CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 111:

  A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

  

  Which of the following is the most likely explanation for the output?

  A. The tester does not have credentials to access the server-status page.
  B. The admin directory cannot be fuzzed because it is forbidden.
  C. The admin, test, and db directories redirect to the log-in page.
  D. The robots.txt file has six entries in it.
  C. The admin, test, and db directories redirect to the log-in page.

  ---

  Explanation

  The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server.

• Question 112:

  A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists.

  Which of the following should be the FIRST step to plan the reconnaissance activities?

  A. Launch an external scan of netblocks.
  B. Check WHOIS and netblock records for the company.
  C. Use DNS lookups and dig to determine the external hosts.
  D. Conduct a ping sweep of the company's netblocks.
  C. Use DNS lookups and dig to determine the external hosts.

  ---

  Explanation

• Question 113:

  A penetration tester uncovers access keys within an organization's source code management solution.

  Which of the following would BEST address the issue? (Choose two.)

  A. Setting up a secret management solution for all items in the source code management system
  B. Implementing role-based access control on the source code management system
  C. Configuring multifactor authentication on the source code management system
  D. Leveraging a solution to scan for other similar instances in the source code management system
  E. Developing a secure software development life cycle process for committing code to the source code management system
  F. Creating a trigger that will prevent developers from including passwords in the source code management system
  A. Setting up a secret management solution for all items in the source code management system
  E. Developing a secure software development life cycle process for committing code to the source code management system

  ---

  Explanation

  Access keys are credentials that allow users to authenticate and authorize requests to a source code management (SCM) system, such as GitLab or AWS. Access keys should be kept secret and not exposed in plain text within the source code, as this can compromise the security and integrity of the SCM system and its data. Some possible options for addressing the issue of access keys within an organization's SCM solution are: Setting up a secret management solution for all items in the SCM system: This is a tool or service that securely stores, manages, and distributes secrets such as access keys, passwords, tokens, certificates, etc. A secret management solution can help prevent secrets from being exposed in plain text within the source code or configuration files3456. Developing a secure software development life cycle (SDLC) process for committing code to the SCM system: This is a framework or methodology that defines how software is developed, tested, deployed, and maintained. A secure SDLC process can help ensure that best practices for security are followed throughout the software development process, such as code reviews, static analysis tools, vulnerability scanning tools, etc. A secure SDLC process can help detect and prevent access keys from being included in the source code before they are committed to the SCM system1.

• Question 114:

  A penetration tester who is working remotely is conducting a penetration test using a wireless connection. Which of the following is the BEST way to provide confidentiality for the client while using this connection?

  A. Configure wireless access to use a AAA server.
  B. Use random MAC addresses on the penetration testing distribution.
  C. Install a host-based firewall on the penetration testing distribution.
  D. Connect to the penetration testing company's VPS using a VPN.
  D. Connect to the penetration testing company's VPS using a VPN.

  ---

  Explanation

  The best way to provide confidentiality for the client while using a wireless connection is to connect to the penetration testing company's VPS using a VPN. This will encrypt the traffic between the penetration tester and the VPS, and prevent any eavesdropping or interception by third parties. A VPN will also allow the penetration tester to access the client's network securely and bypass any firewall or network restrictions.

• Question 115:

  During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

  

  Which of the following was the script author trying to do?

  A. Spawn a local shell.
  B. Disable NIC.
  C. List processes.
  D. Change the MAC address
  D. Change the MAC address

  ---

  Explanation

  This Python script uses the subprocess.call function to execute shell commands that first bring down the network interface eth0 (though it seems there's a typo with "etho0"), change its MAC address to "2a:33:41:56:21:34", and then bring the interface back up. The purpose of these actions is to change the MAC address of the network interface card (NIC) associated with eth0. Changing a MAC address can be used for various reasons, including bypassing MAC address filters or anonymizing the device on the network.

• Question 116:

  What is the primary purpose of scoping in a penetration test?

  A. To identify potential risks and threats during testing
  B. To define the boundaries and objectives
  C. To ensure that all vulnerabilities are identified and addressed
  D. To validate the project timeline and resource allocations
  B. To define the boundaries and objectives

  ---

  Explanation

  Scoping defines the penetration test's boundaries and objectives, ensuring alignment with the client's needs and expectations. This is a key step in pre-engagement activities, as outlined in the CompTIA Pentest+ objectives.

• Question 117:

  A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

  A. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the
  B. Searching for code repositories target company's organization
  C. Searching for code repositories associated with the target company's organization
  D. Searching for code repositories associated with a developer who previously worked for the target company
  B. Searching for code repositories target company's organization

  ---

  Explanation

  Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company. Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.

• Question 118:

  A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
  B. wmic startup get caption,command
  C. crontab -l; echo “@reboot sleep 200 andand ncat -lvp 4242 -e /bin/bash”) | crontab 2>/dev/null
  D. sudo useradd -ou 0 -g 0 user
  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

  ---

  Explanation

• Question 119:

  SIMULATION

  You are a penetration tester running port scans on a server.

  INSTRUCTIONS

  Part 1: Given the output, construct the command that was used to generate this output from the available options.

  Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A. See explanation below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See explanation below.

  ---

  Explanation

  Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns

  Part 2 - Weak SMB file permissions

  https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host

• Question 120:

  A security consultant wants to perform a vulnerability assessment with an application that can effortlessly generate an easy-to-read report. Which of the following should the attacker use?

  A. Brakeman
  B. Nessus
  C. Metasploit
  D. SCAP
  B. Nessus

  ---

  Explanation

  Nessus is a comprehensive vulnerability assessment tool that is widely used for conducting vulnerability assessments. It is known for its ability to generate detailed and easy-to-read reports, which makes it a preferred choice for security

  consultants who need to document their findings clearly.

  Nessus scans for a wide range of vulnerabilities across different systems and applications. It provides a detailed report that includes the vulnerabilities found, their severity levels, and recommendations for remediation. This feature makes it

  ideal for security consultants who need to perform vulnerability assessments and present their findings to stakeholders in an understandable format.

  References:

  Nessus product page: Tenable Nessus

  Use of Nessus in penetration testing reports: The reports generated by Nessus have been referenced in various HTB writeups such as those for Luke and Horizontall.