New CompTIA Pentest+ Certification Exam PT0-002 Dumps Released

1. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

2. A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

Which of the following would be the BEST recommendation to prevent this type of activity in the future?

3. A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.

Which of the following should the tester do NEXT?

4. Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

5. A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.

Which of the following commands should be used to accomplish the goal?

6. A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

7. A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop.

Which of the following can be used to ensure the tester is able to maintain access to the system?

8. A penetration tester performs the following command:

curl CI Chttp2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

9. In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers.

Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

10. A penetration tester is scanning a corporate lab network for potentially vulnerable services.

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

11. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

12. A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

Which of the following concerns would BEST support the software company’s request?

13. A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.

Which of the following are considered passive reconnaissance tools? (Choose two.)

14. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

15. Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

16. A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment.

Identification requires the penetration tester to:

✑ Have a full TCP connection

✑ Send a “hello” payload

✑ Walt for a response

✑ Send a string of characters longer than 16 bytes

Which of the following approaches would BEST support the objective?

17. A penetration tester ran the following command on a staging server:

python Cm SimpleHTTPServer 9891

Which of the following commands could be used to download a file named exploit to a target machine for execution?

18. Penetration-testing activities have concluded, and the initial findings have been reviewed with the client.

Which of the following best describes the NEXT step in the engagement?

19. Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

20. A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant.

Which of the following is the MINIMUM frequency to complete the scan of the system?

21. Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

22. Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

23. A penetration tester is reviewing the following SOW prior to engaging with a client:

“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”

Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

24. A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot.

Which of the following techniques would BEST support this objective?

25. A penetration tester recently completed a review of the security of a core network device within a corporate environment.

The key findings are as follows:

• The following request was intercepted going to the network device:

GET /login HTTP/1.1

Host: 10.50.100.16

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept-Language: en-US,en;q=0.5

Connection: keep-alive

Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk

• Network management interfaces are available on the production network.

• An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

26. A penetration tester is exploring a client’s website.

The tester performs a curl command and obtains the following:

* Connected to 10.2.11.144 (::1) port 80 (#0) > GET /readmine.html HTTP/1.1

> Host: 10.2.11.144

> User-Agent: curl/7.67.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200

< Date: Tue, 02 Feb 2021 21:46:47 GMT

< Server: Apache/2.4.41 (Debian)

< Content-Length: 317

< Content-Type: text/html; charset=iso-8859-1

<

<!DOCTYPE html> <html lang=”en”> <head>

<meta name=”viewport” content=”width=device-width” />

<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” />

<title>WordPress &#8250; ReadMe</title>

<link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /> </head>

Which of the following tools would be BEST for the penetration tester to use to explore this site further?

27. During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.

Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

28. A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.

Which of the following was captured by the testing team?

29. When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

30. A consultant is reviewing the following output after reports of intermittent connectivity issues:

? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]

Which of the following is MOST likely to be reported by the consultant?

31. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

32. Which of the following tools provides Python classes for interacting with network protocols?

33. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment.

Which of the following could be used for a denial-of-service attack on the network segment?

34. A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following:

Which of the following would be a recommendation for remediation?

35. A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code.

Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

36. A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal.

Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

37. A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data.

Which of the following should the tester do with this information to make this a successful exploit?

38. An Nmap network scan has found five open ports with identified services.

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

39. When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified.

Which of the following character combinations should be used on the first line of the script to accomplish this goal?

40. A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor.

Which of the following should the penetration tester do NEXT?