ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002

CompTIA PT0-002 Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

Question 81

Report
Export
Collapse

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

A.
IP addresses and subdomains
A.
IP addresses and subdomains
Answers
B.
Zone transfers
B.
Zone transfers
Answers
C.
DNS forward and reverse lookups
C.
DNS forward and reverse lookups
Answers
D.
Internet search engines
D.
Internet search engines
Answers
E.
Externally facing open ports
E.
Externally facing open ports
Answers
F.
Shodan results
F.
Shodan results
Answers
Suggested answer: A, D

Explanation:

A) IP addresses and subdomains. This is correct. IP addresses and subdomains are useful information for a penetration tester to identify the scope and range of the company's web presence. IP addresses can reveal the location, network, and service provider of the company's web servers, while subdomains can indicate the different functions and features of the company's website. A penetration tester can use tools like whois, Netcraft, or DNS lookups to find IP addresses and subdomains associated with the company's domain name.

D) Internet search engines. This is correct. Internet search engines are powerful tools for a penetration tester to perform passive information gathering around the company's web presence.

Search engines can provide a wealth of information, such as the company's profile, history, news, social media accounts, reviews, products, services, customers, partners, competitors, and more. A penetration tester can use advanced search operators and keywords to narrow down the results and find relevant information. For example, using the site: operator can limit the results to a specific domain or subdomain, while using the intitle: operator can filter the results by the title of the web pages.

Question 82

Report
Export
Collapse

Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

A.
The CVSS score of the finding
A.
The CVSS score of the finding
Answers
B.
The network location of the vulnerable device
B.
The network location of the vulnerable device
Answers
C.
The vulnerability identifier
C.
The vulnerability identifier
Answers
D.
The client acceptance form
D.
The client acceptance form
Answers
E.
The name of the person who found the flaw
E.
The name of the person who found the flaw
Answers
F.
The tool used to find the issue
F.
The tool used to find the issue
Answers
Suggested answer: C, F

Question 83

Report
Export
Collapse

A penetration tester performs the following command:

curl -I -http2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: A

Explanation:

Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/

Question 84

Report
Export
Collapse

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

A.
John the Ripper
A.
John the Ripper
Answers
B.
Hydra
B.
Hydra
Answers
C.
Mimikatz
C.
Mimikatz
Answers
D.
Cain and Abel
D.
Cain and Abel
Answers
Suggested answer: A

Explanation:

Reference: https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/

Question 85

Report
Export
Collapse

A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results?

A.
Root user
A.
Root user
Answers
B.
Local administrator
B.
Local administrator
Answers
C.
Service
C.
Service
Answers
D.
Network administrator
D.
Network administrator
Answers
Suggested answer: C

Question 86

Report
Export
Collapse

User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

A.
MD5
A.
MD5
Answers
B.
bcrypt
B.
bcrypt
Answers
C.
SHA-1
C.
SHA-1
Answers
D.
PBKDF2
D.
PBKDF2
Answers
Suggested answer: A

Explanation:

Reference: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/

Question 87

Report
Export
Collapse

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.

Which of the following social-engineering attacks was the tester utilizing?

A.
Phishing
A.
Phishing
Answers
B.
Tailgating
B.
Tailgating
Answers
C.
Baiting
C.
Baiting
Answers
D.
Shoulder surfing
D.
Shoulder surfing
Answers
Suggested answer: C

Explanation:

Reference: https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats

Question 88

Report
Export
Collapse

A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

A.
ftp 192.168.53.23
A.
ftp 192.168.53.23
Answers
B.
smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 -U guest
B.
smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 -U guest
Answers
C.
ncrack -u Administrator -P 15worst_passwords.txt -p rdp 192.168.53.23
C.
ncrack -u Administrator -P 15worst_passwords.txt -p rdp 192.168.53.23
Answers
D.
curl -X TRACE https://192.168.53.23:8443/index.aspx
D.
curl -X TRACE https://192.168.53.23:8443/index.aspx
Answers
E.
nmap --script vuln -sV 192.168.53.23
E.
nmap --script vuln -sV 192.168.53.23
Answers
Suggested answer: A

Question 89

Report
Export
Collapse

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A.
Test for RFC-defined protocol conformance.
A.
Test for RFC-defined protocol conformance.
Answers
B.
Attempt to brute force authentication to the service.
B.
Attempt to brute force authentication to the service.
Answers
C.
Perform a reverse DNS query and match to the service banner.
C.
Perform a reverse DNS query and match to the service banner.
Answers
D.
Check for an open relay configuration.
D.
Check for an open relay configuration.
Answers
Suggested answer: D

Explanation:

SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.

Question 90

Report
Export
Collapse

A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?

A.
Multiple handshakes
A.
Multiple handshakes
Answers
B.
IP addresses
B.
IP addresses
Answers
C.
Encrypted file transfers
C.
Encrypted file transfers
Answers
D.
User hashes sent over SMB
D.
User hashes sent over SMB
Answers
Suggested answer: B
Total 422 questions
Go to page: of 43
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms