CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 271:

  A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

  A. Spawned shells
  B. Created user accounts
  C. Server logs
  D. Administrator accounts
  E. Reboot system
  F. ARP cache
  A. Spawned shells
  B. Created user accounts

  ---

  Explanation

  Removing shells: Remove any shell programs installed when performing the pentest.

  Removing tester-created credentials: Be sure to remove any user accounts created during the pentest. This includes backdoor accounts. Removing tools: Remove any software tools that were installed on the customer's systems that were

  used to aid in the exploitation of systems.

• Question 272:

  During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

  

  Which of the following vulnerabilities was the attacker trying to exploit?

  A. ..Session hijacking
  B. ..URL manipulation
  C. ..SQL injection
  D. ..Insecure direct object reference
  D. ..Insecure direct object reference

  ---

  Explanation

  The attacker is sequentially changing the serviceID parameter in the URL, likely in an attempt to access objects that they are not authorized to see. This is indicative of an attempt to exploit an Insecure Direct Object Reference (IDOR)

  vulnerability, where unauthorized access to objects can occur by manipulating input or changing parameters in the URL.

  An insecure direct object reference (IDOR) vulnerability occurs when an application exposes a reference to an internal object, such as a file, directory, database record, or key, without any proper authorization or validation mechanism. This

  allows an attacker to manipulate the reference and access other objects that they are not authorized to access. In this case, the attacker was trying to exploit the IDOR vulnerability in the servicestatus.php script, which accepts a serviceID

  parameter that directly references a service object. By changing the value of the serviceID parameter, the attacker could access different services that they were not supposed to see.

  References:

  The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.2: Insecure Direct Object References; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS)

  Attack.

• Question 273:

  A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks.

  Which of the following is the BEST method available to pivot and gain additional access to the network?

  A. Set up a captive portal with embedded malicious code.
  B. Capture handshakes from wireless clients to crack.
  C. Span deauthentication packets to the wireless clients.
  D. Set up another access point and perform an evil twin attack.
  C. Span deauthentication packets to the wireless clients.

  ---

  Explanation

  The best method available to pivot and gain additional access to the network is to span deauthentication packets to the wireless clients. This will cause them to disconnect from their wireless access point and reconnect using their hard-wired connection, which may have less restrictive ACLs. The penetration tester can then capture their traffic or attempt to compromise their systems.

• Question 274:

  A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site.

  Which of the following recommendations would BEST address this situation?

  A. Implement a recurring cybersecurity awareness education program for all users.
  B. Implement multifactor authentication on all corporate applications.
  C. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.
  D. Implement an email security gateway to block spam and malware from email communications.
  A. Implement a recurring cybersecurity awareness education program for all users.

  ---

  Explanation

  The simulated phishing attack showed that most of the employees were not able to recognize or avoid a common social engineering technique that could compromise their corporate credentials and expose sensitive data or systems. The best way to address this situation is to implement a recurring cybersecurity awareness education program for all users that covers topics such as phishing, password security, data protection, and incident reporting. This will help raise the level of security awareness and reduce the risk of falling victim to phishing attacks in the future. The other options are not as effective or feasible as educating users about phishing prevention techniques.

  https://resources.infosecinstitute.com/topic/top-9-free-phishing-simulators/

• Question 275:

  A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:

  comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.

  3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.

  Which of the following potential issues can the penetration tester identify based on this output?

  A. At least one of the records is out of scope.
  B. There is a duplicate MX record.
  C. The NS record is not within the appropriate domain.
  D. The SOA records outside the comptia.org domain.
  A. At least one of the records is out of scope.

  ---

  Explanation

• Question 276:

  During enumeration, a red team discovered that an external web server was frequented by employees.

  After compromising the server, which of the following attacks would BEST support compromising company systems?

  A. A side-channel attack
  B. A command injection attack
  C. A watering-hole attack
  D. A cross-site scripting attack
  C. A watering-hole attack

  ---

  Explanation

  The best attack that would support compromising company systems after compromising an external web server frequented by employees is a watering-hole attack, which is an attack that involves compromising a website that is visited by a specific group of users, such as employees of a target company, and injecting malicious code or content into the website that can infect or exploit the users' devices when they visit the website. A watering-hole attack can allow an attacker to compromise company systems by targeting their employees who frequent the external web server, and taking advantage of their trust or habit of visiting the website. A watering-hole attack can be performed by using tools such as BeEF, which is a tool that can hook web browsers and execute commands on them. The other options are not likely attacks that would support compromising company systems after compromising an external web server frequented by employees. A side- channel attack is an attack that involves exploiting physical characteristics or implementation flaws of a system or device, such as power consumption, electromagnetic radiation, timing, or sound, to extract sensitive information or bypass security mechanisms. A command injection attack is an attack that exploits a vulnerability in a system or application that allows an attacker to execute arbitrary commands on the underlying OS or shell. A cross-site scripting attack is an attack that exploits a vulnerability in a web application that allows an attacker to inject malicious scripts into web pages that are viewed by other users.

• Question 277:

  A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol.

  Which of the following methods would be the BEST to accomplish this objective?

  A. Wait for the next login and perform a downgrade attack on the server.
  B. Capture traffic using Wireshark.
  C. Perform a brute-force attack over the server.
  D. Use an FTP exploit against the server.
  B. Capture traffic using Wireshark.

  ---

  Explanation

  https://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b

• Question 278:

  During a security assessment of a web application, a penetration tester was able to generate the following application response:

  Unclosed quotation mark after the character string Incorrect syntax near ".

  Which of the following is the most probable finding?

  A. SQL injection
  B. Cross-site scripting
  C. Business logic flaw
  D. Race condition
  A. SQL injection

  ---

  Explanation

  The error message "Unclosed quotation mark after the character string Incorrect syntax near '." suggests that the application is vulnerable to SQL Injection (A). This type of vulnerability occurs when an attacker is able to inject malicious SQL queries into an application's database query. The error message indicates that the application's input handling allows for the manipulation of the underlying SQL queries, which can lead to unauthorized data access, data modification, and other database-related attacks.

• Question 279:

  During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

  A. Command injection
  B. Broken authentication
  C. Direct object reference
  D. Cross-site scripting
  C. Direct object reference

  ---

  Explanation

  Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does not implement authorization features to verify that someone accessing data on the site is allowed to access that data.

• Question 280:

  A penetration tester was able to gain access to a plaintext file on a user workstation. Upon opening the file, the tester notices some strings of randomly generated text. The tester is able to use these strings to move laterally throughout the network by accessing the fileshare on a web application.

  Which of the following should the organization do to remediate the issue?

  A. Sanitize user input.
  B. Implement password management solution.
  C. Rotate keys.
  D. Utilize certificate management.
  B. Implement password management solution.

  ---

  Explanation

  The presence of plaintext strings that can be used to move laterally across the network suggests that passwords or sensitive tokens are stored insecurely. Implementing a password management solution would help mitigate this issue by

  ensuring that passwords are stored securely and are not exposed in plaintext. Password managers typically use strong encryption to protect stored credentials and provide secure access to them. Sanitizing user input, rotating keys, and

  utilizing certificate management address different aspects of security but do not directly resolve the issue of insecure password storage.

  References:

  Importance of password management: NIST Password Guidelines Examples of security breaches due to poor password management practices:

  Forge.