CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 261:

  A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leaves them unavailable for both legitimate users and further testing. Which of the following best describes this concept?

  A. Retesting
  B. De-escalation
  C. Remediation
  D. Collision detection
  C. Remediation

  ---

  Explanation

  Communicating with the client point of contact during a penetration test, especially when a testing component crashes a system or service, is crucial for remediation. Remediation involves the process of correcting or mitigating vulnerabilities that have been identified during the test. In the context of a system or service becoming unavailable, it's essential to promptly address and resolve the issue to restore availability and ensure the continuity of legitimate business operations. This communication ensures that the client is aware of the incident and can work together with the penetration tester to implement corrective actions, thereby minimizing the impact on the business and further testing activities.

• Question 262:

  A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

  A. Network segmentation
  B. Key rotation
  C. Encrypted passwords
  D. Patch management
  D. Patch management

  ---

  Explanation

  Patch management is the process of identifying, downloading, and installing security patches for a system in order to address new vulnerabilities and software exploits. In the case of EternalBlue, the vulnerability was addressed by Microsoft in

  the form of a security patch. Installing this patch on the vulnerable host will provide protection from the vulnerability. Additionally, organizations should implement a patch management program to regularly check for and install security patches

  for the systems in their environment. Network segmentation (A) can limit the impact of a compromise by separating different parts of the network into smaller, more isolated segments. However, it does not address the vulnerability itself. Key

  rotation (B) is the process of periodically changing cryptographic keys, which can help protect against attacks that rely on stolen or compromised keys. However, it is not directly related to the EternalBlue vulnerability. Encrypted passwords (C)

  can help protect user credentials in case of a data breach or other compromise, but it does not prevent attackers from exploiting the EternalBlue vulnerability.

  CompTIA PenTest+ Certification Guide, Chapter 1: Pre-engagement Interactions, Page 21.

• Question 263:

  A penetration tester is using the following script:

  

  Which of the following BEST describes the purpose of this script?

  A. To determine if a web server's date/time function is susceptible to attack
  B. To determine if a web server's time zone has been misconfigured
  C. To determine the difference between local and server time
  D. To determine and display the round-trip time of HTTP requests
  C. To determine the difference between local and server time

  ---

  Explanation

• Question 264:

  During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data.

  Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?

  A. Attacha remoteprofiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.
  B. Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.
  C. Attacha local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.
  D. Attacha remotedisassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.
  B. Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.

  ---

  Explanation

  To understand and exploit the vulnerability causing the server application to crash or remain stable after opening several simultaneous connections, the best approach is to attach a remote debugger to the application. This allows the penetration tester to monitor the application's behavior in real-time without affecting the stability of the testing environment. Establishing a large number of connections to the server and sending fixed packets of data simultaneously can help to reproduce the issue consistently, which is crucial for identifying the cause of the crashes. Analyzing the application's response and debugging data will provide insights into potential buffer overflow, race conditions, or other vulnerabilities.

  References: Effective Debugging Techniques Fuzz Testing and Debugging

• Question 265:

  A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?

  A. Perform vertical privilege escalation.
  B. Replay the captured traffic to the server to recreate the session.
  C. Use John the Ripper to crack the password.
  D. Utilize a pass-the-hash attack.
  D. Utilize a pass-the-hash attack.

  ---

  Explanation

• Question 266:

  A client has requested that the penetration test scan include the following UDP services:

  SNMP, NetBIOS, and DNS.

  Which of the following Nmap commands will perform the scan?

  A. nmap ג€andquot;vv sUV ג€andquot;p 53, 123-159 10.10.1.20/24 ג€andquot;oA udpscan
  B. nmap ג€andquot;vv sUV ג€andquot;p 53,123,161-162 10.10.1.20/24 ג€andquot;oA udpscan
  C. nmap ג€andquot;vv sUV ג€andquot;p 53,137-139,161-162 10.10.1.20/24 ג€andquot;oA udpscan
  D. nmap ג€andquot;vv sUV ג€andquot;p 53, 122-123, 160-161 10.10.1.20/24 ג€andquot;oA udpscan
  C. nmap ג€andquot;vv sUV ג€andquot;p 53,137-139,161-162 10.10.1.20/24 ג€andquot;oA udpscan

  ---

  Explanation

• Question 267:

  Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?

  A. Rules of engagement
  B. Signed authorization letter
  C. Statement of work
  D. Non-disclosure agreement
  A. Rules of engagement

  ---

  Explanation

  The Rules of Engagement (RoE) document is crucial when there's a dispute or issue with accepting a penetration test report. The RoE outlines the scope, methods, timing, legal considerations, and objectives of a penetration test. It serves as a guideline for both the client and the testing team on what is expected and permissible during the assessment. If there are issues with the report, referring back to the agreed-upon RoE can clarify whether the test was conducted within the agreed parameters and help resolve any disputes. The signed authorization letter, statement of work, and non-disclosure agreement are also important documents but are more related to the permission, scope of work, and confidentiality aspects of the engagement, respectively, rather than the specifics of how the test was to be conducted, which is what the RoE covers.

• Question 268:

  A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

  A. Attempting to tailgate an employee going into the client's workplace
  B. Dropping a malicious USB key with the company's logo in the parking lot
  C. Using a brute-force attack against the external perimeter to gain a foothold
  D. Performing spear phishing against employees by posing as senior management
  D. Performing spear phishing against employees by posing as senior management

  ---

  Explanation

• Question 269:

  The following line-numbered Python code snippet is being used in reconnaissance:

  

  Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

  A. Line 01
  B. Line 02
  C. Line 07
  D. Line 08
  D. Line 08

  ---

  Explanation

• Question 270:

  A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?

  A. Multiple handshakes
  B. IP addresses
  C. Encrypted file transfers
  D. User hashes sent over SMB
  B. IP addresses

  ---

  Explanation