ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002
Ask QuestionAsk Question

CompTIA PT0-002 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
When accessing the URL http://192.168.0-1/validate/user.php , a penetration tester obtained the following output: ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?

Question 1

Report
Export
Collapse

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.

Which of the following should the tester verify FIRST to assess this risk?

A.
Whether sensitive client data is publicly accessible
A.
Whether sensitive client data is publicly accessible
Answers
B.
Whether the connection between the cloud and the client is secure
B.
Whether the connection between the cloud and the client is secure
Answers
C.
Whether the client's employees are trained properly to use the platform
C.
Whether the client's employees are trained properly to use the platform
Answers
D.
Whether the cloud applications were developed using a secure SDLC
D.
Whether the cloud applications were developed using a secure SDLC
Answers
Suggested answer: A
asked 02/10/2024
Shoban Babu
41 questions

Question 2

Report
Export
Collapse

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees.

Which of the following tools can help the tester achieve this goal?

A.
Metasploit
A.
Metasploit
Answers
B.
Hydra
B.
Hydra
Answers
C.
SET
C.
SET
Most voted
Answers (1)
Most voted
D.
WPScan
D.
WPScan
Answers
Suggested answer: A
asked 02/10/2024
Sam K
30 questions

Question 3

Report
Export
Collapse

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A.
chmod u+x script.sh
A.
chmod u+x script.sh
Answers
B.
chmod u+e script.sh
B.
chmod u+e script.sh
Answers
C.
chmod o+e script.sh
C.
chmod o+e script.sh
Answers
D.
chmod o+x script.sh
D.
chmod o+x script.sh
Answers
Suggested answer: A

Explanation:

Reference: https://newbedev.com/chmod-u-x-versus-chmod-x

asked 02/10/2024
July Truong
38 questions

Question 4

Report
Export
Collapse

A compliance-based penetration test is primarily concerned with:

A.
obtaining Pll from the protected network.
A.
obtaining Pll from the protected network.
Answers
B.
bypassing protection on edge devices.
B.
bypassing protection on edge devices.
Answers
C.
determining the efficacy of a specific set of security standards.
C.
determining the efficacy of a specific set of security standards.
Answers
D.
obtaining specific information from the protected network.
D.
obtaining specific information from the protected network.
Answers
Suggested answer: C
asked 02/10/2024
Jordi Nogues
36 questions

Question 5

Report
Export
Collapse

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

A.
Understanding the tactics of a security intrusion can help disrupt them.
A.
Understanding the tactics of a security intrusion can help disrupt them.
Answers
B.
Scripts that are part of the framework can be imported directly into SIEM tools.
B.
Scripts that are part of the framework can be imported directly into SIEM tools.
Answers
C.
The methodology can be used to estimate the cost of an incident better.
C.
The methodology can be used to estimate the cost of an incident better.
Answers
D.
The framework is static and ensures stability of a security program overtime.
D.
The framework is static and ensures stability of a security program overtime.
Answers
Suggested answer: A

Explanation:

Reference: https://attack.mitre.org/

asked 02/10/2024
Christopher Adams
40 questions

Question 6

Report
Export
Collapse

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

A.
Line 01
A.
Line 01
Answers
B.
Line 02
B.
Line 02
Answers
C.
Line 07
C.
Line 07
Answers
D.
Line 08
D.
Line 08
Answers
Suggested answer: D
asked 02/10/2024
An Khang Nguyen
48 questions

Question 7

Report
Export
Collapse

A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

A.
Cost ofthe assessment
A.
Cost ofthe assessment
Answers
B.
Report distribution
B.
Report distribution
Answers
C.
Testing restrictions
C.
Testing restrictions
Most voted
Answers (1)
Most voted
D.
Liability
D.
Liability
Answers
Suggested answer: B
asked 02/10/2024
Oleksandr Kondratchuk
35 questions

Question 8

Report
Export
Collapse

A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

A.
Establish the format required by the client.
A.
Establish the format required by the client.
Answers
B.
Establish the threshold of risk to escalate to the client immediately.
B.
Establish the threshold of risk to escalate to the client immediately.
Answers
C.
Establish the method of potential false positives.
C.
Establish the method of potential false positives.
Answers
D.
Establish the preferred day of the week for reporting.
D.
Establish the preferred day of the week for reporting.
Answers
Suggested answer: B
asked 02/10/2024
Andreas Krieger
34 questions

Question 9

Report
Export
Collapse

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

A.
Wardriving
A.
Wardriving
Answers
B.
Shodan
B.
Shodan
Answers
C.
Recon-ng
C.
Recon-ng
Answers
D.
Aircrack-ng
D.
Aircrack-ng
Answers
Suggested answer: C
asked 02/10/2024
Mahendra Belgaonkar
36 questions

Question 10

Report
Export
Collapse

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

A.
Unsupported operating systems
A.
Unsupported operating systems
Answers
B.
Susceptibility to DDoS attacks
B.
Susceptibility to DDoS attacks
Answers
C.
Inability to network
C.
Inability to network
Answers
D.
The existence of default passwords
D.
The existence of default passwords
Answers
Suggested answer: A
asked 02/10/2024
Konstantinos Lagoudakis
28 questions
Total 445 questions
Go to page: of 45
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium