CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 191:

  Given the following script:

  while True:

  print ("Hello World")

  Which of the following describes True?

  A. A while loop
  B. A conditional
  C. A Boolean operator
  D. An arithmetic operator
  C. A Boolean operator

  ---

  Explanation

  True is a Boolean operator in Python, which is an operator that returns either True or False values based on logical conditions. Boolean operators can be used in expressions or statements that evaluate to True or False values, such as comparisons, assignments, or loops. In the code, True is used as the condition for a while loop, which is a loop that repeats a block of code as long as the condition is True. The code will print "Hello World" indefinitely because True will always be True and the loop will never end. The other options are not valid descriptions of True.

• Question 192:

  An organization wants to identify whether a less secure protocol is being utilized on a wireless network.

  Which of the following types of attacks will achieve this goal?

  A. Protocol negotiation
  B. Packet sniffing
  C. Four-way handshake
  D. Downgrade attack
  D. Downgrade attack

  ---

  Explanation

  A downgrade attack is a type of attack that exploits a vulnerability in the protocol negotiation process between a client and a server to force them to use a less secure protocol than they originally intended. A downgrade attack can be used to identify whether a less secure protocol is being utilized on a wireless network by intercepting and modifying the messages exchanged during the protocol negotiation phase, such as the association request and response frames, and making the client and the server agree on a weaker protocol, such as WEP or WPA, instead of a stronger one, such as WPA2 or WPA3. A downgrade attack can also enable the attacker to perform other attacks, such as cracking the encryption keys or capturing the network traffic, more easily by taking advantage of the weaknesses of the less secure protocol. A downgrade attack can be performed by using tools such as Airgeddon, which is a multi-use bash script for Linux systems to audit wireless networks.

• Question 193:

  A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

  A. The penetration tester conducts a retest.
  B. The penetration tester deletes all scripts from the client machines.
  C. The client applies patches to the systems.
  D. The client clears system logs generated during the test.
  C. The client applies patches to the systems.

  ---

  Explanation

• Question 194:

  Given the following Nmap scan command:

  [root@kali ~]# nmap 192.168.0 .* -- exclude 192.168.0.101

  

  Which of the following is the total number of servers that Nmap will attempt to scan?

  A. 1
  B. 101
  C. 255
  D. 256
  C. 255

  ---

  Explanation

  The Nmap scan command given will scan all the hosts in the 192.168.0.0/24 subnet, except for the one with the IP address 192.168.0.101. The subnet has 256 possible hosts, but one of them is excluded, so the total number of servers that

  Nmap will attempt to scan is 255.

  References:

  Nmap Commands - 17 Basic Commands for Linux Network, Section: Scan Multiple Hosts, Subsection: Excluding Hosts from Search Nmap Cheat Sheet 2023: All the Commands and More, Section: Target Specification, Subsection: -exclude

• Question 195:

  A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

  A. The injection was too slow.
  B. The DNS information was incorrect.
  C. The DNS cache was not refreshed.
  D. The client did not receive a trusted response.
  C. The DNS cache was not refreshed.

  ---

  Explanation

  A DNS poisoning attack is an attack that exploits a vulnerability in the DNS protocol or system to redirect traffic from legitimate websites to malicious ones. A DNS poisoning attack works by injecting false DNS records into a DNS server or resolver's cache, which is a temporary storage of DNS information. However, if the DNS cache was not refreshed, then the attack would fail, as the target machine would still use the old and valid DNS records from its cache. The other options are not likely causes of the attack failure.

• Question 196:

  Which of the following describe the GREATEST concerns about using third-party open- source libraries in application code? (Choose two.)

  A. The libraries may be vulnerable
  B. The licensing of software is ambiguous
  C. The libraries' code bases could be read by anyone
  D. The provenance of code is unknown
  E. The libraries may be unsupported
  F. The libraries may break the application
  A. The libraries may be vulnerable
  D. The provenance of code is unknown

  ---

  Explanation

  The libraries may be vulnerable to security bugs or exploits that can compromise the application or the data. According to the web search results, open-source libraries often have vulnerabilities that can be exploited by attackers, such as Heartbleed, Shellshock, DROWN, or npm left-pad1234. These vulnerabilities can allow attackers to extract sensitive data, execute arbitrary commands, decrypt encrypted traffic, or break the functionality of the application. Therefore, using third-party open-source libraries in application code poses a significant security risk. The provenance of code is unknown, meaning that the origin and history of the code are not verified or documented. According to the web search results, open- source libraries and client projects are developed and continuously evolving in an asynchronous way, which makes it difficult to track the changes and updates of the code. Moreover, open-source libraries may have dependencies on other libraries, which can introduce additional risks or vulnerabilities. Therefore, using third-party open-source libraries in application code poses a significant quality risk.

• Question 197:

  Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

  A. OWASP Top 10
  B. MITRE ATTandCK
  C. Cyber Kill Chain
  D. Well-Architected Framework
  B. MITRE ATTandCK

  ---

  Explanation

• Question 198:

  A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test.

  Which of the following BEST describes the purpose of checking with the penetration tester?

  A. Situational awareness
  B. Rescheduling
  C. DDoS defense
  D. Deconfliction
  D. Deconfliction

  ---

  Explanation

  https://redteam.guide/docs/definitions/ Deconfliction is the process of coordinating activities and communicating information to avoid interference, confusion, or conflict among different parties involved in an operation. The network engineer contacted the penetration tester to check if the GET requests were part of the test, and to avoid any potential misunderstanding or disruption of the test or the website. The other options are not related to the purpose of checking with the penetration tester.

• Question 199:

  During an assessment, a penetration tester discovers the following code sample in a web application: "(and(userid=*)(userid=*))(I(userid=*)(userPwd=(SHAl}a9993e364706816aba3e25717850c26 c9cd0d89d==)) Which of the following injections is being performed?

  A. Boolean SQL
  B. Command
  C. Blind SQL
  D. LDAP
  D. LDAP

  ---

  Explanation

  The code sample provided involves LDAP (Lightweight Directory Access Protocol) query syntax, not SQL or command injection syntax. LDAP injections occur when user-supplied inputs are not properly sanitized before being incorporated into LDAP queries. The given code demonstrates a potential LDAP injection point, where an attacker might manipulate the (userid=*) part to execute unauthorized queries or access unauthorized information within the LDAP directory. Boolean and Blind SQL injections, as well as Command injections, do not apply to LDAP query syntax.

• Question 200:

  During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format.

  Which of the following types of attacks would MOST likely be used to avoid account lockout?

  A. Mask
  B. Rainbow
  C. Dictionary
  D. Password spraying
  D. Password spraying

  ---

  Explanation

  Password spraying is a type of password guessing attack that involves trying one or a few common passwords against many usernames or accounts. Password spraying can avoid account lockout policies that limit the number of failed login attempts per account by spreading out the attempts over time and across different accounts. Password spraying can also increase the chances of success by using passwords that are likely to be used by many users, such as default passwords, seasonal passwords, or company names. Mask is a type of password cracking attack that involves using a mask or a pattern to generate passwords based on known or guessed characteristics of the password, such as length, case, or symbols. Rainbow is a technique of storing precomputed hashes of passwords in a table that can be used to quickly crack passwords by looking up the hashes. Dictionary is a type of password cracking attack that involves using a wordlist or a dictionary of common or likely passwords to try against an account.