ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 131

Report
Export
Collapse

A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?

A.
Stronger algorithmic requirements
A.
Stronger algorithmic requirements
Answers
B.
Access controls on the server
B.
Access controls on the server
Answers
C.
Encryption on the user passwords
C.
Encryption on the user passwords
Answers
D.
A patch management program
D.
A patch management program
Answers
Suggested answer: A

Question 132

Report
Export
Collapse

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

A.
SQLmap
A.
SQLmap
Answers
B.
Nessus
B.
Nessus
Answers
C.
Nikto
C.
Nikto
Answers
D.
DirBuster
D.
DirBuster
Answers
Suggested answer: B

Question 133

Report
Export
Collapse

A penetration tester is attempting to discover live hosts on a subnet quickly.

Which of the following commands will perform a ping scan?

A.
nmap -sn 10.12.1.0/24
A.
nmap -sn 10.12.1.0/24
Answers
B.
nmap -sV -A 10.12.1.0/24
B.
nmap -sV -A 10.12.1.0/24
Answers
C.
nmap -Pn 10.12.1.0/24
C.
nmap -Pn 10.12.1.0/24
Answers
D.
nmap -sT -p- 10.12.1.0/24
D.
nmap -sT -p- 10.12.1.0/24
Answers
Suggested answer: A

Explanation:

Reference: https://www.tecmint.com/find-live-hosts-ip-addresses-on-linux-network/

Question 134

Report
Export
Collapse

Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

A.
Shodan
A.
Shodan
Answers
B.
Nmap
B.
Nmap
Answers
C.
WebScarab-NG
C.
WebScarab-NG
Answers
D.
Nessus
D.
Nessus
Answers
Suggested answer: B

Question 135

Report
Export
Collapse

A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

A.
Wireshark
A.
Wireshark
Answers
B.
Aircrack-ng
B.
Aircrack-ng
Answers
C.
Kismet
C.
Kismet
Answers
D.
Wifite
D.
Wifite
Answers
Suggested answer: B

Explanation:

Reference: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-withevil-twin-attack-0183880/

https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-usingaircrack-ng-and-dnsmasq-part-2-the-attack/

Question 136

Report
Export
Collapse

An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?

A.
nmap 192.168.0.1/24
A.
nmap 192.168.0.1/24
Answers
B.
nmap 192.168.0.1/24 ?
B.
nmap 192.168.0.1/24 ?
Answers
C.
nmap oG 192.168.0.1/24
C.
nmap oG 192.168.0.1/24
Answers
D.
nmap 192.168.0.1/24
D.
nmap 192.168.0.1/24
Answers
Suggested answer: A

Question 137

Report
Export
Collapse

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?

A.
To meet PCI DSS testing requirements
A.
To meet PCI DSS testing requirements
Answers
B.
For testing of the customer's SLA with the ISP
B.
For testing of the customer's SLA with the ISP
Answers
C.
Because of concerns regarding bandwidth limitations
C.
Because of concerns regarding bandwidth limitations
Answers
D.
To ensure someone is available if something goes wrong
D.
To ensure someone is available if something goes wrong
Answers
Suggested answer: D

Question 138

Report
Export
Collapse

A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:

Which of the following represents what the penetration tester is attempting to accomplish?

A.
DNS cache poisoning
A.
DNS cache poisoning
Answers
B.
MAC spoofing
B.
MAC spoofing
Answers
C.
ARP poisoning
C.
ARP poisoning
Answers
D.
Double-tagging attack
D.
Double-tagging attack
Answers
Suggested answer: D

Explanation:

https://scapy.readthedocs.io/en/latest/usage.html

Question 139

Report
Export
Collapse

The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

A.
nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
A.
nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
Answers
B.
nmap ?iR10oX out.xml | grep ?Nmap ? | cut d ?"f5 > live-hosts.txt
B.
nmap ?iR10oX out.xml | grep ?Nmap ? | cut d ?"f5 > live-hosts.txt
Answers
C.
nmap ?PnsV OiL target.txt ?A target_text_Service
C.
nmap ?PnsV OiL target.txt ?A target_text_Service
Answers
D.
nmap ?sSPn n iL target.txt ?A target_txtl
D.
nmap ?sSPn n iL target.txt ?A target_txtl
Answers
Suggested answer: A

Explanation:

According to the Official CompTIA PenTest+ Self-Paced Study Guide1, the correct answer is A. nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt.

This command will perform a ping scan (-sn) without reverse DNS resolution (-n) on the IP range 10.1.1.0/24, excluding the attack machine's IP address (10.1.1.15) from the scan (-exclude). It will also output the results in three formats (normal, grepable and XML) with a base name of target_txt (-oA).

Question 140

Report
Export
Collapse

A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?

A.
Terminate the contract.
A.
Terminate the contract.
Answers
B.
Update the ROE with new signatures. Most Voted
B.
Update the ROE with new signatures. Most Voted
Answers
C.
Scan the 8-bit block to map additional missed hosts.
C.
Scan the 8-bit block to map additional missed hosts.
Answers
D.
Continue the assessment.
D.
Continue the assessment.
Answers
Suggested answer: B
Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms