An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

Encrypt and store any client information for future analysis

Follow the established data retention and destruction process

Report any findings to regulatory oversight groups

Publish the findings after the client reviews the report

Encrypt and store any client information for future analysis

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)

Conducting wardriving near the client facility

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.Which of the following Nmap scan syntaxes would BEST accomplish this objective?

nmap -sT -vvv -O 192.168.1.2/24 -PO

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.Which of the following is the BEST action for the penetration tester to take?

Scan the IP range for additional systems to exploit.

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.Which of the following actions, if performed, would be ethical within the scope of the assessment?

Intercepting outbound TLS traffic

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.Which of the following can be done with the pcap to gain access to the server?

Utilize a pass-the-hash attack.

Perform vertical privilege escalation.

Replay the captured traffic to the server to recreate the session.

Use John the Ripper to crack the password.

Utilize a pass-the-hash attack.

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.Which of the following should be included as a recommendation in the remediation report?

Stronger algorithmic requirements

Encryption on the user passwords

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?

To ensure someone is available if something goes wrong

To meet PCI DSS testing requirements

For testing of the customer's SLA with the ISP

Because of concerns regarding bandwidth limitations

To ensure someone is available if something goes wrong

The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt

nmap ?iR10oX out.xml | grep ?Nmap ? | cut d ?"f5 > live-hosts.txt

nmap ?PnsV OiL target.txt ?A target_text_Service

nmap ?sSPn n iL target.txt ?A target_txtl

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?

Update the ROE with new signatures. Most Voted

Scan the 8-bit block to map additional missed hosts.

A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

Impersonate a package delivery worker.

PCI DSS requires which of the following as part of the penetration-testing process?

The penetration tester must have cybersecurity certifications.

Only externally facing systems should be tested.

The assessment must be performed during non-working hours.

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

The client applies patches to the systems.

The penetration tester conducts a retest.

The penetration tester deletes all scripts from the client machines.

The client applies patches to the systems.

The client clears system logs generated during the test.

A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

nmap ?sn 192.168.0.1 192.168.0.1.254

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org.comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.Which of the following potential issues can the penetration tester identify based on this output?

At least one of the records is out of scope.

There is a duplicate MX record.

The NS record is not within the appropriate domain.

The SOA records outside the comptia.org domain.

Deconfliction is necessary when the penetration test:

uncovers indicators of prior compromise over the course of the assessment.

determines that proprietary information is being stored in cleartext.

occurs during the monthly vulnerability scanning.

uncovers indicators of prior compromise over the course of the assessment.

proceeds in parallel with a criminal digital forensic investigation.

Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

Use of non-optimized sort functions

Non-compliance with code style guide

A cydomatic complexity score of 3

A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

Remove any tools or scripts that were installed.

Delete any created credentials.

Remove the logs from the server.

Remove any tools or scripts that were installed.

Delete any created credentials.

A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and theInternet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP.Which of the following methods would BEST support the objective?

Proxy HTTP connections from the target host to that of the spoofed host.

Gain access to the target host and implant malware specially crafted for this purpose.

Exploit the local DNS server and add/update the zone records with a spoofed A record.

Use the Scapy utility to overwrite name resolution fields in the DNS query response.

Proxy HTTP connections from the target host to that of the spoofed host.

A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?

nmap -A 192.168.0.10-100 -oX results

nmap -iL results 192.168.0.10-100

nmap 192.168.0.10-100 -O > results

nmap -A 192.168.0.10-100 -oX results

nmap 192.168.0.10-100 | grep "results"

A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

Check the scoping document to determine if exfiltration is within scope.

Include the discovery and interaction in the daily report.

CompTIA PT0-002 Practice Test 4 - Free Online Exam Prep & Questions

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP

TABLE SERVICES; --

Which of the following attacks is being attempted?

A.

Clickjacking

B.

Session hijacking

C.

Parameter pollution

D.

Cookie hijacking

E.

Cross-site scripting

CompTIA PT0-002 Practice Test 4

Question

CompTIA PT0-002 Practice Tests

Practice Tests