ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 321

Report
Export
Collapse

A penetration tester runs the following command:

nmap -p- -A 10.0.1.10

Given the execution of this command, which of the following quantities of ports will Nmap scan?

A.
1,000
A.
1,000
Answers
B.
1,024
B.
1,024
Answers
C.
10,000
C.
10,000
Answers
D.
65,535
D.
65,535
Answers
Suggested answer: D

Explanation:

The nmap command with the -p- flag scans all ports from 1 to 65535 on the target host. The -A flag enables OS detection, version detection, script scanning, and traceroute. Therefore, the command will scan 65,535 ports on the host 10.0.1.10 and perform additional analysis on the open ports.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.

* Nmap Cheat Sheet 2024: All the Commands & Flags - StationX1

* Nmap Commands - 17 Basic Commands for Linux Network - phoenixNAP2

Question 322

Report
Export
Collapse

Within a Python script, a line that states print (var) outputs the following:

[{'1' : 'CentOS', '2' : 'Ubuntu'), {'1' : 'Windows 10', '2' : 'Windows Server 2016'}]

Which of the following objects or data structures is var ?

A.
An array
A.
An array
Answers
B.
A class
B.
A class
Answers
C.
A dictionary
C.
A dictionary
Answers
D.
A list
D.
A list
Answers
Suggested answer: D

Explanation:

A list is a data structure in Python that can store multiple values of different types in a sequential order. A list is created by enclosing the values in square brackets [ ] and separating them by commas. A list can also contain other lists as its elements, creating a nested or multidimensional list. The output of the print (var) statement shows that var is a list that contains two elements, each of which is another list with two key-value pairs. The key-value pairs are enclosed in curly braces { }, which indicate that they are dictionaries, another data structure in Python that maps keys to values. Therefore, var is a list of dictionaries.

Reference:

*

5. Data Structures --- Python 3.12.1 documentation1, section 5.1. More on Lists

* Python Data Structures - GeeksforGeeks2, section Lists in Python

* Common Python Data Structures (Guide) -- Real Python3, section Lists

Question 323

Report
Export
Collapse

A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet.

Which of the following commands should the engineer use to achieve the objective in the least amount of time?

A.
nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100
A.
nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100
Answers
B.
nmap -TO -p 80 10.0.0.0/16
B.
nmap -TO -p 80 10.0.0.0/16
Answers
C.
nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60
C.
nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60
Answers
D.
nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80
D.
nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80
Answers
Suggested answer: C

Explanation:

The nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60 command is used to scan the 10.0.0.0/16 subnet for web servers (port 80) at a maximum rate of 60 packets per minute. The -T4 option sets the timing template to ''aggressive'', which speeds up the scan. The --max-rate option limits the number of packets sent per second, helping to bypass the network IPS that isolates the source when the scan exceeds 100 packets per minute12.

Reference: Nmap commands

Question 324

Report
Export
Collapse

During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:

<% String id = request.getParameter('id'); %>

Employee ID: <%= id %>

Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?

A.
Parameterized queries
A.
Parameterized queries
Answers
B.
Patch application
B.
Patch application
Answers
C.
Output encoding
C.
Output encoding
Answers
Suggested answer: C

Explanation:

Output encoding is a technique that prevents cross-site scripting (XSS) attacks by encoding the user input before displaying it on the web page. This way, any malicious scripts or HTML tags are rendered harmless and cannot execute on the browser. Output encoding is recommended by the OWASP Top 10 as a defense against XSS1. In this case, the vulnerable code is using a scriptlet to display the employee ID without any validation or encoding, which could allow an attacker to inject malicious code through the id parameter. Output encoding would prevent this by escaping any special characters in the id parameter.

Reference: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.1: Cross-site Scripting; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack; OWASP Top 10 2021, A7: Cross-site Scripting (XSS).

Question 325

Report
Export
Collapse

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A.
All of the ports in the target range are closed.
A.
All of the ports in the target range are closed.
Answers
B.
Nmap needs more time to scan the ports in the target range.
B.
Nmap needs more time to scan the ports in the target range.
Answers
C.
The ports in the target range cannot be scanned because they are common UDP ports.
C.
The ports in the target range cannot be scanned because they are common UDP ports.
Answers
D.
All of the ports in the target range are open
D.
All of the ports in the target range are open
Answers
Suggested answer: A

Explanation:

The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed.

Reference: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]

Question 326

Report
Export
Collapse

A penetration tester is testing a company's public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the following actions should the penetration tester take next?

A.
Include the findings in the final report.
A.
Include the findings in the final report.
Answers
B.
Notify the client immediately.
B.
Notify the client immediately.
Answers
C.
Document which commands can be executed.
C.
Document which commands can be executed.
Answers
D.
Use this feature to further compromise the server.
D.
Use this feature to further compromise the server.
Answers
Suggested answer: B

Explanation:

The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed.

Reference: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]

Question 327

Report
Export
Collapse

A penetration tester wants to accomplish ARP poisoning as part of an attack. Which of the following tools will the tester most likely utilize?

A.
Wireshark
A.
Wireshark
Answers
B.
Netcat
B.
Netcat
Answers
C.
Nmap
C.
Nmap
Answers
D.
Ettercap
D.
Ettercap
Answers
Suggested answer: D

Explanation:

ARP poisoning is a technique that exploits the weakness of the ARP protocol to redirect network traffic to a malicious host. Ettercap is a tool that can perform ARP poisoning and other network attacks, such as DNS spoofing, SSL stripping, and password sniffing. Wireshark, Netcat, and Nmap are not designed for ARP poisoning, although they can be used for other purposes, such as packet analysis, network communication, and port scanning.

Reference: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 5, Section 5.2.1: ARP Poisoning; Best PenTest+ certification study resources and training materials, Section 2: ARP Poisoning.

Question 328

Report
Export
Collapse

Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

A.
OWASP Top 10
A.
OWASP Top 10
Answers
B.
MITRE ATT&CK
B.
MITRE ATT&CK
Answers
C.
Cyber Kill Chain
C.
Cyber Kill Chain
Answers
D.
Well-Architected Framework
D.
Well-Architected Framework
Answers
Suggested answer: B

Question 329

Report
Export
Collapse

A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of the ATMs. Which of the following should the tester do to best meet the company's vulnerability scan requirements?

A.
Use Nmap's -T2 switch to run a slower scan and with less resources.
A.
Use Nmap's -T2 switch to run a slower scan and with less resources.
Answers
B.
Run the scans using multiple machines.
B.
Run the scans using multiple machines.
Answers
C.
Run the scans only during lunch hours.
C.
Run the scans only during lunch hours.
Answers
D.
Use Nmap's -host-timeout switch to skip unresponsive targets.
D.
Use Nmap's -host-timeout switch to skip unresponsive targets.
Answers
Suggested answer: A

Question 330

Report
Export
Collapse

A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.

INSTRUCTIONS

Select the appropriate answer(s), given the output from each section.

Output 1

A.
See all the solutions below in Explanation
A.
See all the solutions below in Explanation
Answers
Suggested answer: A

Explanation:


Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms