CompTIA PenTest+ PT0-002 Practice Test Engine Try These 434 Exam Questions [Q123-Q144]

CompTIA PenTest+ PT0-002 Practice Test Engine: Try These 434 Exam Questions

Guaranteed Success in CompTIA PenTest+ PT0-002 Exam Dumps

NEW QUESTION # 123
Given the following code:
$p = (80, 110, 25)
$network = (192.168.0)
$range = 1 .. 254
$ErrorActionPreference = 'silentlycontinue'
$Foreach ($add in $range)
$Foreach ($x in $p)
{ {$ip = "{0} . {1} -F $network, $add"
If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)
{$socket = new-object System.Net. Sockets. TcpClient (&ip, $x)
If ($socket. Connected) { $ip $p open"
$socket. Close () }
}
}}
Which of the following tasks could be accomplished with the script?

• A. Port scan
• B. Reverse shell
• C. Ping sweep
• D. File download

Answer: A

Explanation:
The script is performing a port scan on the network 192.168.0.0/24, by testing the connectivity of three ports (80, 110, 25) on each IP address in the range 1-254. A port scan is a technique used to identify open ports and services on a target host or network. It can be used for reconnaissance, vulnerability assessment, or penetration testing. References:
*The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, Chapter 3, Lesson 3.2, Topic
3.2.2: Perform a port scan
*PowerShell TCP port scanner, Stack Overflow answer by postanote
*PowerShell Basics: How to Scan Open Ports Within a Network, Tech Community blog by Anthony Bartolo

NEW QUESTION # 124
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation:
A picture containing shape Description automatically generated

A picture containing treemap chart Description automatically generated

Text Description automatically generated

Graphical user interface Description automatically generated

NEW QUESTION # 125
Given the following code:

Which of the following data structures is systems?

• A. An array
• B. A tree
• C. A dictionary
• D. A tuple

Answer: A

NEW QUESTION # 126
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

• A. Active Directory domain controller
• B. Print queue
• C. Exposed RDP
• D. Network device
• E. Public-facing web server
• F. IoT/embedded device

Answer: E,F

Explanation:
Explanation
https://www.netscout.com/what-is-ddos/slowloris-attacks
From the http-title in the output, this looks like an IoT device with RH implying Relative Humidity, that offers a web-based interface for visualizing the results.

NEW QUESTION # 127
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

• A. Follow the established data retention and destruction process
• B. Encrypt and store any client information for future analysis
• C. Report any findings to regulatory oversight groups
• D. Publish the findings after the client reviews the report

Answer: B

Explanation:
After completing an assessment and providing the report and evidence to the client, it is important to follow the established data retention and destruction process to ensure the confidentiality of the client's information.
This process typically involves securely deleting or destroying any data collected during the assessment that is no longer needed, and securely storing any data that needs to be retained. This helps to prevent unauthorized access to the client's information and protects the client's confidentiality.
Reporting any findings to regulatory oversight groups may be necessary in some cases, but it should be done only with the client's permission and in accordance with any relevant legal requirements. Publishing the findings before the client has reviewed the report is also not recommended, as it may breach the client's confidentiality and damage their reputation. Encrypting and storing client information for future analysis is also not recommended unless it is necessary and in compliance with any legal or ethical requirements.

NEW QUESTION # 128
A penetration tester gives the following command to a systems administrator to execute on one of the target servers:
rm -f /var/www/html/G679h32gYu.php
Which of the following BEST explains why the penetration tester wants this command executed?

• A. To delete credentials the tester created
• B. To remove a web shell after the penetration test
• C. To trick the systems administrator into installing a rootkit
• D. To close down a reverse shell

Answer: B

Explanation:
Explanation
A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.

NEW QUESTION # 129
Given the following output:
User-agent:*
Disallow: /author/
Disallow: /xmlrpc.php
Disallow: /wp-admin
Disallow: /page/
During which of the following activities was this output MOST likely obtained?

