CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 141:

  Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email. Which of the following commands would best help the tester determine which cloud email provider the log-in page needs to mimic?

  A. dig company.com MX
  B. whois company.com
  C. cur1 www.company.com
  D. dig company.com A
  A. dig company.com MX

  ---

  Explanation

  The dig command is a tool that can be used to query DNS servers and obtain information about domain names, such as IP addresses, mail servers, name servers, or other records. The MX option specifies that the query is for mail exchange records, which are records that indicate the mail servers responsible for accepting email messages for a domain. Therefore, the command dig company.com MX would best help the tester determine which cloud email provider the log-in page needs to mimic by showing the mail servers for company.com. For example, if the output shows something like company-com.mail.protection.outlook.com, then it means that company.com uses Microsoft Outlook as its cloud email provider. The other commands are not as useful for determining the cloud email provider. The whois command is a tool that can be used to query domain name registration information, such as the owner, registrar, or expiration date of a domain. The curl command is a tool that can be used to transfer data from or to a server using various protocols, such as HTTP, FTP, or SMTP. The dig command with the A option specifies that the query is for address records, which are records that map domain names to IP addresses.

• Question 142:

  Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

  A. devices produce more heat and consume more power.
  B. devices are obsolete and are no longer available for replacement.
  C. protocols are more difficult to understand.
  D. devices may cause physical world effects.
  D. devices may cause physical world effects.

  ---

  Explanation

  "A significant issue identified by Wiberg is that using active network scanners, such as Nmap, presents a weakness when attempting port recognition or service detection on SCADA devices. Wiberg states that active tools such as Nmap can use unusual TCP segment data to try and find available ports. Furthermore, they can open a massive amount of connections with a specific SCADA device but then fail to close them gracefully." And since SCADA and ICS devices are designed and implemented with little attention having been paid to the operational security of these devices and their ability to handle errors or unexpected events, the presence idle open connections may result into errors that cannot be handled by the devices.

  https://www.hindawi.com/journals/scn/2018/3794603/

• Question 143:

  A penetration tester is performing a social engineering penetration test and was able to create a remote session. Which of the following social engineering techniques was most likely successful?

  A. SMS phishing
  B. Dumpster diving
  C. Executive impersonation attack
  D. Browser exploitation framework
  C. Executive impersonation attack

  ---

  Explanation

• Question 144:

  A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface.

  Which of the following is the most effective technique to extract sensitive user data?

  A. Compare PI I from data leaks to publicly exposed user profiles.
  B. Target the user profile page with a denial-of-service attack.
  C. Target the user profile page with a reflected XSS attack.
  D. Compare the API response fields to GUI fields looking for PH.
  D. Compare the API response fields to GUI fields looking for PH.

  ---

  Explanation

  When additional data is returned in the API response that is not displayed in the web user interface, it indicates that there might be sensitive data being transmitted that is not intended for user display. By comparing the fields returned in the API response to those that are visible in the GUI, a penetration tester can identify any Personally Identifiable Information (PII) or other sensitive data that might be exposed unintentionally. This method is direct and does not involve attacking the system but rather analyzing the data being transmitted. The other options do not directly address the identification of sensitive data in API responses.

• Question 145:

  A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

  Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  A. PLCs will not act upon commands injected over the network.
  B. Supervisors and controllers are on a separate virtual network by default.
  C. Controllers will not validate the origin of commands.
  D. Supervisory systems will detect a malicious injection of code/commands.
  C. Controllers will not validate the origin of commands.

  ---

  Explanation

  PLCs are programmable logic controllers that execute logic operations on input signals from sensors and output signals to actuators. They are often connected to supervisory systems that provide human-machine interfaces and data acquisition functions. If both systems are connected to the company intranet, they are exposed to potential attacks from internal or external adversaries. A valid assumption is that controllers will not validate the origin of commands, meaning that an attacker can send malicious commands to manipulate or sabotage the industrial process. The other assumptions are not valid because they contradict the facts or common practices.

• Question 146:

  A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:

  

  Which of the following represents what the penetration tester is attempting to accomplish?

  A. DNS cache poisoning
  B. MAC spoofing
  C. ARP poisoning
  D. Double-tagging attack
  D. Double-tagging attack

  ---

  Explanation

  https://scapy.readthedocs.io/en/latest/usage.html

• Question 147:

  Which of the following tools is primarily used for network scanning and enumeration, identifying open ports, services, and vulnerabilities on a network?

  A. Burp Suite
  B. Wireshark
  C. Metasploit
  D. Nmap
  D. Nmap

  ---

  Explanation

  Nmap is widely used for network scanning and enumeration. It identifies open ports, services, and vulnerabilities on a network. This directly relates to CompTIA Pentest+ objectives on scanning and enumeration methodologies. uk.co.certification.simulator.questionpool.PList@32d20f61

• Question 148:

  A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high.

  Which of the following should be the NEXT step?

  A. Perform a new penetration test.
  B. Remediate the findings.
  C. Provide the list of common vulnerabilities and exposures.
  D. Broaden the scope of the penetration test.
  B. Remediate the findings.

  ---

  Explanation

• Question 149:

  A tester who is performing a penetration test on a website receives the following output:

  Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

  Which of the following commands can be used to further attack the website?

  A. var adr= `../evil.php?test=' + escape(document.cookie);
  B. ../../../../../../../../../../etc/passwd
  C. /var/www/html/index.php;whoami
  D. 1 UNION SELECT 1, DATABASE(),3-
  D. 1 UNION SELECT 1, DATABASE(),3-

  ---

  Explanation

• Question 150:

  An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying.

  Which of the following attacks is the executive most likely experiencing?

  A. Data modification
  B. Amplification
  C. Captive portal
  D. Evil twin
  D. Evil twin

  ---

  Explanation

  The attacker creates an access point with the same name and network settings as a legitimate access point, but with a stronger signal to attract users. Once a victim connects to the rogue access point, the attacker can intercept and steal any data transmitted over the connection, including login credentials, credit card information, and other sensitive data.