CompTIA CompTIA PenTest+ PT0-002 Questions & Answers

• Question 1:

  CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated.

  

  

  Correct Answer: Answer: See explanation below.

  1: Null session enumeration

  Weak SMB file permissions

  Fragmentation attack

  2: nmap

  -sV

  -p 1-1023

  192.168.2.2

  3: #!/usr/bin/python

  export $PORTS = 21,22

  for $PORT in $PORTS:

  try:

  s.connect((ip, port))

  print("%s:%s ?OPEN" % (ip, port))

  except socket.timeout

  print("%:%s ?TIMEOUT" % (ip, port))

  except socket.error as e:

  print("%:%s ?CLOSED" % (ip, port))

  finally

  s.close()

  port_scan(sys.argv[1], ports)

• Question 2:

  A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

  A. Nmap

  B. Nikto

  C. Cain and Abel

  D. Ethercap

  Correct Answer: B

  https://hackertarget.com/nikto-website-scanner/

• Question 3:

  A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

  Which of the following should be included as a recommendation in the remediation report?

  A. Stronger algorithmic requirements

  B. Access controls on the server

  C. Encryption on the user passwords

  D. A patch management program

  Correct Answer: A

• Question 4:

  A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

  A. Remove the logs from the server.

  B. Restore the server backup.

  C. Disable the running services.

  D. Remove any tools or scripts that were installed.

  E. Delete any created credentials.

  F. Reboot the target server.

  Correct Answer: DE

• Question 5:

  A consultant is reviewing the following output after reports of intermittent connectivity issues:

  (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

  (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

  (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

  (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

  (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

  (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

  (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

  (239.255.255.250)

  at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?

  A.

  A device on the network has an IP address in the wrong subnet.

  B.

  A multicast session was initiated using the wrong multicast group.

  C.

  An ARP flooding attack is using the broadcast address to perform DDoS.

  D.

  A device on the network has poisoned the ARP cache.

  Correct Answer: D

  The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address. With this on the same network, intermittent connectivity will be inevitable as along as the gateway remains unreachable on the IP known by the others machines on the network, and given that the new machine claiming to be the gateway has not been configured to route traffic.

• Question 6:

  After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

  

  The tester then runs the following command from the previous exploited system, which fails: Which of the following explains the reason why the command failed?

  A. The tester input the incorrect IP address.

  B. The command requires the-port 135 option.

  C. An account for RDP does not exist on the server.

  D. PowerShell requires administrative privilege.

  Correct Answer: C

• Question 7:

  A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

  A. Shoulder surfing

  B. Call spoofing

  C. Badge stealing

  D. Tailgating

  E. Dumpster diving

  F. Email phishing

  Correct Answer: CD

• Question 8:

  Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

  A. A quick description of the vulnerability and a high-level control to fix it

  B. Information regarding the business impact if compromised

  C. The executive summary and information regarding the testing company

  D. The rules of engagement from the assessment

  Correct Answer: A

  The systems administrator and the technical stuff would be more interested in the technical aspect of the findings

• Question 9:

  A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible. Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  A. nmap-sT -vvv -O 192.168.1.2/24-PO

  B. nmap -sV 192.168.1.2/24-PO

  C. nmap -sA -v -O 192.168.1.2/24

  D. nmap -sS -O 192.168.1.2/24-T1

  Correct Answer: D

  Reference: https://nmap.org/book/man-port-scanning-techniques.html

• Question 10:

  During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

  A. Badge cloning

  B. Watering-hole attack

  C. Impersonation

  D. Spear phishing

  Correct Answer: D

  Spear phishing is a type of targeted attack where the attacker sends emails that appear to come from a legitimate source, often a company or someone familiar to the target, with the goal of tricking the target into clicking on a malicious link or providing sensitive information. In this case, the penetration tester has already gathered OSINT on the IT system administrator, so they can use this information to craft a highly targeted spear phishing attack to try and gain access to the target system.