CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 171:

  A client asks a penetration tester to retest its network a week after the scheduled maintenance window.

  Which of the following is the client attempting to do?

  A. Determine if the tester was proficient.
  B. Test a new non-public-facing server for vulnerabilities.
  C. Determine if the initial report is complete.
  D. Test the efficacy of the remediation effort.
  D. Test the efficacy of the remediation effort.

  ---

  Explanation

  A retest is a follow-up assessment where the penetration tester checks if the vulnerabilities found in the initial test have been fixed or mitigated by the client. A retest can provide many benefits, such as verifying the effectiveness of the remediation actions, showing improvement to internal or external stakeholders, and reducing the risk of future exploitation. A retest is usually performed after a certain period of time, which can be agreed upon in the rules of engagement or the statement of work. A week after the scheduled maintenance window is a reasonable time frame to allow the client to apply the necessary patches or configuration changes to their network. Therefore, the client is most likely attempting to test the efficacy of the remediation effort by asking for a retest.

• Question 172:

  In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: .

  Which of the following would be the best action for the tester to take NEXT with this information?

  A. Create a custom password dictionary as preparation for password spray testing.
  B. Recommend using a password manage/vault instead of text files to store passwords securely.
  C. Recommend configuring password complexity rules in all the systems and applications.
  D. Document the unprotected file repository as a finding in the penetration-testing report.
  D. Document the unprotected file repository as a finding in the penetration-testing report.

  ---

  Explanation

• Question 173:

  Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

  A. Whether the cloud service provider allows the penetration tester to test the environment
  B. Whether the specific cloud services are being used by the application
  C. The geographical location where the cloud services are running
  D. Whether the country where the cloud service is based has any impeding laws
  A. Whether the cloud service provider allows the penetration tester to test the environment

  ---

  Explanation

  The first thing that a penetration tester should consider when engaging in a penetration test in a cloud environment is whether the cloud service provider allows the tester to test the environment, as this will determine whether the tester has permission or authorization to perform the test. Some cloud service providers have policies or terms of service that prohibit or restrict penetration testing on their platforms or require prior approval or notification before testing. The tester should review these policies and obtain written consent from the provider before conducting any testing activities.

• Question 174:

  A penetration tester who is performing a physical assessment has achieved physical access to a call center for the assessed company. The tester is able to move freely around the room. Which of the following attack types is most likely to result in the tester obtaining personal or confidential information quickly?

  A. Dumpster diving
  B. Warwalking
  C. Vishing
  D. Smishing
  E. Shoulder surfing
  E. Shoulder surfing

  ---

  Explanation

• Question 175:

  During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

  A. SOW.
  B. SLA.
  C. ROE.
  D. NDA
  C. ROE.

  ---

  Explanation

  https://mainnerve.com/what-are-rules-of-engagement-in-pen- testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.

• Question 176:

  A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

  A. Nmap
  B. tcpdump
  C. Scapy
  D. hping3
  C. Scapy

  ---

  Explanation

  https://0xbharath.github.io/art-of-packet-crafting-with- scapy/scapy/creating_packets/index.html

  https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy

  Scapy is a powerful and interactive packet manipulation tool that allows the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds. Scapy can craft, send, receive, and analyze packets of various protocols, such as TCP, UDP, ICMP, or IP. Scapy can also modify any field of any layer of a packet, such as the TCP header length and checksum, which are used to indicate the size and integrity of the TCP segment. Scapy can also display the response packets from the target system, which can reveal how the proprietary service handles the invalid packet.

• Question 177:

  A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision?

  A. The tester had the situational awareness to stop the transfer.
  B. The tester found evidence of prior compromise within the data set.
  C. The tester completed the assigned part of the assessment workflow.
  D. The tester reached the end of the assessment time frame.
  A. The tester had the situational awareness to stop the transfer.

  ---

  Explanation

  Situational awareness is the ability to perceive and understand the environment and events around oneself, and to act accordingly. The penetration tester demonstrated situational awareness by stopping the transfer of PII, which was out of scope and could have violated the ROE or legal and ethical principles. The other options are not relevant to the situation or the decision of the penetration tester.

• Question 178:

  During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers.

  To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

  A. Vulnerability scanning
  B. Network segmentation
  C. System hardening
  D. Intrusion detection
  B. Network segmentation

  ---

  Explanation

  Network segmentation is the practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, security level, or access control. Network segmentation can enhance the security of a network by isolating sensitive or critical systems from less secure or untrusted systems, reducing the attack surface, limiting the spread of malware or intrusions, and enforcing granular policies and rules for each segment. To be PCI compliant, which is a set of standards for protecting payment card data, the company should have implemented network segmentation to separate the servers that perform financial transactions from other parts of the network that may be less secure or more exposed to threats. The other options are not specific requirements for PCI compliance, although they may be good security practices in general.

• Question 179:

  During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen.

  After being notified about the breach, which of the following steps should the company take NEXT?

  A. Deny that the vulnerability existed
  B. Investigate the penetration tester.
  C. Accept that the client was right.
  D. Fire the penetration tester.
  B. Investigate the penetration tester.

  ---

  Explanation

  The penetration tester violated the client's request and the code of ethics by not reporting the vulnerability immediately and leaving it in place. This could have contributed to the breach and the data loss. The company should investigate the penetration tester's actions and motives, and hold them accountable for any negligence or malpractice.

• Question 180:

  A penetration tester is testing a company's public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the following actions should the penetration tester take next?

  A. Include the findings in the final report.
  B. Notify the client immediately.
  C. Document which commands can be executed.
  D. Use this feature to further compromise the server.
  B. Notify the client immediately.

  ---

  Explanation

  The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST

  packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed.

  References:

  [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]