CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 181:

  A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?

  A. Insecure direct object reference
  B. Improper error handling
  C. Race condition
  D. Weak or default configurations
  A. Insecure direct object reference

  ---

  Explanation

  Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. In the provided URLs, the userid parameter is directly referenced, which can allow attackers to manipulate these references to access unauthorized data. This vulnerability can lead to unauthorized access to other users' profiles by simply changing the userid parameter value. The other vulnerabilities listed (Improper error handling, Race condition, Weak or default configurations) do not directly relate to the issue demonstrated by the URLs.

• Question 182:

  A penetration tester runs the following command:

  nmap -p- -A 10.0.1.10

  Given the execution of this command, which of the following quantities of ports will Nmap scan?

  A. 1,000
  B. 1,024
  C. 10,000
  D. 65,535
  D. 65,535

  ---

  Explanation

  The nmap command with the -p- flag scans all ports from 1 to 65535 on the target host. The -A flag enables OS detection, version detection, script scanning, and traceroute. Therefore, the command will scan 65,535 ports on the host

  10.0.1.10 and perform additional analysis on the open ports.

• Question 183:

  A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = `123' hash = hashlib.pbkdf2_hmac(`sha256', plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(`sha256', plaintext, salt, 10000).

  Which of the following steps should the penetration tester recommend?

  A. Changing passwords that were created before this code update
  B. Keeping hashes created by both methods for compatibility
  C. Rehashing all old passwords with the new code
  D. Replacing the SHA-256 algorithm to something more secure
  A. Changing passwords that were created before this code update

  ---

  Explanation

  The penetration tester recommended the code be updated to use a random salt instead of a fixed salt for hashing passwords. A salt is a random value that is added to the plaintext password before hashing it, to prevent attacks such as rainbow tables or dictionary attacks that rely on precomputed hashes of common or weak passwords. A random salt ensures that each password hash is unique and unpredictable, even if two users have the same password. However, changing the salt does not affect the existing hashes that were created with the old salt, which may still be vulnerable to attacks. Therefore, the penetration tester should recommend changing passwords that were created before this code update, so that they can be hashed with the new salt and be more secure. The other options are not valid steps that the penetration tester should recommend. Keeping hashes created by both methods for compatibility would defeat the purpose of updating the code, as it would leave some hashes vulnerable to attacks. Rehashing all old passwords with the new code would not work, as it would require knowing the plaintext passwords, which are not stored in the database. Replacing the SHA-256 algorithm to something more secure is not necessary, as SHA-256 is a secure and widely used hashing algorithm that has no known vulnerabilities or collisions.

• Question 184:

  A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours.

  Which of the following BEST describes why this would be necessary?

  A. To meet PCI DSS testing requirements
  B. For testing of the customer's SLA with the ISP
  C. Because of concerns regarding bandwidth limitations
  D. To ensure someone is available if something goes wrong
  D. To ensure someone is available if something goes wrong

  ---

  Explanation

• Question 185:

  A penetration testing team has gained access to an organization's data center, but the team requires more time to test the attack strategy.

  Which of the following wireless attack techniques would be the most successful in preventing unintended interruptions?

  A. Captive portal
  B. Evil twin
  C. Bluejacking
  D. Jamming
  B. Evil twin

  ---

  Explanation

  An evil twin attack involves setting up a rogue wireless access point that mimics a legitimate one. This type of attack can be highly effective in a penetration testing scenario because it can intercept and capture data transmitted over the network without causing noticeable interruptions to the normal operation of the wireless network. Users are tricked into connecting to the evil twin instead of the legitimate access point, allowing the penetration testers to capture sensitive information. Unlike jamming, which disrupts the network, or bluejacking, which is limited to sending unsolicited messages, the evil twin can facilitate man-in-the-middle attacks seamlessly.

  References: OWASP Wireless Evil Twin Attack Kali Linux Evil Twin Tutorial

• Question 186:

  DRAG DROP

  Instructions:

  Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script.

  If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

  During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

  Select and Place:

  

  

  Explanation

• Question 187:

  A penetration tester is preparing a credential stuffing attack against a company's website.

  Which of the following can be used to passively get the most relevant information?

  A. Shodan
  B. BeEF
  C. HavelBeenPwned
  D. Maltego
  C. HavelBeenPwned

  ---

  Explanation

  HaveIBeenPwned is a website that allows users to check if their personal data has been compromised by data breaches. For a penetration tester preparing a credential stuffing attack, HaveIBeenPwned can provide valuable information about which accounts and passwords have been exposed, making them more likely targets for successful credential stuffing. This passive information gathering tool can help in identifying the most relevant credentials without actively probing the target's systems. The other tools listed (Shodan, BeEF, Maltego) serve different purposes, such as device and service enumeration, client-side exploitation, and information gathering through different means, respectively.

• Question 188:

  A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

  Which of the following is most important for the penetration tester to define FIRST?

  A. Establish the format required by the client.
  B. Establish the threshold of risk to escalate to the client immediately.
  C. Establish the method of potential false positives.
  D. Establish the preferred day of the week for reporting.
  B. Establish the threshold of risk to escalate to the client immediately.

  ---

  Explanation

• Question 189:

  During a security assessment, a penetration tester decides to write the following Python script:

  import requests x= ['OPTIONS', 'TRACE', 'TEST'l for y in x;

  z - requests.request(y, 'http://server.net') print(y, z.status_code, z.reason)

  Which of the following is the penetration tester trying to accomplish? (Select two).

  A. Web server denial of service
  B. HTTP methods availability
  C. 'Web application firewall detection
  D. 'Web server fingerprinting
  E. Web server error handling
  F. Web server banner grabbing
  B. HTTP methods availability
  D. 'Web server fingerprinting

  ---

  Explanation

  The Python script mentioned in the question is designed to send HTTP requests using different methods ('OPTIONS', 'TRACE', 'TEST') to a specified URL ('http://server.net') and print out the method used along with the status code and

  reason for each response. The key objectives of this script are:

  HTTP Methods Availability (B): By cycling through different HTTP methods, the script checks which methods are supported by the web server. This can reveal potential vulnerabilities, as certain methods like 'TRACE' can be exploited in

  certain situations (e.g., Cross Site Tracing (XST) attacks).

  Web Server Fingerprinting (D): The response to different HTTP methods can provide clues about the web server's software and configuration, contributing to server fingerprinting. This information can be used to tailor further attacks or

  understand the security posture of the server.

  This script is not designed for causing a denial of service, detecting web application firewalls, examining error handling, or performing banner grabbing directly, which excludes options A, C, E, and

  F.

• Question 190:

  Given the following script:

  

  Which of the following BEST characterizes the function performed by lines 5 and 6?

  A. Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
  B. Performs a single DNS query for www.comptia.org and prints the raw data output
  C. Loops through variable b to count the results returned for the DNS query and prints that count to screen
  D. Prints each DNS query result already stored in variable b
  D. Prints each DNS query result already stored in variable b

  ---

  Explanation

  The script is using the scapy library to perform a DNS query for www.comptia.org and store the response in variable b. Lines 5 and 6 are using a for loop to iterate over each answer in variable b and print its summary to the screen. This can help the penetration tester to view the DNS records returned by the query.