CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 131:

  During an engagement, a penetration tester found the following list of strings inside a file:

  

  Which of the following is the BEST technique to determine the known plaintext of the strings?

  A. Dictionary attack
  B. Rainbow table attack
  C. Brute-force attack
  D. Credential-stuffing attack
  B. Rainbow table attack

  ---

  Explanation

• Question 132:

  Penetration on an assessment for a client organization, a penetration tester notices numerous outdated software package versions were installed ...s-critical servers.

  Which of the following would best mitigate this issue?

  A. Implementation of patching and change control programs
  B. Revision of client scripts used to perform system updates
  C. Remedial training for the client's systems administrators
  D. Refrainment from patching systems until quality assurance approves
  A. Implementation of patching and change control programs

  ---

  Explanation

  The best way to mitigate this issue is to implement patching and change control programs, which are processes that involve applying updates or fixes to software packages to address vulnerabilities, bugs, or performance issues, and managing or documenting the changes made to the software packages to ensure consistency, compatibility, and security. Patching and change control programs can help prevent or reduce the risk of attacks that exploit outdated software package versions, which may contain known or unknown vulnerabilities that can compromise the security or functionality of the systems or servers. Patching and change control programs can be implemented by using tools such as WSUS, which is a tool that can manage and distribute updates for Windows systems and applications, or Git, which is a tool that can track and control changes to source code or files. The other options are not valid ways to mitigate this issue. Revision of client scripts used to perform system updates is not a sufficient way to mitigate this issue, as it may not address the root cause of why the software package versions are outdated, such as lack of awareness, resources, or policies. Remedial training for the client's systems administrators is not a direct way to mitigate this issue, as it may not result in immediate or effective actions to update the software package versions. Refrainment from patching systems until quality assurance approves is not a way to mitigate this issue, but rather a potential cause or barrier for why the software package versions are outdated.

• Question 133:

  Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  A. Executive summary of the penetration-testing methods used
  B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  C. Quantitative impact assessments given a successful software compromise
  D. Code context for instances of unsafe type-casting operations
  D. Code context for instances of unsafe type-casting operations

  ---

  Explanation

  Code context for instances of unsafe type-casting operations would most likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience, as it would provide relevant and actionable information for the developers to fix the vulnerabilities. Type-casting is the process of converting one data type to another, such as an integer to a string. Unsafe type- casting can lead to errors, crashes, or security issues, such as buffer overflows or code injection.

• Question 134:

  The following PowerShell snippet was extracted from a log of an attacker machine:

  

  A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?

  A. Line 8
  B. Line 13
  C. Line 19
  D. Line 20
  A. Line 8

  ---

  Explanation

  $X=2,4,6,8,9,20,5 $y=[System.Collections.ArrayList]$X $y.RemoveRange(1,2) As you can see the arrat has no brackets and no periods. IT HAS SEMICOLLINS TO SEPERATE THE LISTED ITEMS OR VALUES.

• Question 135:

  Which of the following best explains why communication is a vital phase of a penetration test?

  A. To discuss situational awareness
  B. To build rapport with the emergency contact
  C. To explain the data destruction process
  D. To ensure the likelihood of future assessments
  A. To discuss situational awareness

  ---

  Explanation

  Communication is a vital phase of a penetration test to ensure all parties involved are aware of the test's progress, findings, and any potential impact on business operations. Discussing situational awareness involves sharing real-time insights about the security posture, any vulnerabilities found, and potential risks. This enables the organization to make informed decisions, mitigate risks promptly, and ensure the test aligns with business objectives and constraints.

• Question 136:

  Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

  A. DirBuster
  B. CeWL
  C. w3af
  D. Patator
  B. CeWL

  ---

  Explanation

  CeWL, the Custom Word List Generator, is a Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds. Running CeWL against a target

  organization's sites can help generate a custom word list, but you will typically want to add words manually based on your own OSINT gathering efforts.

  https://esgeeks.com/como-utilizar-cewl/

• Question 137:

  A penetration tester needs to upload the results of a port scan to a centralized security tool.

  Which of the following commands would allow the tester to save the results in an interchangeable format?

  A. nmap -iL results 192.168.0.10-100
  B. nmap 192.168.0.10-100 -O > results
  C. nmap -A 192.168.0.10-100 -oX results
  D. nmap 192.168.0.10-100 | grep "results"
  C. nmap -A 192.168.0.10-100 -oX results

  ---

  Explanation

• Question 138:

  A penetration tester is performing DNS reconnaissance and has obtained the following output using different dig comrr ;; ANSWER SECTION company.com.5INMX10 mxa.company.com company.com.5IN-MX10 mxb.company.com company.com.5INMX100 mxc.company.com ;; ANSWER SECTION company.com.5INA120.73.220.53 ;; ANSWER SECTION company.com.5INNSnsl.nsvr.com Which of the following can be concluded from the output the penetration tester obtained?

  A. mxc.company.com is the preferred mail server.
  B. The company.com record can be cached for five minutes.
  C. The company's website is hosted at 120.73.220.53.
  D. The nameservers are not redundant.
  B. The company.com record can be cached for five minutes.

  ---

  Explanation

  The output of the DNS query shows the TTL (Time to Live) value for the company.com record as 5. This means that the DNS record can be cached for five minutes before it needs to be refreshed from the authoritative DNS server. The TTL

  value indicates how long a DNS resolver is allowed to cache the query before it must query the authoritative server again.

  References:

  Understanding DNS TTL values: DNS TTL

  Interpretation of DNS dig output from various penetration testing engagements:

  Horizontall.

• Question 139:

  A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

  

  Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  A. Edit the discovered file with one line of code for remote callback
  B. Download .pl files and look for usernames and passwords
  C. Edit the smb.conf file and upload it to the server
  D. Download the smb.conf file and look at configurations
  C. Edit the smb.conf file and upload it to the server

  ---

  Explanation

• Question 140:

  During passive reconnaissance of a target organization's infrastructure, a penetration tester wants to identify key contacts and job responsibilities within the company. Which of the following techniques would be the most effective for this situation?

  A. Social media scraping
  B. Website archive and caching
  C. DNS lookup
  D. File metadata analysis
  A. Social media scraping

  ---

  Explanation

  Social media scraping involves collecting information from social media platforms where employees might share their roles, responsibilities, and professional affiliations. This method can reveal detailed insights into the organizational structure, key personnel, and specific job functions within the target organization, making it an invaluable tool for understanding the company's internal landscape without alerting the target to the reconnaissance activities.