ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 35

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 341

Report
Export
Collapse

During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reproduce these vulnerabilities?

A.
Operations staff
A.
Operations staff
Answers
B.
Developers
B.
Developers
Answers
C.
Third-party stakeholders
C.
Third-party stakeholders
Answers
D.
C-suite executives
D.
C-suite executives
Answers
Suggested answer: B

Explanation:

The developers would be the most interested in the steps to reproduce the web application vulnerabilities, because they are responsible for fixing the code and implementing security best practices. The steps to reproduce the vulnerabilities would help them understand the root cause of the problem, test the patches, and prevent similar issues in the future. The other options are less interested in the technical details of the vulnerabilities, as they have different roles and responsibilities. The operations staff are more concerned with the availability and performance of the web application, the third-party stakeholders are more interested in the business impact and risk assessment of the vulnerabilities, and the C-suite executives are more focused on the strategic and financial implications of the vulnerabilities123.

Reference:

* The Official CompTIA PenTest+ Study Guide (Exam PT0-002) eBook, Chapter 1, Lesson 1.4, Topic 1.4.1: Explain the importance of communication during the penetration testing process

* Web Application Penetration Testing: Steps, Methods, and Tools, SecureTriad article

* Web Application Security Testing: A Step-by-Step Guide, Acunetix article

Question 342

Report
Export
Collapse

A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'abcde'

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'edcfg'

[ATTEMPT] target 192.168.1.112 - login 'root' - pass 'qazsw'

[ATTEMPT] target 192.168.1.112 - login 'root' -- pass ''tyuio''

Which of the following is the penetration tester conducting?

A.
Port scan
A.
Port scan
Answers
B.
Brute force
B.
Brute force
Answers
C.
Credential stuffing
C.
Credential stuffing
Answers
D.
DoS attack
D.
DoS attack
Answers
Suggested answer: B

Question 343

Report
Export
Collapse

An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?

A.
ROE
A.
ROE
Answers
B.
NDA
B.
NDA
Answers
C.
MOU
C.
MOU
Answers
D.
SLA
D.
SLA
Answers
Suggested answer: B

Question 344

Report
Export
Collapse

Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

A.
Non-disclosure agreement
A.
Non-disclosure agreement
Answers
B.
Business associate agreement
B.
Business associate agreement
Answers
C.
Assessment scope and methodologies
C.
Assessment scope and methodologies
Answers
D.
Executive summary
D.
Executive summary
Answers
Suggested answer: C

Explanation:

The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination.

Reference:

* CompTIA PenTest+ Certification Exam Objectives, Domain 1.0 Planning and Scoping, Objective 1.1: Given a scenario, explain the importance of scoping an engagement properly.

* The Official CompTIA PenTest+ Instructor and Student Guides (PT0-002), Lesson 1: Planning and Scoping Penetration Tests, Topic 1.1: Introduction to Penetration Testing Concepts, Topic 1.2: The Penetration Testing Process, Topic 1.3: Planning and Scoping Penetration Tests.

Question 345

Report
Export
Collapse

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field:

IMG SRC=vbscript:msgbox ('Vulnerable_to_Attack') ; >originalAttribute='SRC'originalPath='vbscript;msgbox ('Vulnerable_to_Attack ') ;>'

When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays 'Vulnerable_to_Attack.' Which of the following vulnerabilities did the tester discover in the web application?

A.
SQL injection
A.
SQL injection
Answers
B.
Command injection
B.
Command injection
Answers
C.
Cross-site request forgery
C.
Cross-site request forgery
Answers
D.
Cross-site scripting
D.
Cross-site scripting
Answers
Suggested answer: D

Question 346

Report
Export
Collapse

As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?

A.
Assessing the performance of the network's API communication
A.
Assessing the performance of the network's API communication
Answers
B.
Identifying the token/authentication detail
B.
Identifying the token/authentication detail
Answers
C.
Enumerating all users of the application
C.
Enumerating all users of the application
Answers
D.
Extracting confidential user data from the intercepted API responses
D.
Extracting confidential user data from the intercepted API responses
Answers
Suggested answer: B

Explanation:

By intercepting and analyzing the API traffic, a penetration tester can gain valuable information about the authentication mechanism and the tokens used by the API. Tokens are typically used to identify and authorize users or applications that access the API. A penetration tester can use this information to perform attacks such as token hijacking, token tampering, or token replay. The other options are not directly related to the API traffic, but rather to the application logic or the network performance.

