

• A.Install host-based intrusion detection
• B.Randomize the credentials used to log in
• C.Perform system hardening
• D.Implement input normalization

A penetration tester is asked to scope an external engagement. Which of the following would be a valid target?

• A.172.16.67.145
• B.192.168.47.231
• C.169.254. 67.23
• D.104.45.98.126

Given the following script:

Which of the following BEST describes the purpose of this script?

• A.Log collection
• B.Event collection
• C.Keystroke monitoring
• D.Debug message collection