• A. Domain enumeration
• B. URL enumeration
• C. Website scraping
• D. Website cloning

Answer: B

Explanation:
Explanation
URL enumeration is the activity of discovering and mapping the URLs of a website, such as directories, files, parameters, or subdomains. URL enumeration can help to identify the structure, content, and functionality of a website, as well as potential vulnerabilities or misconfigurations. One of the methods of URL enumeration is to analyze the robots.txt file of a website, which is a text file that tells search engine crawlers which URLs the crawler can or can't request from the site1. The output shown in the question is an example of a robots.txt file that disallows crawling of certain URLs, such as /author/, /xmlrpc.php, /wp-admin, or /page/.

NEW QUESTION # 130
During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

Which of the following vulnerabilities was the attacker trying to exploit?

• A. ..URL manipulation
• B. ..Insecure direct object reference
• C. ..SQL injection
• D. ..Session hijacking

Answer: B

Explanation:
The attacker is sequentially changing the serviceID parameter in the URL, likely in an attempt to access objects that they are not authorized to see. This is indicative of an attempt to exploit an Insecure Direct Object Reference (IDOR) vulnerability, where unauthorized access to objects can occur by manipulating input or changing parameters in the URL.
An insecure direct object reference (IDOR) vulnerability occurs when an application exposes a reference to an internal object, such as a file, directory, database record, or key, without any proper authorization or validation mechanism. This allows an attacker to manipulate the reference and access other objects that they are not authorized to access. In this case, the attacker was trying to exploit the IDOR vulnerability in the servicestatus.php script, which accepts a serviceID parameter that directly references a service object. By changing the value of the serviceID parameter, the attacker could access different services that they were not supposed to see. References: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.2: Insecure Direct Object References; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack.

NEW QUESTION # 131
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

• A. NTP
• B. DNS
• C. SMTP
• D. Telnet
• E. SNMP
• F. HTTP

Answer: B,F

NEW QUESTION # 132
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

• A. Test for RFC-defined protocol conformance.
• B. Attempt to brute force authentication to the service.
• C. Check for an open relay configuration.
• D. Perform a reverse DNS query and match to the service banner.

Answer: D

NEW QUESTION # 133
A penetration tester created the following script to use in an engagement:

However, the tester is receiving the following error when trying to run the script:

Which of the following is the reason for the error?

• A. The argv variable was not defined.
• B. The sys variable was not defined.
• C. The argv module was not imported.
• D. The sys module was not imported.

Answer: B

NEW QUESTION # 134
A penetration tester wrote the following Bash script to brute force a local service password:
..ting as expected. Which of the following changes should the penetration tester make to get the script to work?

• A. .echo "The correct password is $p" && break)
  echo "The correct password is $p" I break
• B. echo "The correct password is Sp" && break)
  echo "The correct password is $p" && break)
• C. ..echo "The correct password is $p" && break)
  echo "The correct password is $p" I| break
• D. .{ echo "The correct password is $p" && break )

Answer: A

Explanation:
CeWL is a tool that can be used to crawl a website and build a wordlist using the data recovered to crack the password on the website.
CeWL stands for Custom Word List generator, and it is a Ruby script that spiders a given website up to a specified depth and returns a list of words that can be used for password cracking or other purposes.
CeWL can also generate wordlists based on metadata, email addresses, author names, or external links found on the website.
CeWL can help a penetration tester create customized wordlists that are tailored to the target website and increase the chances of success for password cracking attacks.
DirBuster is a tool that can be used to brute force directories and files names on web servers. w3af is a tool that can be used to scan web applications for vulnerabilities and exploits.
Patator is a tool that can be used to perform brute force attacks against various protocols and services.

NEW QUESTION # 135
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

• A. Aircrack-ng
• B. Kismet
• C. Wifite
• D. Wireshark

Answer: A

Explanation:
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

NEW QUESTION # 136
Which of the following assessment methods is the most likely to cause harm to an ICS environment?

