CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 281:

  A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

  A. Nmap
  B. Nikto
  C. Cain and Abel
  D. Ethercap
  B. Nikto

  ---

  Explanation

  https://hackertarget.com/nikto-website-scanner/

• Question 282:

  Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

  A. Unsupported operating systems
  B. Susceptibility to DDoS attacks
  C. Inability to network
  D. The existence of default passwords
  D. The existence of default passwords

  ---

  Explanation

  Default passwords are a common vulnerability for IoT devices, making them easy targets for unauthorized access if these passwords are not changed

• Question 283:

  A company recruited a penetration tester to configure wireless IDS over the network.

  Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

  A. Aircrack-ng
  B. Wireshark
  C. Wifite
  D. Kismet
  A. Aircrack-ng

  ---

  Explanation

  Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

  https://purplesec.us/perform-wireless-penetration-test/

• Question 284:

  During an engagement, a penetration tester was able to upload to a server a PHP file with the following content:

  Which of the following commands should the penetration tester run to successfully achieve RCE?

  A. python3 -c "import requests;print (requests.post (url='http://172.16.200.10/uploads/shell.php', data={'cmd=id'}))"
  B. python3 -c "import requests;print (requests.post(url='http://172.16.200.10/uploads/shell.php', data= ('cmd':'id') ) .text) "
  C. python3 -c "import requests;print (requests.get (url='http://172.16.200.10/uploads/shell.php', params= {'cmd':'id'}) )"
  D. python3 -c "import requests;print (requests.get (url='http://172.16.200.10/uploads/shell.php', params= ('cmd':'id'}) .text) "
  A. python3 -c "import requests;print (requests.post (url='http://172.16.200.10/uploads/shell.php', data={'cmd=id'}))"

  ---

  Explanation

  The PHP file uploaded by the penetration tester allows for Remote Code Execution (RCE) by executing the command supplied through the cmd POST parameter. To exploit this, the penetration tester needs to send a POST request to the

  PHP file with the command they want to execute.

  Among the given options, Option A is the most suitable for achieving RCE:

  It uses Python's requests library to send a POST request, which is appropriate because the PHP script expects data through the POST method. The data parameter in the requests.post function is correctly formatted as a dictionary, which is

  the expected format for sending form data in POST requests. It includes the key cmd with the value id, which is a common command used to display the current user ID and group ID. The only minor issue with Option A is that it prints the

  entire response object, which includes not just the response content but also metadata like status code and headers. To print just the response content (which would include the output of the id command), appending .text to the requests.post

  call would be more precise, but this is a small detail and does not affect the execution of the command.

  The other options have various issues:

  Option B is close but has a syntax error in the data argument. It uses parentheses () instead of curly braces {} for the dictionary, and also lacks the .text at the end to print the response content. Options C and D use the requests.get method,

  which is not suitable in this scenario because the PHP script is expecting data through the POST method, not the GET method. Additionally, Option D has a syntax error similar to Option

  B.

• Question 285:

  A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours.

  Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

  A. A handheld RF spectrum analyzer
  B. A mask and personal protective equipment
  C. Caution tape for marking off insecure areas
  D. A dedicated point of contact at the client
  E. The paperwork documenting the engagement
  F. Knowledge of the building's normal business hours
  D. A dedicated point of contact at the client
  E. The paperwork documenting the engagement

  ---

  Explanation

  Always carry the contact information and any documents stating that you are approved to do this.

• Question 286:

  A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

  

  Which of the following would be a recommendation for remediation?

  A. Deploy a user training program
  B. Implement a patch management plan
  C. Utilize the secure software development life cycle
  D. Configure access controls on each of the servers
  B. Implement a patch management plan

  ---

  Explanation

• Question 287:

  A penetration tester writes the following script:

  

  Which of the following is the tester performing?

  A. Searching for service vulnerabilities
  B. Trying to recover a lost bind shell
  C. Building a reverse shell listening on specified ports
  D. Scanning a network for specific open ports
  D. Scanning a network for specific open ports

  ---

  Explanation

  -z zero-I/O mode [used for scanning] -v verbose example output of script:

  10.0.0.1: inverse host lookup failed: Unknown host (UNKNOWN) [10.0.0.1] 22 (ssh) open (UNKNOWN) [10.0.0.1] 23 (telnet) : Connection timed out

  https://unix.stackexchange.com/questions/589561/what-is-nc-z-used-for

• Question 288:

  A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier. Which of the following is the BEST action for the penetration tester to take?

  A. Utilize the tunnel as a means of pivoting to other internal devices.
  B. Disregard the IP range, as it is out of scope.
  C. Stop the assessment and inform the emergency contact.
  D. Scan the IP range for additional systems to exploit.
  D. Scan the IP range for additional systems to exploit.

  ---

  Explanation

• Question 289:

  During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:

  <% String id = request.getParameter("id"); %>

  Employee ID: <%= id %>

  Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?

  A. Parameterized queries
  B. Patch application
  C. Output encoding
  C. Output encoding

  ---

  Explanation

  Output encoding is a technique that prevents cross-site scripting (XSS) attacks by encoding the user input before displaying it on the web page. This way, any malicious scripts or HTML tags are rendered harmless and cannot execute on the

  browser. Output encoding is recommended by the OWASP Top 10 as a defense against XSS. In this case, the vulnerable code is using a scriptlet to display the employee ID without any validation or encoding, which could allow an attacker to

  inject malicious code through the id parameter. Output encoding would prevent this by escaping any special characters in the id parameter.

  References:

  The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.1: Cross-site Scripting; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack; OWASP

  Top 10 2021, A7: Cross-site Scripting (XSS).

• Question 290:

  A security firm is discussing the results of a penetration test with a client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following best describes the action taking place?

  A. Maximizing the likelihood of finding vulnerabilities
  B. Reprioritizing the goals/objectives
  C. Eliminating the potential for false positives
  D. Reducing the risk to the client environment
  B. Reprioritizing the goals/objectives

  ---

  Explanation

  The action of shifting the focus of a penetration test to a specific critical network segment based on the findings during the engagement best aligns with

  B. Reprioritizing the goals/objectives. because as the client is choosing to change the focus of the testing to a particular area based on the findings. It reflects an adjustment of the original plan or goals to better suit the current understanding of the system's security posture.