ExamGecko
Login
Home / CompTIA / PT0-002 / List of questions
Ask Question

CompTIA PT0-002 Practice Test - Questions Answers, Page 22

Add to Whishlist

List of questions

Question 211

Report Export Collapse

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:

python -c 'import pty; pty.spawn("/bin/bash")'

Which of the following actions Is the penetration tester performing?

Become a Premium Member for full access
  Unlock Premium Member

Question 212

Report Export Collapse

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hardwired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?

Become a Premium Member for full access
  Unlock Premium Member

Question 213

Report Export Collapse

A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?

Become a Premium Member for full access
  Unlock Premium Member

Question 214

Report Export Collapse

A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:

1;SELECT Username, Password FROM Users;

Which of the following injection attacks is the penetration tester using?

Become a Premium Member for full access
  Unlock Premium Member

Question 215

Report Export Collapse

Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

Become a Premium Member for full access
  Unlock Premium Member

Question 216

Report Export Collapse

A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

Become a Premium Member for full access
  Unlock Premium Member

Question 217

Report Export Collapse

A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Become a Premium Member for full access
  Unlock Premium Member

Question 218

Report Export Collapse

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?

Become a Premium Member for full access
  Unlock Premium Member

Question 219

Report Export Collapse

A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

x' OR role LIKE '%admin%

Which of the following should be recommended to remediate this vulnerability?

Become a Premium Member for full access
  Unlock Premium Member

Question 220

Report Export Collapse

The following output is from reconnaissance on a public-facing banking website:

CompTIA PT0-002 image Question 220 97349 10022024175321000000

Based on these results, which of the following attacks is MOST likely to succeed?

Become a Premium Member for full access
  Unlock Premium Member
Total 464 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
When accessing the URL http://192.168.0-1/validate/user.php , a penetration tester obtained the following output: ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?