ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 121

Report
Export
Collapse

A penetration tester conducted an assessment on a web server. The logs from this session show the following:

http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ' ; DROP

TABLE SERVICES; --

Which of the following attacks is being attempted?

A.
Clickjacking
A.
Clickjacking
Answers
B.
Session hijacking
B.
Session hijacking
Answers
C.
Parameter pollution
C.
Parameter pollution
Answers
D.
Cookie hijacking
D.
Cookie hijacking
Answers
E.
Cross-site scripting
E.
Cross-site scripting
Answers
Suggested answer: C

Question 122

Report
Export
Collapse

An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

A.
Follow the established data retention and destruction process
A.
Follow the established data retention and destruction process
Answers
B.
Report any findings to regulatory oversight groups
B.
Report any findings to regulatory oversight groups
Answers
C.
Publish the findings after the client reviews the report
C.
Publish the findings after the client reviews the report
Answers
D.
Encrypt and store any client information for future analysis
D.
Encrypt and store any client information for future analysis
Answers
Suggested answer: D

Explanation:

After completing an assessment and providing the report and evidence to the client, it is important to follow the established data retention and destruction process to ensure the confidentiality of the client's information. This process typically involves securely deleting or destroying any data collected during the assessment that is no longer needed, and securely storing any data that needs to be retained. This helps to prevent unauthorized access to the client's information and protects the client's confidentiality.

Reporting any findings to regulatory oversight groups may be necessary in some cases, but it should be done only with the client's permission and in accordance with any relevant legal requirements.

Publishing the findings before the client has reviewed the report is also not recommended, as it may breach the client's confidentiality and damage their reputation. Encrypting and storing client information for future analysis is also not recommended unless it is necessary and in compliance with any legal or ethical requirements.

Question 123

Report
Export
Collapse

During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)

A.
Scraping social media sites
A.
Scraping social media sites
Answers
B.
Using the WHOIS lookup tool
B.
Using the WHOIS lookup tool
Answers
C.
Crawling the client's website
C.
Crawling the client's website
Answers
D.
Phishing company employees
D.
Phishing company employees
Answers
E.
Utilizing DNS lookup tools
E.
Utilizing DNS lookup tools
Answers
F.
Conducting wardriving near the client facility
F.
Conducting wardriving near the client facility
Answers
Suggested answer: A, C

Explanation:

Technical and billing addresses are usually posted on company websites and company social media sites for the their clients to access. The WHOIS lookup will only avail info for the company registrant, an abuse email contact, etc but it may not contain details for billing addresses.

Question 124

Report
Export
Collapse

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

A.
Data flooding
A.
Data flooding
Answers
B.
Session riding
B.
Session riding
Answers
C.
Cybersquatting
C.
Cybersquatting
Answers
D.
Side channel
D.
Side channel
Answers
Suggested answer: D

Explanation:

https://www.techtarget.com/searchsecurity/definition/side-channelattack#:~:text=Side%2Dchannel%20attacks%20can%20even,share%20the%20same%20physical%20hardware

Question 125

Report
Export
Collapse

A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

A.
Nessus
A.
Nessus
Answers
B.
ProxyChains
B.
ProxyChains
Answers
C.
OWASPZAP
C.
OWASPZAP
Answers
D.
Empire
D.
Empire
Answers
Suggested answer: B

Explanation:

Reference: https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports

Question 126

Report
Export
Collapse

A penetration tester received a .pcap file to look for credentials to use in an engagement.

Which of the following tools should the tester utilize to open and read the .pcap file?

A.
Nmap
A.
Nmap
Answers
B.
Wireshark
B.
Wireshark
Answers
C.
Metasploit
C.
Metasploit
Answers
D.
Netcat
D.
Netcat
Answers
Suggested answer: B

Question 127

Report
Export
Collapse

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

Which of the following Nmap scan syntaxes would BEST accomplish this objective?

A.
nmap -sT -vvv -O 192.168.1.2/24 -PO
A.
nmap -sT -vvv -O 192.168.1.2/24 -PO
Answers
B.
nmap -sV 192.168.1.2/24 -PO
B.
nmap -sV 192.168.1.2/24 -PO
Answers
C.
nmap -sA -v -O 192.168.1.2/24
C.
nmap -sA -v -O 192.168.1.2/24
Answers
D.
nmap -sS -O 192.168.1.2/24 -T1
D.
nmap -sS -O 192.168.1.2/24 -T1
Answers
Suggested answer: D

Explanation:

Reference: https://nmap.org/book/man-port-scanning-techniques.html

Question 128

Report
Export
Collapse

A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

A.
Utilize the tunnel as a means of pivoting to other internal devices.
A.
Utilize the tunnel as a means of pivoting to other internal devices.
Answers
B.
Disregard the IP range, as it is out of scope.
B.
Disregard the IP range, as it is out of scope.
Answers
C.
Stop the assessment and inform the emergency contact.
C.
Stop the assessment and inform the emergency contact.
Answers
D.
Scan the IP range for additional systems to exploit.
D.
Scan the IP range for additional systems to exploit.
Answers
Suggested answer: D

Question 129

Report
Export
Collapse

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

A.
Exploiting a configuration weakness in the SQL database
A.
Exploiting a configuration weakness in the SQL database
Answers
B.
Intercepting outbound TLS traffic
B.
Intercepting outbound TLS traffic
Answers
C.
Gaining access to hosts by injecting malware into the enterprise-wide update server
C.
Gaining access to hosts by injecting malware into the enterprise-wide update server
Answers
D.
Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
D.
Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
Answers
E.
Establishing and maintaining persistence on the domain controller
E.
Establishing and maintaining persistence on the domain controller
Answers
Suggested answer: B

Question 130

Report
Export
Collapse

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

Which of the following can be done with the pcap to gain access to the server?

A.
Perform vertical privilege escalation.
A.
Perform vertical privilege escalation.
Answers
B.
Replay the captured traffic to the server to recreate the session.
B.
Replay the captured traffic to the server to recreate the session.
Answers
C.
Use John the Ripper to crack the password.
C.
Use John the Ripper to crack the password.
Answers
D.
Utilize a pass-the-hash attack.
D.
Utilize a pass-the-hash attack.
Answers
Suggested answer: D
Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms