A consultant is reviewing the following output after reports of intermittent connectivity issues:? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?

A device on the network has poisoned the ARP cache.

A device on the network has an IP address in the wrong subnet.

A multicast session was initiated using the wrong multicast group.

An ARP flooding attack is using the broadcast address to perform DDoS.

A device on the network has poisoned the ARP cache.

Which of the following BEST describe the OWASP Top 10? (Choose two.)

The most critical risks of web applications

The risks defined in order of importance

The most critical risks of web applications

A list of all the risks of web applications

The risks defined in order of importance

A web-application security standard

A risk-governance and compliance framework

A checklist of Apache vulnerabilities

A penetration tester conducted a discovery scan that generated the following: Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'

nmap -oG list.txt 192.168.0.1-254 , sort

nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'

nmap --open 192.168.0.1-254, uniq

nmap -o 192.168.0.1-254, cut -f 2

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

Send deauthentication frames to the stations.

Perform jamming on all 2.4GHz and 5GHz channels.

Set the malicious AP to broadcast within dynamic frequency selection channels.

Modify the malicious AP configuration to not use a pre-shared key.

A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?

The planning process failed to ensure all teams were notified

The penetration tester was testing the wrong assets

The planning process failed to ensure all teams were notified

The client was not ready for the assessment to start

The penetration tester had incorrect contact information

A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

Create a one-shot system service to establish a reverse shell.

Obtain /etc/shadow and brute force the root password.

Run the nc -e /bin/sh <...> command.

Move laterally to create a user account on LDAP

A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

Test with proof-of-concept code from an exploit database

Manually check the version number of the VoIP service against the CVE release

Test with proof-of-concept code from an exploit database

Review SIP traffic from an on-path position to look for indicators of compromise

Utilize an nmap -sV scan against the service

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account.The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Enforce mandatory employee vacations

Implement multifactor authentication

Install video surveillance equipment in the office

Encrypt passwords for bank account information

A penetration tester wants to scan a target network without being detected by the client's IDS.Which of the following scans is MOST likely to avoid detection?

nmap -sA -sV --host-timeout 60 192.168.1.10

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Stop the assessment and inform the emergency contact.

Analyze the malware to see what it does.

Collect the proper evidence and then remove the malware.

Do a root-cause analysis to find out how the malware got in.

Remove the malware immediately.

Stop the assessment and inform the emergency contact.

A penetration tester runs the following command on a system:find / -user root -perm -4000 -print 2>/dev/nullWhich of the following is the tester trying to accomplish?

Find files with the SUID bit set

Set the SGID on all files in the / directory

Find the /root directory on the system

Find files with the SUID bit set

Find files that were created during exploitation and move them to /dev/null

Which of the following would MOST likely be included in the final report of a static applicationsecurity test that was written with a team of application developers as the intended audience?

Code context for instances of unsafe type-casting operations

Executive summary of the penetration-testing methods used

Bill of materials including supplies, subcontracts, and costs incurred during assessment

Quantitative impact assessments given a successful software compromise

Code context for instances of unsafe type-casting operations

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:Have a full TCP connectionSend a "hello" payloadWalt for a responseSend a string of characters longer than 16 bytesWhich of the following approaches would BEST support the objective?

Create a script in the Lua language and use it with NSE.

Run nmap -Pn -sV -script vuln <IP address>.

Employ an OpenVAS simple scan against the TCP port of the host.

Create a script in the Lua language and use it with NSE.

Perform a credentialed scan with Nessus.

A company becomes concerned when the security alarms are triggered during a penetration test.Which of the following should the company do NEXT?

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

Run nmap with the --script vulners option set against the target

Run nmap with the -o, -p22, and -sC options set against the target

Run nmap with the -sV and -p22 options set against the target

Run nmap with the --script vulners option set against the target

Run nmap with the -sA option set against the target

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Add a dependency checker into the tool chain.

Perform routine static and dynamic analysis of committed code.

Validate API security settings before deployment.

Perform fuzz testing of compiled binaries.

When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

Obtain an asset inventory from the client.

Identify all third parties involved.

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files.During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.Which of the following actions should the tester take?

Halt the assessment and follow the reporting procedures as outlined in the contract.

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team's approach.

Create a detailed document of findings before continuing with the assessment.

Halt the assessment and follow the reporting procedures as outlined in the contract.

A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve?

Determine active hosts on the network.

Set the TTL of ping packets for stealth.

Fill the ARP table of the networked devices.

Scan the system on the most used ports.

Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Whether the cloud service provider allows the penetration tester to test the environment

Whether the specific cloud services are being used by the application

The geographical location where the cloud services are running

Whether the country where the cloud service is based has any impeding laws

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

Conduct a watering-hole attack.

CompTIA PT0-002 Practice Test 2 - Free Online Exam Questions 41-80

Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

A.

The libraries may be vulnerable

B.

The licensing of software is ambiguous

C.

The libraries' code bases could be read by anyone

D.

The provenance of code is unknown

E.

The libraries may be unsupported

F.

The libraries may break the application

CompTIA PT0-002 Practice Test 2

Question

CompTIA PT0-002 Practice Tests

Practice Tests