CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 231:

  Which of the following assessment methods is MOST likely to cause harm to an ICS environment?

  A. Active scanning
  B. Ping sweep
  C. Protocol reversing
  D. Packet analysis
  A. Active scanning

  ---

  Explanation

• Question 232:

  A penetration-testing team is conducting a physical penetration test to gain entry to a building.

  Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

  A. As backup in case the original documents are lost
  B. To guide them through the building entrances
  C. To validate the billing information with the client
  D. As proof in case they are discovered
  D. As proof in case they are discovered

  ---

  Explanation

  The penetration testers should carry copies of the engagement documents with them as proof in case they are discovered by security guards, employees, or law enforcement officials. The engagement documents should include the scope, objectives, authorization, and contact information of the penetration testing team and the client. This will help avoid any legal or ethical issues that may arise from trespassing, breaking and entering, or unauthorized access. The other options are not valid reasons for carrying the engagement documents with them.

  https://hub.packtpub.com/penetration-testing-rules-of-engagement/

• Question 233:

  During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reproduce these vulnerabilities?

  A. Operations staff
  B. Developers
  C. Third-party stakeholders
  D. C-suite executives
  B. Developers

  ---

  Explanation

  The developers would be the most interested in the steps to reproduce the web application vulnerabilities, because they are responsible for fixing the code and implementing security best practices. The steps to reproduce the vulnerabilities would help them understand the root cause of the problem, test the patches, and prevent similar issues in the future. The other options are less interested in the technical details of the vulnerabilities, as they have different roles and responsibilities. The operations staff are more concerned with the availability and performance of the web application, the third-party stakeholders are more interested in the business impact and risk assessment of the vulnerabilities, and the C-suite executives are more focused on the strategic and financial implications of the vulnerabilities.

• Question 234:

  During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities.

  When returning to the web application, the following message appeared in the browser:

  unauthorized to view this page.

  Which of the following BEST explains what occurred?

  A. The SSL certificates were invalid.
  B. The tester IP was blocked.
  C. The scanner crashed the system.
  D. The web page was not found.
  B. The tester IP was blocked.

  ---

  Explanation

  The most likely explanation for what occurred is that the tester IP was blocked by the web server. The web server may have detected the web scanner as a malicious or suspicious activity and blocked the tester's IP address from accessing the web application. This could result in an unauthorized to view this page message in the browser.

• Question 235:

  A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?

  A. Secondary
  B. Emergency
  C. Technical
  D. Primary
  B. Emergency

  ---

  Explanation

• Question 236:

  Which of the following is the most appropriate action to take when a client requests a penetration testing report that may be subject to confidentiality agreements?

  A. Provide an example report from a prior penetration test engagement.
  B. Allow the client to only view the information while in secure spaces.
  C. Determine which reports are no longer under a period of confidentiality.
  D. Provide raw output from penetration testing tools.
  C. Determine which reports are no longer under a period of confidentiality.

  ---

  Explanation

  Sharing reports that are no longer under a confidentiality agreement ensures compliance with legal and ethical obligations while satisfying the client's request. This aligns with CompTIA Pentest+ objectives under legal and ethical considerations for penetration testers.

  uk.co.certification.simulator.questionpool.PList@77fe2208

• Question 237:

  A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetration tester observes that the default Admin User account is enabled and appears to be used several times a day by unfamiliar IP addresses.

  Which of the following is the most appropriate way to remediate this issue?

  A. Increase password complexity.
  B. Implement system hardening.
  C. Restrict simultaneous user log-ins.
  D. Require local network access.
  D. Require local network access.

  ---

  Explanation

  Requiring local network access for the default Admin User account is a targeted measure to prevent unauthorized access from unfamiliar IP addresses, particularly those originating from outside the organization's network. This approach ensures that only devices physically connected to or authenticated within the local network can attempt to use the Admin User account, significantly reducing the risk of external attacks. Increasing password complexity and restricting simultaneous log-ins are good practices but do not directly address the issue of access from unfamiliar IPs. System hardening is broader and not specifically focused on the Admin User account issue.

• Question 238:

  A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?

  A. file=http://192.168. 1. 78?+document.cookie
  B. file =.. / .. / .. /proc/self/environ
  C. file='%20or%2054365=54365 ;-
  D. file=http://169.254.169.254/latest/meta-data/
  D. file=http://169.254.169.254/latest/meta-data/

  ---

  Explanation

  The payload D is used to access the metadata service of the laaS compute instance, which can provide information about the running process credentials, such as the instance ID, the service account, and the SSH keys. This is a common technique for exploiting cloud-based web applications that do not properly secure their metadata service. The other payloads are not effective for this purpose, as they either try to access the cookie data (A), the environment variables (B), or perform a SQL injection attack ? which are not related to the running process credentials.

• Question 239:

  Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

  A. NIST SP 800-53
  B. OWASP Top 10
  C. MITRE ATTandCK framework
  D. PTES technical guidelines
  C. MITRE ATTandCK framework

  ---

  Explanation

  https://digitalguardian.com/blog/what-mitre-attck-framework

• Question 240:

  A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

  Which of the following is the BEST action for the tester to take?

  A. Check the scoping document to determine if exfiltration is within scope.
  B. Stop the penetration test.
  C. Escalate the issue.
  D. Include the discovery and interaction in the daily report.
  B. Stop the penetration test.

  ---

  Explanation

  "Another reason to communicate with the customer is to let the customer know if something unexpected arises while doing the pentest, such as if a critical vulnerability is found on a system, a new target system is found that is outside the scope of the penetration test targets, or a security breach is discovered when doing the penetration test. You will need to discuss how to handle such discoveries and who to contact if those events occur. In case of such events, you typically stop the pentest temporarily to discuss the issue with the customer, then resume once a resolution has been determined."