CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 201:

  A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

  

  Which of the following combinations of tools would the penetration tester use to exploit this script?

  A. Hydra and crunch
  B. Netcat and cURL
  C. Burp Suite and DIRB
  D. Nmap and OWASP ZAP
  B. Netcat and cURL

  ---

  Explanation

• Question 202:

  A penetration tester managed to exploit a vulnerability using the following payload:

  IF (1=1) WAIT FOR DELAY '0:0:15'

  Which of the following actions would best mitigate this type ol attack?

  A. Encrypting passwords
  B. Parameterizing queries
  C. Encoding output
  D. Sanitizing HTML
  B. Parameterizing queries

  ---

  Explanation

  The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is to use parameterized queries, which separate the user input from the SQL statement and prevent the injection of malicious code. Encrypting passwords, encoding output, and sanitizing HTML are also good security measures, but they do not directly address the SQL injection vulnerability.

  References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, Section 5.2: Perform Network Attacks, Subsection: SQL Injection, p. 235-237 Blind SQL Injection | OWASP Foundation, Description and Examples sections Time-Based Blind SQL Injection Attacks, Introduction and Microsoft SQL Server sections

• Question 203:

  When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

  A. Clarify the statement of work.
  B. Obtain an asset inventory from the client.
  C. Interview all stakeholders.
  D. Identify all third parties involved.
  A. Clarify the statement of work.

  ---

  Explanation

  Clarifying the statement of work is one of the most important items to develop fully prior to beginning the penetration testing activities, as it defines the scope, objectives, deliverables, and expectations of the engagement. The statement of work is a formal document that outlines the agreement between the penetration tester and the client and serves as a reference for both parties throughout the engagement. It should include details such as the type, duration, and frequency of testing, the target systems and networks, the authorized methods and tools, the reporting format and schedule, and any legal or ethical considerations.

• Question 204:

  A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?

  A. enum4linux -u userl -p /passwordList.txt 192.168.0.1
  B. enum4linux -u userl -p Passwordl 192.168.0.1
  C. cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt
  D. cme smb 192.168.0.0/24 -u /userList.txt -p Summer123
  C. cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt

  ---

  Explanation

  The cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt command is used to perform SMB enumeration on the 192.168.0.0/24 subnet using a list of usernames and passwords. The -u option specifies the file containing the usernames, and the -p option specifies the file containing the passwords. This command allows the tester to attempt to authenticate with multiple accounts without locking any of them out.

• Question 205:

  A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment.

  Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

  A. Asset inventory
  B. DNS records
  C. Web-application scan
  D. Full scan
  A. Asset inventory

  ---

  Explanation

• Question 206:

  A penetration tester conducted an assessment on a web server. The logs from this session show the following: http://www.thecompanydomain.com/servicestatus.php?serviceID=892andserviceID=892 ` ; DROP TABLE SERVICES; -Which of the following attacks is being attempted?

  A. Clickjacking
  B. Session hijacking
  C. Parameter pollution
  D. Cookie hijacking
  E. Cross-site scripting
  C. Parameter pollution

  ---

  Explanation

• Question 207:

  A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

  A. Weak authentication schemes
  B. Credentials stored in strings
  C. Buffer overflows
  D. Non-optimized resource management
  C. Buffer overflows

  ---

  Explanation

  fuzzing introduces unexpected inputs into a system and watches to see if the system has any negative reactions to the inputs that indicate security, performance, or quality gaps or issues

• Question 208:

  Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

  A. Dictionary
  B. Directory
  C. Symlink
  D. Catalog
  E. For-loop
  A. Dictionary

  ---

  Explanation

  A dictionary can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools. A dictionary is a collection of key- value pairs that can be accessed by using the keys. For example, a dictionary can store usernames and passwords, or IP addresses and hostnames, that can be used as input for brute-force or reconnaissance tools.

• Question 209:

  Which of the following practices ensures that vulnerabilities are detected and addressed during the development process, helping to reduce the accumulation of issues over time in a DevSecOps environment?

  A. Perform penetration testing regularly.
  B. Perform a security evaluation based on the OWASP Top 10.
  C. Implement a peer review process during the coding phase.
  D. Implement security scanning during the pipeline for the CI/CD flow.
  D. Implement security scanning during the pipeline for the CI/CD flow.

  ---

  Explanation

  Integrating security scanning in the CI/CD pipeline ensures that vulnerabilities are detected and addressed during the development process, reducing the accumulation of issues over time. This aligns with CompTIA Pentest+ objectives related to secure software development and DevSecOps principles.

  uk.co.certification.simulator.questionpool.PList@23e1f38d

• Question 210:

  After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host.

  Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?

  A. taskkill /PID /T /F
  B. taskkill /PID /IM /F
  C. taskkill /PID /S /U
  D. taskkill /PID /F /P
  A. taskkill /PID /T /F

  ---

  Explanation

  The taskkill command is used in Windows to terminate tasks by process ID (PID) or image name (IM). To terminate a specified process and any child processes it started, the /T flag is used. The /F flag is used to force terminate the process.

  Therefore, the correct syntax to terminate the endpoint protection software and its child processes is:

  taskkill /PID /T /F

  Why Other Options Are Incorrect:

  /IM: Specifies the image name but is not necessary when using /PID.

  /S: Specifies the remote system to connect to, and /U specifies the user context under which the command should execute. Neither is relevant to terminating local processes.

  /P: There is no /P flag in the taskkill command.