Reference:

* CompTIA PenTest+ Certification Exam Objectives, Domain 2.0 Attacks and Exploits, Objective 2.1: Given a scenario, exploit network-based vulnerabilities, Subobjective 2.1.3: Compare and contrast web server attacks, Subobjective 2.1.3.2: Authentication attacks.

* The Official CompTIA PenTest+ Instructor and Student Guides (PT0-002), Lesson 4: Exploiting Network Vulnerabilities, Topic 4.2: Exploiting Web Application Vulnerabilities, Topic 4.2.2: Authentication Attacks.

Question 347

Report
Export
Collapse

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A.
All of the ports in the target range are closed.
A.
All of the ports in the target range are closed.
Answers
B.
Nmap needs more time to scan the ports in the target range.
B.
Nmap needs more time to scan the ports in the target range.
Answers
C.
The ports in the target range cannot be scanned because they are common UDP ports.
C.
The ports in the target range cannot be scanned because they are common UDP ports.
Answers
D.
All of the ports in the target range are open.
D.
All of the ports in the target range are open.
Answers
Suggested answer: A

Explanation:

The -sX flag in Nmap performs a Xmas scan, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewalls and IDS/IPS devices by using a non-standard TCP packet. However, if the target port is closed, it will respond with a RST (reset) packet, indicating that there is no connection to be closed. This is how the penetration tester can infer that the ports in the target range are closed. If the port is open, the target will ignore the packet and not send any response.

Reference:

* Nmap Cheat Sheet 2024: All the Commands & Flags - StationX

* Nmap Commands - 17 Basic Commands for Linux Network - phoenixNAP

* NMAP Flag Guide: What They Are, When to Use Them - CBT Nuggets

* [The Official CompTIA PenTest+ Self-Paced Study Guide (Exam PT0-002)], Chapter 4: Conducting Active Scanning, page 151.

Question 348

Report
Export
Collapse

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

A.
nmap -sU -p 1-1024 10.0.0.15
A.
nmap -sU -p 1-1024 10.0.0.15
Answers
B.
nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn
B.
nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn
Answers
C.
nmap -T5 -p 1-65535 -A 10.0.0.15
C.
nmap -T5 -p 1-65535 -A 10.0.0.15
Answers
D.
nmap -T3 -F 10.0.0.15
D.
nmap -T3 -F 10.0.0.15
Answers
Suggested answer: B

Explanation:

The -T2 flag in Nmap sets the timing template to ''polite'', which means that Nmap will limit the number of parallel probes to 10 and the scan delay to 0.4 seconds. This will reduce the number of connections per minute and avoid triggering the active response tool. The -Pn flag tells Nmap to skip the host discovery phase and scan the target regardless of its ping response. The other options are not suitable for bypassing the active response tool, as they either scan too many ports (-sU, -T5, -F) or use a faster timing template (-T5, -T3) that will generate more connections per minute.

Reference:

* Nmap Cheat Sheet 2024: All the Commands & Flags - StationX

* Nmap Commands - 17 Basic Commands for Linux Network - phoenixNAP

* NMAP Flag Guide: What They Are, When to Use Them - CBT Nuggets

Question 349

Report
Export
Collapse

Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?

A.
DirBuster
A.
DirBuster
Answers
B.
Open VAS
B.
Open VAS
Answers
C.
Scout Suite
C.
Scout Suite
Answers
D.
CeWL
D.
CeWL
Answers
Suggested answer: A

Explanation:

DirBuster is a tool that can brute-force directories and filenames on web servers. It can help a penetration tester locate a file that was uploaded to a content management system by trying different combinations of paths and names until it finds a match. DirBuster can also use wordlists to speed up the process and discover hidden files or directories.

Reference: The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, page 156

Question 350

Report
Export
Collapse

Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?

A.
The IT department
A.
The IT department
Answers
B.
The executive management team and legal personnel
B.
The executive management team and legal personnel
Answers
C.
Organizational security personnel
C.
Organizational security personnel
Answers
D.
The human resources team
D.
The human resources team
Answers
Suggested answer: B
Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms