ExamGecko
Login
Home / CompTIA / PT0-002 / List of questions
Ask Question

CompTIA PT0-002 Practice Test - Questions Answers, Page 41

Add to Whishlist

List of questions

Question 401

Report Export Collapse

After obtaining a reverse shell connection, a penetration tester runs the following command: www-data@server!2:sudo -1

User www-data may run the following commands on serverl2: (root) NOPASSWD: /usr/bin/vi

Which of the following is the fastest way to escalate privileges on this server?

Become a Premium Member for full access
  Unlock Premium Member

Question 402

Report Export Collapse

SIMULATION

A penetration tester performs several Nmap scans against the web application for a client.

INSTRUCTIONS

Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CompTIA PT0-002 image Question 402 97531 10022024175321000000

CompTIA PT0-002 image Question 402 97531 10022024175321000000

CompTIA PT0-002 image Question 402 97531 10022024175321000000

CompTIA PT0-002 image Question 402 97531 10022024175321000000

CompTIA PT0-002 image Question 402 97531 10022024175321000000

Become a Premium Member for full access
  Unlock Premium Member

Question 403

Report Export Collapse

A penetration tester enters a command into the shell and receives the following output:

C:\Users\UserX\Desktop>vmic service get name, pathname, displayname, startmode | findstr /i auto | findstr /i /v |C:\\Windows\\' I findstr /i /v''

VulnerableService Some Vulnerable Service C:\Program Files\A Subfolder\B Subfolder\SomeExecutable.exe Automatic

Which of the following types of vulnerabilities does this system contain?

Become a Premium Member for full access
  Unlock Premium Member

Question 404

Report Export Collapse

A security consultant wants to perform a vulnerability assessment with an application that can effortlessly generate an easy-to-read report. Which of the following should the attacker use?

Become a Premium Member for full access
  Unlock Premium Member

Question 405

Report Export Collapse

A penetration tester is attempting to perform reconnaissance on a customer's external-facing footprint and reviews a summary of the fingerprinting scans:

SSH servers: 23

NTP servers: 4

Rsync servers: 5

LDAP servers: 2

Which of the following OSs is the organization most likely using?

Become a Premium Member for full access
  Unlock Premium Member

Question 406

Report Export Collapse

During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?

Become a Premium Member for full access
  Unlock Premium Member

Question 407

Report Export Collapse

During an assessment, a penetration tester needs to perform a cloud asset discovery of an organization. Which of the following tools would most likely provide more accurate results in this situation?

Become a Premium Member for full access
  Unlock Premium Member

Question 408

Report Export Collapse

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

Become a Premium Member for full access
  Unlock Premium Member

Question 409

Report Export Collapse

A penetration tester wants to perform a SQL injection test. Which of the following characters should the tester use to start the SQL injection attempt?

Become a Premium Member for full access
  Unlock Premium Member

Question 410

Report Export Collapse

Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?

Become a Premium Member for full access
  Unlock Premium Member
Total 464 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A penetration tester gains access to a system and is able to migrate to a user process: Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?
When accessing the URL http://192.168.0-1/validate/user.php , a penetration tester obtained the following output: ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company's employees. Which of the following tools can help the tester achieve this goal?
An organization is using Android mobile devices but does not use MDM services. Which of the following describes an existing risk present in this scenario?
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?
Which of the following components should a penetration tester most likely include in a report at the end of an assessment?
A penetration tester was hired to test Wi-Fi equipment. Which of the following tools should be used to gather information about the wireless network?
A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?