• A. Packet analysis
• B. Protocol reversing
• C. Active scanning
• D. Ping sweep

Answer: C

Explanation:
Active scanning is the process of sending probes or packets to a target system or network and analyzing the responses to gather information or identify vulnerabilities. Active scanning can be intrusive and disruptive, especially in an ICS environment, where availability and reliability are critical. Active scanning can cause unintended consequences, such as triggering alarms, shutting down devices, or affecting physical processes.
Therefore, active scanning is the most likely to cause harm to an ICS environment among the given options.
References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.
*The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook1, Chapter 2: Conducting Passive Reconnaissance, page 2-20.
*Risk Assessment Standards for ICS Environments2, page 8.

NEW QUESTION # 137
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

• A. Identify all third parties involved.
• B. Obtain an asset inventory from the client.
• C. Interview all stakeholders.
• D. Clarify the statement of work.

Answer: D

NEW QUESTION # 138
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.
Which of the following is the MOST important action to take before starting this type of assessment?

• A. Ensure the client has signed the SOW.
• B. Verify the client has granted network access to the hot site.
• C. Determine if the failover environment relies on resources not owned by the client.
• D. Establish communication and escalation procedures with the client.

Answer: A

Explanation:
The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.

NEW QUESTION # 139
A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

• A. Decode the authorization header using Base64.
• B. Decrypt the authorization header using AES.
• C. Decode the authorization header using UTF-8.
• D. Decrypt the authorization header using bcrypt.

Answer: A

NEW QUESTION # 140
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation:
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls

NEW QUESTION # 141
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the
following is the BEST option for the tester to take?

• A. Notify the client about the firewall.
• B. Scan the firewall for vulnerabilities.
• C. Apply patches to the firewall.
• D. Segment the firewall from the cloud.

Answer: A

Explanation:
The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.

NEW QUESTION # 142
A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)

• A. Setting up a secret management solution for all items in the source code management system
• B. Creating a trigger that will prevent developers from including passwords in the source code management system
• C. Leveraging a solution to scan for other similar instances in the source code management system
• D. Implementing role-based access control on the source code management system
• E. Developing a secure software development life cycle process for committing code to the source code management system
• F. Configuring multifactor authentication on the source code management system

Answer: A,E

Explanation:
Access keys are credentials that allow users to authenticate and authorize requests to a source code management (SCM) system, such as GitLab or AWS. Access keys should be kept secret and not exposed in plain text within the source code, as this can compromise the security and integrity of the SCM system and its data.
Some possible options for addressing the issue of access keys within an organization's SCM solution are:
* Setting up a secret management solution for all items in the SCM system: This is a tool or service that securely stores, manages, and distributes secrets such as access keys, passwords, tokens, certificates, etc. A secret management solution can help prevent secrets from being exposed in plain text within the source code or configuration files3456.
* Developing a secure software development life cycle (SDLC) process for committing code to the SCM system: This is a framework or methodology that defines how software is developed, tested, deployed, and maintained. A secure SDLC process can help ensure that best practices for security are followed throughout the software development process, such as code reviews, static analysis tools, vulnerability scanning tools, etc. A secure SDLC process can help detect and prevent access keys from being included in the source code before they are committed to the SCM system1.

NEW QUESTION # 143
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

• A. Run the nc -e /bin/sh <...> command.
• B. Create a one-shot systemd service to establish a reverse shell.
• C. Move laterally to create a user account on LDAP
• D. Obtain /etc/shadow and brute force the root password.

Answer: B

Explanation:
Explanation
https://hosakacorp.net/p/systemd-user.html

NEW QUESTION # 144
......

CompTIA PenTest Certification is a comprehensive credential that is specifically designed to test the abilities and knowledge of a cybersecurity professional when it comes to penetration testing. It prepares them to be able to work as a pentester or vulnerability management analyst among other cyber-security experts. CompTIA PenTest+ Certification certification covers most of the core topics such as planning and developing the scope and various penetration testing strategies, management and reporting of different phases, compliance and regulations related to pen-testing, and much more.

 

Test Engine to Practice PT0-002 Test Questions: https://pass4sure.practicedump.com/PT0-002-exam-questions.html