CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 221:

  A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

  A. nmap -f -sV -p80 192.168.1.20
  B. nmap -sS -sL -p80 192.168.1.20
  C. nmap -A -T4 -p80 192.168.1.20
  D. nmap -O -v -p80 192.168.1.20
  C. nmap -A -T4 -p80 192.168.1.20

  ---

  Explanation

  This command will scan the host 192.168.1.20 on port 80 using the following options:

  -A: This option enables OS detection, version detection, script scanning, and traceroute. This will help to determine if the host is running an approved version of Linux and a patched version of Apache, as well as other information about the

  host and the network path.

  -T4: This option sets the timing template to aggressive, which speeds up the scan by increasing the number of parallel probes, reducing the timeouts, and assuming faster responses. -p80: This option specifies the port to scan, which is 80 in

  this case. Port 80 is commonly used for HTTP services, such as Apache web server.

  https://nmap.org/book/man-version-detection.html

• Question 222:

  A penetration tester is performing an assessment against a customer's web application that is hosted in a major cloud provider's environment. The penetration tester observes that the majority of the attacks attempted are being blocked by the organization's WAF.

  Which of the following attacks would be most likely to succeed?

  A. Reflected XSS
  B. Brute-force
  C. DDoS
  D. Direct-to-origin
  D. Direct-to-origin

  ---

  Explanation

• Question 223:

  A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

  Which of the following changes should the tester apply to make the script work as intended?

  A. Change line 2 to $ip= 10.192.168.254;
  B. Remove lines 3, 5, and 6.
  C. Remove line 6.
  D. Move all the lines below line 7 to the top of the script.
  B. Remove lines 3, 5, and 6.

  ---

  Explanation

  https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html Example script:

  #!/usr/bin/perl

  $ip=$argv[1];

  attack($ip);

  sub attack {

  print("x");

  }

• Question 224:

  A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

  Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

  A. Closing open services
  B. Encryption users' passwords
  C. Randomizing users' credentials
  D. Users' input validation
  E. Parameterized queries
  F. Output encoding
  D. Users' input validation
  E. Parameterized queries

  ---

  Explanation

  SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can result in data theft, data corruption, authentication bypass,

  or command execution. To mitigate SQL injection vulnerabilities, the following remediation techniques are recommended:

  Users' input validation: This involves checking and sanitizing the user input before passing it to the database server. Input validation can prevent malicious or unexpected input from reaching the database server and causing harm. Input

  validation can be done by using whitelists, blacklists, regular expressions, or escaping mechanisms.

  Parameterized queries: This involves using placeholders or parameters for user input instead of concatenating it with the SQL statement. Parameterized queries can separate the user input from the SQL logic and prevent it from being

  interpreted as part of the SQL statement. Parameterized queries can be implemented by using prepared statements, stored procedures, or frameworks that support them. The other options are not relevant or effective remediation techniques

  for SQL injection vulnerabilities.

• Question 225:

  Which of the following is the MOST effective person to validate results from a penetration test?

  A. Third party
  B. Team leader
  C. Chief Information Officer
  D. Client
  B. Team leader

  ---

  Explanation

• Question 226:

  DRAG DROP

  You are a penetration tester reviewing a client's website through a web browser.

  INSTRUCTIONS

  Review all components of the website through the browser to determine if vulnerabilities are present.

  Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Select and Place:

  

  

  Explanation

• Question 227:

  A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

  Which of the following would be the BEST recommendation to prevent this type of activity in the future?

  A. Enforce mandatory employee vacations
  B. Implement multifactor authentication
  C. Install video surveillance equipment in the office
  D. Encrypt passwords for bank account information
  A. Enforce mandatory employee vacations

  ---

  Explanation

  If the employee already works in the accounting department, MFA will not stop their actions because they'll already have access by virtue of their job. Enforcing mandatory employee vacations is the best recommendation to prevent this type of activity in the future, as it will make it harder for an employee to conceal fraudulent transactions or unauthorized changes to a payment system. Mandatory employee vacations are a form of internal control that requires employees to take time off from work periodically and have their duties performed by someone else. This can help detect errors, irregularities, or frauds committed by employees who might otherwise have exclusive access or control over certain processes or systems.

• Question 228:

  A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

  A. Bluejacking
  B. Bluesnarfing
  C. BLE attack
  D. WPS PIN attack
  C. BLE attack

  ---

  Explanation

  A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles. This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi- Fi Protected Setup, which is unrelated to key fobs and electric vehicles.

• Question 229:

  Which of the following would be the most efficient way to write a Python script that interacts with a web application?

  A. Create a class for requests.
  B. Write a function for requests.
  C. Import the requests library.
  D. Use the cURL OS command.
  C. Import the requests library.

  ---

  Explanation

  The most efficient way to write a Python script that interacts with web applications is to import the requests library. The requests library is a Python HTTP library that simplifies making HTTP requests to web servers, which is essential for interacting with web applications. It allows you to easily send HTTP/1.1 requests, without the need for manually adding query strings to your URLs, or form-encode your POST data. Options A and B involve creating a class or function for requests, which could be more time-consuming and less efficient than using a well-established library like requests. Option D, using the cURL OS command, is less efficient in a Python script since it involves calling an external command rather than using a native Python library.

• Question 230:

  A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:

  IP Address: 192.168.1.63

  Physical Address: 60-36-dd-a6-c5-33

  Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

  A. tcpdump -i eth01 arp and arp[6:2] == 2
  B. arp -s 192.168.1.63 60-36-DD-A6-C5-33
  C. ipconfig /all findstr /v 00-00-00 | findstr Physical
  D. route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1
  B. arp -s 192.168.1.63 60-36-DD-A6-C5-33

  ---

  Explanation

  The arp command is used to manipulate or display the Address Resolution Protocol (ARP) cache, which is a table that maps IP addresses to physical addresses (MAC addresses) on a network. The -s option is used to add a static ARP entry to the cache, which means that it will not expire or be overwritten by dynamic ARP entries. The syntax for adding a static ARP entry is arp -s . Therefore, the command arp -s 192.168.1.63 60-36-DD-A6-C5-33 would add a static ARP entry for the IP address 192.168.1.63 and the physical address 60-36-DD-A6-C5-33 to the local cache of the attacker machine. This would allow the attacker machine to communicate with the target machine without relying on ARP requests or replies. The other commands are not valid or useful for establishing a static ARP entry.