A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the MOST likely reason for the error?

The application has the API certificate pinned.

TCP port 443 is not open on the firewall

The API server is using SSL instead of TLS

The tester is using an outdated version of the application

The application has the API certificate pinned.

A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.Which of the following methods will MOST likely work?

Attempt to escalate privileges on the mail server to gain root access.

Try to obtain the private key used for S/MIME from the CEO's account.

Send an email from the CEO's account, requesting a new account.

Move laterally from the mail server to the domain controller.

Attempt to escalate privileges on the mail server to gain root access.

A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?

Use DNS lookups and dig to determine the external hosts.

Launch an external scan of netblocks.

Check WHOIS and netblock records for the company.

Use DNS lookups and dig to determine the external hosts.

Conduct a ping sweep of the company's netblocks.

A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted?

Decode the authorization header using Base64.

Decode the authorization header using UTF-8.

Decrypt the authorization header using bcrypt.

Decode the authorization header using Base64.

Decrypt the authorization header using AES.

A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

Scrape web presences and social-networking sites.

Specially craft and deploy phishing emails to key company leaders.

Run a vulnerability scan against the company's external website.

Runtime the company's vendor/supply chain.

Scrape web presences and social-networking sites.

A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?

Reprioritizing the goals/objectives

Maximizing the likelihood of finding vulnerabilities

Reprioritizing the goals/objectives

Eliminating the potential for false positives

Reducing the risk to the client environment

A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.Which of the following changes should the tester apply to make the script work as intended?

Change line 2 to $ip= ;Ä? Ä10.192.168.254 ?

Move all the lines below line 7 to the top of the script.

A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:U3VQZXIkM2NyZXQhCg==Which of the following commands should the tester use NEXT to decode the contents of the file?

echo U3VQZXIkM2NyZXQhCg== | base64גÄ"d

hydra גÄ"l svsacct גÄ"p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24

john --wordlist /usr/share/seclists/rockyou.txt password.txt

Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

The team discovers another actor on a system on the network.

The team exploits a critical server within the organization.

The team exfiltrates PII or credit card data from the organization.

The team loses access to the network remotely.

The team discovers another actor on a system on the network.

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code: Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

*range(1, 1025) on line 1 populated the portList list in numerical order.

sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

*range(1, 1025) on line 1 populated the portList list in numerical order.

Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

The remoteSvr variable has neither been type-hinted nor initialized.

A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

A dedicated point of contact at the client

The paperwork documenting the engagement

A handheld RF spectrum analyzer

A mask and personal protective equipment

Caution tape for marking off insecure areas

A dedicated point of contact at the client

The paperwork documenting the engagement

Knowledge of the building's normal business hours

A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high. Which of the following should be the NEXT step?

Perform a new penetration test.

Provide the list of common vulnerabilities and exposures.

Broaden the scope of the penetration test.

A penetration tester writes the following script: Which of the following is the tester performing?

Scanning a network for specific open ports

Searching for service vulnerabilities

Trying to recover a lost bind shell

Building a reverse shell listening on specified ports

Scanning a network for specific open ports

A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability. Which of the following should the penetration tester consider BEFORE running a scan?

The inventory of assets and versions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing?(Choose two.)

Mapping a share to a remote system

Executing a file on the remote system

Redirecting output from a file to a remote system

Building a scheduled task for execution

Mapping a share to a remote system

Executing a file on the remote system

Creating a new process on all domain systems

Setting up a reverse shell from a remote system

Adding an additional IP address on the compromised system

After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results: The tester then runs the following command from the previous exploited system, which fails:Which of the following explains the reason why the command failed?

An account for RDP does not exist on the server.

The tester input the incorrect IP address.

The command requires the ?-port 135 option.

An account for RDP does not exist on the server.

PowerShell requires administrative privilege.

During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Dump the user address book on the device.

Sniff and then crack the WPS PIN on an associated WiFi device.

Dump the user address book on the device.

Break a connection between two Bluetooth devices.

Transmit text messages to the device.

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

Non-optimized resource management

Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

When most of the vulnerabilities have been remediated

After a merger or an acquisition

When an organization updates its network firewall configurations

When most of the vulnerabilities have been remediated

A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log: Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

Start a packet capture with Wireshark and then run the application.

Run an application vulnerability scan and then identify the TCP ports used by the application.

Run the application attached to a debugger and then review the application's log.

Disassemble the binary code and then identify the break points.

Start a packet capture with Wireshark and then run the application.

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

business and network operations may be impacted.

security compliance regulations or laws may be violated.

testing can make detecting actual APT more challenging.

testing adds to the workload of defensive cyber- and threat-hunting teams.

business and network operations may be impacted.

CompTIA PT0-002 Practice Test 5 - Free Online Exam Prep & Questions

Question 1 / 40

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

Send an SMS with a spoofed service number including a link to download a malicious application.

Exploit a vulnerability in the MDM and create a new account and device profile.

Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.

Infest a website that is often used by employees with malware targeted toward x86 architectures.

Comment (0)

CompTIA PT0-002 Practice Test 5

Question

CompTIA PT0-002 Practice Tests

Practice Tests