ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 34

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 331

Report
Export
Collapse

A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

A.
Remote file inclusion
A.
Remote file inclusion
Answers
B.
Cross-site scripting
B.
Cross-site scripting
Answers
C.
SQL injection
C.
SQL injection
Answers
D.
Insecure direct object references
D.
Insecure direct object references
Answers
Suggested answer: D

Explanation:

Insecure Direct Object Reference (IDOR) vulnerabilities occur when an application provides direct access to objects based on user-supplied input. This can allow an attacker to bypass authorization and access resources in the system directly, for example database records or files1. In this case, the penetration tester could potentially bypass the strict access controls and access the organization's sensitive files.

Reference: IDOR Vulnerability Overview

Question 332

Report
Export
Collapse

Given the following code:

$p = (80, 110, 25)

$network = (192.168.0)

$range = 1 .. 254

$ErrorActionPreference = 'silentlycontinue'

$Foreach ($add in $range)

$Foreach ($x in $p)

{ {$ip = '{0} . {1} -F $network, $add'

If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)

{$socket = new-object System.Net. Sockets. TcpClient (&ip, $x)

If ($socket. Connected) { $ip $p open'

$socket. Close () }

}

}}

Which of the following tasks could be accomplished with the script?

A.
Reverse shell
A.
Reverse shell
Answers
B.
Ping sweep
B.
Ping sweep
Answers
C.
File download
C.
File download
Answers
D.
Port scan
D.
Port scan
Answers
Suggested answer: D

Explanation:

The script is performing a port scan on the network 192.168.0.0/24, by testing the connectivity of three ports (80, 110, 25) on each IP address in the range 1-254. A port scan is a technique used to identify open ports and services on a target host or network. It can be used for reconnaissance, vulnerability assessment, or penetration testing.

Reference:

* The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, Chapter 3, Lesson 3.2, Topic 3.2.2: Perform a port scan

* PowerShell TCP port scanner, Stack Overflow answer by postanote

* PowerShell Basics: How to Scan Open Ports Within a Network, Tech Community blog by Anthony Bartolo

Question 333

Report
Export
Collapse

A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?

A.
file=http://192.168. 1. 78?+document.cookie
A.
file=http://192.168. 1. 78?+document.cookie
Answers
B.
file =.. / .. / .. /proc/self/environ
B.
file =.. / .. / .. /proc/self/environ
Answers
C.
file='%20or%2054365=54365 ;--
C.
file='%20or%2054365=54365 ;--
Answers
D.
file=http://169.254.169.254/latest/meta-data/
D.
file=http://169.254.169.254/latest/meta-data/
Answers
Suggested answer: D

Explanation:

The payload D is used to access the metadata service of the laaS compute instance, which can provide information about the running process credentials, such as the instance ID, the service account, and the SSH keys. This is a common technique for exploiting cloud-based web applications that do not properly secure their metadata service. The other payloads are not effective for this purpose, as they either try to access the cookie data (A), the environment variables (B), or perform a SQL injection attack , which are not related to the running process credentials.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002) eBook, Chapter 7, Lesson 7.2, Topic 7.2.3: Perform attacks on cloud technologies

* Set up service authentication - Azure Machine Learning, Section: Managed identity

* Set up authentication - Azure Machine Learning, Section: Managed identity

* Compute Engine IAM roles and permissions - Google Cloud, Section: Service accounts

Question 334

Report
Export
Collapse

HOTSPOT

A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.

INSTRUCTIONS

Select the tool the penetration tester should use for further investigation.

Select the two entries in the robots.txt file that the penetration tester should recommend for removal.


Question 334
Correct answer: Question 334

Question 335

Report
Export
Collapse

A security firm is discussing the results of a penetration test with a client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following best describes the action taking place?

A.
Maximizing the likelihood of finding vulnerabilities
A.
Maximizing the likelihood of finding vulnerabilities
Answers
B.
Reprioritizing the goals/objectives
B.
Reprioritizing the goals/objectives
Answers
C.
Eliminating the potential for false positives
C.
Eliminating the potential for false positives
Answers
D.
Reducing the risk to the client environment
D.
Reducing the risk to the client environment
Answers
Suggested answer: B

Explanation:

The action of shifting the focus of a penetration test to a specific critical network segment based on the findings during the engagement best aligns with B. Reprioritizing the goals/objectives. because as the client is choosing to change the focus of the testing to a particular area based on the findings. It reflects an adjustment of the original plan or goals to better suit the current understanding of the system's security posture.

Question 336

Report
Export
Collapse

A penetration tester wrote the following script on a compromised system:

#!/bin/bash

network='10.100.100'

ports='22 23 80 443'

for x in {1 .. 254};

do (nc -zv $network.$x $ports );

done

Which of the following would explain using this script instead of another tool?

A.
The typical tools could not be used against Windows systems.
A.
The typical tools could not be used against Windows systems.
Answers
B.
The configuration required the penetration tester to not utilize additional files.
B.
The configuration required the penetration tester to not utilize additional files.
Answers
C.
The Bash script will provide more thorough output.
C.
The Bash script will provide more thorough output.
Answers
D.
The penetration tester wanted to persist this script to run on reboot.
D.
The penetration tester wanted to persist this script to run on reboot.
Answers
Suggested answer: B

Question 337

Report
Export
Collapse

An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive most likely experiencing?

A.
Data modification
A.
Data modification
Answers
B.
Amplification
B.
Amplification
Answers
C.
Captive portal
C.
Captive portal
Answers
D.
Evil twin
D.
Evil twin
Answers
Suggested answer: D

Explanation:

The attacker creates an access point with the same name and network settings as a legitimate access point, but with a stronger signal to attract users. Once a victim connects to the rogue access point, the attacker can intercept and steal any data transmitted over the connection, including login credentials, credit card information, and other sensitive data.

Question 338

Report
Export
Collapse

During a client engagement, a penetration tester runs the following Nmap command and obtains the following output:

nmap -sV -- script ssl-enum-ciphers -p 443 remotehost

| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

| TLS_ECDHE_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_RC4_128_SHA (rsa 2048)

TLS_RSA_WITH_RC4_128_MD5 (rsa 2048)

Which of the following should the penetration tester include in the report?

A.
Old, insecure ciphers are in use.
A.
Old, insecure ciphers are in use.
Answers
B.
The 3DES algorithm should be deprecated.
B.
The 3DES algorithm should be deprecated.
Answers
C.
2,048-bit symmetric keys are incompatible with MD5.
C.
2,048-bit symmetric keys are incompatible with MD5.
Answers
D.
This server should be upgraded to TLS 1.2.
D.
This server should be upgraded to TLS 1.2.
Answers
Suggested answer: A

Explanation:

The output of the Nmap command shows that the remote host supports RC4 ciphers, which are considered weak and vulnerable to several attacks, such as the BEAST and the RC4 NOMORE attacks. RC4 ciphers should not be used in modern TLS implementations, and they are not supported by TLS 1.3. Therefore, the penetration tester should include this finding in the report and recommend disabling RC4 ciphers on the server.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, page 259.

* Nmap ssl-enum-ciphers NSE Script - InfosecMatter1

* How do I list the SSL/TLS cipher suites a particular website offers?

Question 339

Report
Export
Collapse

A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?

A.
ROE
A.
ROE
Answers
B.
SLA
B.
SLA
Answers
C.
NDA
C.
NDA
Answers
D.
SOW
D.
SOW
Answers
Suggested answer: A

Explanation:

ROE stands for Rules of Engagement, which are the guidelines and limitations that define the scope, objectives, and methods of a penetration testing engagement. ROE should be agreed upon by both the client and the tester before the testing begins, and they should include the authorization to perform certain actions, such as requesting CVE numbers, disclosing vulnerabilities, or exploiting systems. By requesting a CVE number without express authorization, the penetration tester most likely breached the ROE and violated the client's trust and expectations.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 1: Planning and Scoping Penetration Tests, page 23-24.

* CVE - CVE1

* NDA, MSA, SOW and SLA. Confidentiality agreements when you outsource QA

Question 340

Report
Export
Collapse

A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?

A.
Determine if the tester was proficient.
A.
Determine if the tester was proficient.
Answers
B.
Test a new non-public-facing server for vulnerabilities.
B.
Test a new non-public-facing server for vulnerabilities.
Answers
C.
Determine if the initial report is complete.
C.
Determine if the initial report is complete.
Answers
D.
Test the efficacy of the remediation effort.
D.
Test the efficacy of the remediation effort.
Answers
Suggested answer: D

Explanation:

A retest is a follow-up assessment where the penetration tester checks if the vulnerabilities found in the initial test have been fixed or mitigated by the client. A retest can provide many benefits, such as verifying the effectiveness of the remediation actions, showing improvement to internal or external stakeholders, and reducing the risk of future exploitation. A retest is usually performed after a certain period of time, which can be agreed upon in the rules of engagement or the statement of work. A week after the scheduled maintenance window is a reasonable time frame to allow the client to apply the necessary patches or configuration changes to their network. Therefore, the client is most likely attempting to test the efficacy of the remediation effort by asking for a retest.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 7: Reporting and Communication, page 375-376.

* Is a Re-Test Included with a Penetration Test?1

Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms