CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 91:

  Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

  A. Use of non-optimized sort functions
  B. Poor input sanitization
  C. Null pointer dereferences
  D. Non-compliance with code style guide
  E. Use of deprecated Javadoc tags
  F. A cydomatic complexity score of 3
  B. Poor input sanitization
  C. Null pointer dereferences

  ---

  Explanation

• Question 92:

  During an engagement, a junior penetration tester found a multihomed host that led to an unknown network segment. The penetration tester ran a port scan against the network segment, which caused an outage at the customer's factory.

  Which of the following documents should the junior penetration tester most likely follow to avoid this issue in the future?

  A. NDA
  B. MSA
  C. ROE
  D. SLA
  C. ROE

  ---

  Explanation

  Rules of Engagement (ROE) documents outline the scope, boundaries, and rules for a penetration test to prevent unintended consequences such as network outages.

  Details:

  NDA (Non-Disclosure Agreement): Protects confidential information but does not provide guidelines for engagement.

  MSA (Master Service Agreement): General terms and conditions for services but does not detail specific engagement rules.

  ROE (Rules of Engagement): Specifies the limits and guidelines for testing, including which systems can be tested, when, and how, to avoid disruptions. SLA (Service Level Agreement): Defines the level of service expected but does not

  guide the testing process.

  References:

  ROE is a critical document in penetration testing engagements to ensure both the tester and client are aligned on the scope and limitations, as outlined in various penetration testing standards and methodologies.

• Question 93:

  Which of the following is a ROE component that provides a penetration tester with guidance on who and how to contact the necessary individuals in the event of a disaster during an engagement?

  A. Engagementscope
  B. Communication escalation path
  C. SLA
  D. SOW
  B. Communication escalation path

  ---

  Explanation

  The communication escalation path is a component of the Rules of Engagement (ROE) that provides a penetration tester with guidance on whom to contact and how to proceed in the event of an emergency or disaster during an engagement.

  This includes contact information for key individuals and predefined procedures to follow to ensure that any issues are addressed promptly and appropriately. The engagement scope defines the boundaries and objectives of the test, the SLA

  (Service Level Agreement) outlines performance and uptime requirements, and the SOW (Statement of Work) details the tasks and deliverables. However, the communication escalation path specifically addresses communication protocols

  during emergencies.

  References:

  Explanation of Rules of Engagement components: OWASP Testing Guide Examples from penetration testing engagements highlighting the importance of communication plans: Anubis.

• Question 94:

  Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?

  A. Scraping social media for personal details
  B. Registering domain names that are similar to the target company's
  C. Identifying technical contacts at the company
  D. Crawling the company's website for company information
  A. Scraping social media for personal details

  ---

  Explanation

  Scraping social media for personal details can help a penetration tester craft personalized and convincing social engineering attacks against top-level executives, who may share sensitive or confidential information on their profiles. Registering domain names that are similar to the target company's can be used for phishing or typosquatting attacks, but not specifically against executives. Identifying technical contacts at the company can help with reconnaissance, but not with social engineering. Crawling the company's website for company information can provide general background knowledge, but not specific details about executives.

• Question 95:

  A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

  A. tcpdump
  B. Snort
  C. Nmap
  D. Netstat
  E. Fuzzer
  C. Nmap

  ---

  Explanation

• Question 96:

  A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

  A. OWASP Top 10
  B. MITRE ATTandCK framework
  C. NIST Cybersecurity Framework
  D. The Diamond Model of Intrusion Analysis
  B. MITRE ATTandCK framework

  ---

  Explanation

  The MITRE ATTandCK framework is a methodology that should be used to best meet the client's expectations. The MITRE ATTandCK framework is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are continuously updated based on real-world observations. The framework covers a wide variety of enterprise systems and networks, such as Windows, Linux, macOS, cloud, mobile, and network devices. The framework can help the penetration tester to emulate realistic threats and identify gaps in defenses.

• Question 97:

  A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

  Which of the following concerns would BEST support the software company's request?

  A. The reverse-engineering team may have a history of selling exploits to third parties.
  B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
  C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
  D. The reverse-engineering team will be given access to source code for analysis.
  A. The reverse-engineering team may have a history of selling exploits to third parties.

  ---

  Explanation

• Question 98:

  Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

  A. MSA
  B. NDA
  C. SOW
  D. ROE
  B. NDA

  ---

  Explanation

• Question 99:

  A consulting company is completing the ROE during scoping. Which of the following should be included in the ROE?

  A. Cost ofthe assessment
  B. Report distribution
  C. Testing restrictions
  D. Liability
  B. Report distribution

  ---

  Explanation

• Question 100:

  A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers.

  When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

  A. Crawling the web application's URLs looking for vulnerabilities
  B. Fingerprinting all the IP addresses of the application's servers
  C. Brute forcing the application's passwords
  D. Sending many web requests per second to test DDoS protection
  D. Sending many web requests per second to test DDoS protection

  ---

  Explanation