ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output: [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'abcde' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'edcfg' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'qazsw' [ATTEMPT] target 192.168.1.112 - login 'root' -- pass ''tyuio'' Which of the following is the penetration tester conducting?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Question 141

Report
Export
Collapse

A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

A.
Pick a lock.
A.
Pick a lock.
Answers
B.
Disable the cameras remotely.
B.
Disable the cameras remotely.
Answers
C.
Impersonate a package delivery worker.
C.
Impersonate a package delivery worker.
Answers
D.
Send a phishing email.
D.
Send a phishing email.
Answers
Suggested answer: C

Question 142

Report
Export
Collapse

A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?

A.
Key reinstallation
A.
Key reinstallation
Answers
B.
Deauthentication
B.
Deauthentication
Answers
C.
Evil twin
C.
Evil twin
Answers
D.
Replay
D.
Replay
Answers
Suggested answer: B

Explanation:

Deauth will make the client connect again

Question 143

Report
Export
Collapse

PCI DSS requires which of the following as part of the penetration-testing process?

A.
The penetration tester must have cybersecurity certifications.
A.
The penetration tester must have cybersecurity certifications.
Answers
B.
The network must be segmented.
B.
The network must be segmented.
Answers
C.
Only externally facing systems should be tested.
C.
Only externally facing systems should be tested.
Answers
D.
The assessment must be performed during non-working hours.
D.
The assessment must be performed during non-working hours.
Answers
Suggested answer: B

Question 144

Report
Export
Collapse

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

A.
The penetration tester conducts a retest.
A.
The penetration tester conducts a retest.
Answers
B.
The penetration tester deletes all scripts from the client machines.
B.
The penetration tester deletes all scripts from the client machines.
Answers
C.
The client applies patches to the systems.
C.
The client applies patches to the systems.
Answers
D.
The client clears system logs generated during the test.
D.
The client clears system logs generated during the test.
Answers
Suggested answer: C

Question 145

Report
Export
Collapse

A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

A.
nmap ?sn 192.168.0.1/16
A.
nmap ?sn 192.168.0.1/16
Answers
B.
nmap ?sn 192.168.0.1-254
B.
nmap ?sn 192.168.0.1-254
Answers
C.
nmap ?sn 192.168.0.1 192.168.0.1.254
C.
nmap ?sn 192.168.0.1 192.168.0.1.254
Answers
D.
nmap ?sN 192.168.0.0/24
D.
nmap ?sN 192.168.0.0/24
Answers
Suggested answer: B

Question 146

Report
Export
Collapse

A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?

A.
Steganography
A.
Steganography
Answers
B.
Metadata removal
B.
Metadata removal
Answers
C.
Encryption
C.
Encryption
Answers
D.
Encode64
D.
Encode64
Answers
Suggested answer: B

Explanation:

All other answers are a form of encryption or randomizing the data.

Question 147

Report
Export
Collapse

A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:

comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.

3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org.

comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.

Which of the following potential issues can the penetration tester identify based on this output?

A.
At least one of the records is out of scope.
A.
At least one of the records is out of scope.
Answers
B.
There is a duplicate MX record.
B.
There is a duplicate MX record.
Answers
C.
The NS record is not within the appropriate domain.
C.
The NS record is not within the appropriate domain.
Answers
D.
The SOA records outside the comptia.org domain.
D.
The SOA records outside the comptia.org domain.
Answers
Suggested answer: A

Question 148

Report
Export
Collapse

A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

A.
tcpdump
A.
tcpdump
Answers
B.
Snort
B.
Snort
Answers
C.
Nmap
C.
Nmap
Answers
D.
Netstat
D.
Netstat
Answers
E.
Fuzzer
E.
Fuzzer
Answers
Suggested answer: C

Question 149

Report
Export
Collapse

Deconfliction is necessary when the penetration test:

A.
determines that proprietary information is being stored in cleartext.
A.
determines that proprietary information is being stored in cleartext.
Answers
B.
occurs during the monthly vulnerability scanning.
B.
occurs during the monthly vulnerability scanning.
Answers
C.
uncovers indicators of prior compromise over the course of the assessment.
C.
uncovers indicators of prior compromise over the course of the assessment.
Answers
D.
proceeds in parallel with a criminal digital forensic investigation.
D.
proceeds in parallel with a criminal digital forensic investigation.
Answers
Suggested answer: C

Explanation:

This will then enable the PenTest to continue so that additional issues can be found, exploited, and analyzed.

Question 150

Report
Export
Collapse

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?

A.
Hashcat
A.
Hashcat
Answers
B.
Mimikatz
B.
Mimikatz
Answers
C.
Patator
C.
Patator
Answers
D.
John the Ripper
D.
John the Ripper
Answers
Suggested answer: C

Explanation:

https://www.kali.org/tools/patator/

Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms