ExamGecko
Search Search Login
Home Home / CompTIA / PT0-002
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory. Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
A penetration tester ran the following commands on a Windows server: Which of the following should the tester do AFTER delivering the final report?
Given the following user-supplied data: www.comptia.com/info.php?id=1 AND 1=1 Which of the following attack techniques is the penetration tester likely implementing?
A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?
A penetration tester is conducting an assessment for an e-commerce company and successfully copies the user database to the local machine. After a closer review, the penetration tester identifies several high-profile celebrities who have active user accounts with the online service. Which of the following is the most appropriate next step?
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
Which of the following types of information would most likely be included in an application security assessment report addressed to developers? (Select two).

Question 33 - PT0-002 discussion

Report
Export

A penetration tester is reviewing the following SOW prior to engaging with a client:

"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A.
Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
Answers
A.
Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
B.
Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
Answers
B.
Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
C.
Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
Answers
C.
Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
D.
Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
Answers
D.
Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
E.
Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
Answers
E.
Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
F.
Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
Answers
F.
Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
Suggested answer: C, D

Explanation:

These two behaviors would be considered unethical because they violate the principles of honesty, integrity, and confidentiality that penetration testers should adhere to. Failing to share critical vulnerabilities with the client would be dishonest and unprofessional, as it would compromise the quality and value of the assessment and potentially expose the client to greater risks. Seeking help in underground hacker forums by sharing the client's public IP address would be a breach of confidentiality and trust, as it would expose the client's identity and information to malicious actors who may exploit them.

Show Answer
asked 02/10/2024
Cyrom Meryll Santos
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms