ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output: [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'abcde' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'edcfg' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'qazsw' [ATTEMPT] target 192.168.1.112 - login 'root' -- pass ''tyuio'' Which of the following is the penetration tester conducting?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Question 221

Report
Export
Collapse

Which of the following documents is agreed upon by all parties associated with the penetrationtesting engagement and defines the scope, contacts, costs, duration, and deliverables?

A.
SOW
A.
SOW
Answers
B.
SLA
B.
SLA
Answers
C.
MSA
C.
MSA
Answers
D.
NDA
D.
NDA
Answers
Suggested answer: A

Explanation:

The document that is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables is the SOW (Statement of Work). The SOW is a formal document that describes the objectives, expectations, and responsibilities of the penetration-testing project2. The SOW should be clear, concise, and comprehensive to avoid any ambiguity or misunderstanding.

Question 222

Report
Export
Collapse

In Python socket programming, SOCK_DGRAM type is:

A.
reliable.
A.
reliable.
Answers
B.
matrixed.
B.
matrixed.
Answers
C.
connectionless.
C.
connectionless.
Answers
D.
slower.
D.
slower.
Answers
Suggested answer: C

Explanation:

In Python socket programming, SOCK_DGRAM type is connectionless. This means that the socket does not establish a reliable connection between the sender and the receiver, and does not guarantee that the packets will arrive in order or without errors. SOCK_DGRAM type is used for UDP (User Datagram Protocol) sockets, which are faster and simpler than TCP (Transmission Control Protocol) sockets3.

Question 223

Report
Export
Collapse

Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

A.
Executive summary
A.
Executive summary
Answers
B.
Remediation
B.
Remediation
Answers
C.
Methodology
C.
Methodology
Answers
D.
Metrics and measures
D.
Metrics and measures
Answers
Suggested answer: B

Explanation:

The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.

Question 224

Report
Export
Collapse

After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

A.
Change the file permissions.
A.
Change the file permissions.
Answers
B.
Use privilege escalation.
B.
Use privilege escalation.
Answers
C.
Cover tracks.
C.
Cover tracks.
Answers
D.
Start a reverse shell.
D.
Start a reverse shell.
Answers
Suggested answer: B

Explanation:

The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.

Question 225

Report
Export
Collapse

Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?

A.
An unknown-environment assessment
A.
An unknown-environment assessment
Answers
B.
A known-environment assessment
B.
A known-environment assessment
Answers
C.
A red-team assessment
C.
A red-team assessment
Answers
D.
A compliance-based assessment
D.
A compliance-based assessment
Answers
Suggested answer: C

Explanation:

A red-team assessment is a type of penetration testing that simulates a real-world attack scenario with the goal of accessing specific data or systems. A red-team assessment is different from an unknown-environment assessment, which does not have a predefined objective and focuses on discovering as much information as possible about the target. A known-environment assessment is a type of penetration testing that involves cooperation and communication with the target organization, and may not focus on specific data or systems. A compliance-based assessment is a type of penetration testing that aims to meet certain regulatory or industry standards, and may not focus on specific data or systems.

Question 226

Report
Export
Collapse

A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision?

A.
The tester had the situational awareness to stop the transfer.
A.
The tester had the situational awareness to stop the transfer.
Answers
B.
The tester found evidence of prior compromise within the data set.
B.
The tester found evidence of prior compromise within the data set.
Answers
C.
The tester completed the assigned part of the assessment workflow.
C.
The tester completed the assigned part of the assessment workflow.
Answers
D.
The tester reached the end of the assessment time frame.
D.
The tester reached the end of the assessment time frame.
Answers
Suggested answer: A

Explanation:

Situational awareness is the ability to perceive and understand the environment and events around oneself, and to act accordingly. The penetration tester demonstrated situational awareness by stopping the transfer of PII, which was out of scope and could have violated the ROE or legal and ethical principles. The other options are not relevant to the situation or the decision of the penetration tester.

Question 227

Report
Export
Collapse

A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell.

However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?

A.
windows/x64/meterpreter/reverse_tcp
A.
windows/x64/meterpreter/reverse_tcp
Answers
B.
windows/x64/meterpreter/reverse_http
B.
windows/x64/meterpreter/reverse_http
Answers
C.
windows/x64/shell_reverse_tcp
C.
windows/x64/shell_reverse_tcp
Answers
D.
windows/x64/powershell_reverse_tcp
D.
windows/x64/powershell_reverse_tcp
Answers
E.
windows/x64/meterpreter/reverse_https
E.
windows/x64/meterpreter/reverse_https
Answers
Suggested answer: B

Explanation:

These two payloads are most likely to establish a shell successfully because they use HTTP or HTTPS protocols, which are commonly allowed by network devices and can bypass firewall rules or IPS signatures. The other payloads use TCP protocols, which are more likely to be blocked or detected by network devices.

Question 228

Report
Export
Collapse

A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

A.
Situational awareness
A.
Situational awareness
Answers
B.
Rescheduling
B.
Rescheduling
Answers
C.
DDoS defense
C.
DDoS defense
Answers
D.
Deconfliction
D.
Deconfliction
Answers
Suggested answer: D

Explanation:

https://redteam.guide/docs/definitions/

Deconfliction is the process of coordinating activities and communicating information to avoid interference, confusion, or conflict among different parties involved in an operation. The network engineer contacted the penetration tester to check if the GET requests were part of the test, and to avoid any potential misunderstanding or disruption of the test or the website. The other options are not related to the purpose of checking with the penetration tester.

Question 229

Report
Export
Collapse

Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?

A.
Exploit-DB
A.
Exploit-DB
Answers
B.
Metasploit
B.
Metasploit
Answers
C.
Shodan
C.
Shodan
Answers
D.
Retina
D.
Retina
Answers
Suggested answer: A

Explanation:

"Exploit Database (ExploitDB) is a repository of exploits for the purpose of public security, and it explains what can be found on the database. The ExploitDB is a very useful resource for identifying possible weaknesses in your network and for staying up to date on current attacks occurring in other networks" Exploit-DB is a website that collects and archives exploits for various software and hardware products, including network infrastructure devices. Exploit-DB allows users to search for exploits by product name, vendor, type, platform, CVE number, or date. Exploit-DB is a useful resource for obtaining payloads against specific network infrastructure products. Metasploit is a framework that contains many exploits and payloads, but it is not a resource for obtaining them. Shodan is a search engine that scans the internet for devices and services, but it does not provide exploits or payloads.

Retina is a vulnerability scanner that identifies weaknesses in network devices, but it does not provide exploits or payloads.

Question 230

Report
Export
Collapse

A penetration tester gives the following command to a systems administrator to execute on one of the target servers:

rm -f /var/www/html/G679h32gYu.php

Which of the following BEST explains why the penetration tester wants this command executed?

A.
To trick the systems administrator into installing a rootkit
A.
To trick the systems administrator into installing a rootkit
Answers
B.
To close down a reverse shell
B.
To close down a reverse shell
Answers
C.
To remove a web shell after the penetration test
C.
To remove a web shell after the penetration test
Answers
D.
To delete credentials the tester created
D.
To delete credentials the tester created
Answers
Suggested answer: C

Explanation:

A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.

Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms