CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 291:

  The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:

  A. NDA
  B. SLA
  C. MSA
  D. SOW
  A. NDA

  ---

  Explanation

  The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the NDA, which stands for Non-Disclosure Agreement. The NDA is a legal agreement between two or more parties that outlines confidential material or knowledge that the parties wish to share with one another, but with restrictions on access, use or disclosure of that information. The NDA is commonly used in the context of penetration testing to protect the client's sensitive information that the tester may have access to during the engagement. The NDA defines the terms of confidentiality and non-disclosure of information related to the engagement, including the responsibilities and obligations of both the tester and the client to ensure that any information exchanged or obtained during the engagement is kept confidential and not disclosed to unauthorized parties. This is particularly important in penetration testing, as the tester is granted access to the client's network and systems, and may uncover vulnerabilities or sensitive information that should not be disclosed to unauthorized parties. In summary, the NDA plays a crucial role in defining the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure of confidential information, and is an important legal instrument for protecting the client's sensitive information during a penetration testing engagement.

• Question 292:

  Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)

  A. OWASP ZAP
  B. Nmap
  C. Nessus
  D. BeEF
  E. Hydra
  F. Burp Suite
  A. OWASP ZAP
  F. Burp Suite

  ---

  Explanation

• Question 293:

  A penetration tester exploits a vulnerable service to gain a shell on a target server. The tester receives the following:

  Directory of C:\Users\Guest 05/13/2022 09:23 PM mimikatz.exe 05/18/2022 09:24 PM mimidrv.sys 05/18/2022 09:24 PM mimilib.dll

  Which of the following best describes these findings?

  A. Indicators of prior compromise
  B. Password encryption tools
  C. False positives
  D. De-escalation attempts
  A. Indicators of prior compromise

  ---

  Explanation

  The presence of files such as mimikatz.exe, mimidrv.sys, and mimilib.dll on a target server indicates prior compromise. Mimikatz is a well-known post-exploitation tool used for extracting plaintext passwords, hash dumps, PIN codes, and Kerberos tickets from memory. These files suggest that an attacker has previously gained access to the system and used Mimikatz for credential harvesting. This is a strong indicator of a prior security breach rather than tools used for password encryption or false positives.

  References: Mimikatz Usage and Detection Understanding Indicators of Compromise

• Question 294:

  A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.

  Which of the following techniques would BEST accomplish this goal?

  A. RFID cloning
  B. RFID tagging
  C. Meta tagging
  D. Tag nesting
  D. Tag nesting

  ---

  Explanation

  since vlan hopping requires 2 vlans to be nested in a single packet. Double tagging occurs when an attacker adds and modifies tags on an Ethernet frame to allow the sending of packets through any VLAN. This attack takes advantage of how

  many switches process tags. Most switches will only remove the outer tag and forward the frame to all native VLAN ports. With that said, this exploit is only successful if the attacker belongs to the native VLAN of the trunk link. https://

  cybersecurity.att.com/blogs/security-essentials/vlan-hopping- and-mitigation

  Tag nesting is a technique that involves inserting two VLAN tags into an Ethernet frame to bypass VLAN hopping prevention mechanisms. The first tag is stripped by the first switch, and the second tag is processed by the second switch,

  allowing the frame to reach a different VLAN than intended. RFID cloning is a technique that involves copying the data from an RFID tag to another tag or device. RFID tagging is a technique that involves attaching an RFID tag to an object or

  person for identification or tracking purposes. Meta tagging is a technique that involves adding metadata to web pages or files for search engine optimization or classification purposes.

• Question 295:

  A penetration tester noticed that an employee was using a wireless headset with a smartphone.

  Which of the following methods would be best to use to intercept the communications?

  A. Multiplexing
  B. Bluejacking
  C. Zero-day attack
  D. Smurf attack
  B. Bluejacking

  ---

  Explanation

  To intercept the communications between an employee's wireless headset and smartphone, the penetration tester would likely use "Bluejacking". Bluejacking involves sending unsolicited messages to Bluetooth-enabled devices, but in the context of penetration testing and security, it can also encompass techniques for intercepting or hijacking Bluetooth connections. This could allow the tester to eavesdrop on communications or even take control of the headset.

• Question 296:

  Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

  A. Executive summary
  B. Vulnerability severity rating
  C. Recommendations of mitigation
  D. Methodology
  B. Vulnerability severity rating

  ---

  Explanation

  The vulnerability severity rating element of a penetration testing report provides a normalized and standardized representation of discovered vulnerabilities and their threat levels. It typically involves assigning a numerical or categorical score (such as low, medium, high, critical) to each vulnerability based on factors like exploitability, impact, and the context in which the vulnerability exists. This helps in prioritizing the vulnerabilities for remediation and provides a clear understanding of the risk they pose to the system or network.

• Question 297:

  A penetration tester receives the following results from an Nmap scan:

  

  Which of the following OSs is the target MOST likely running?

  A. CentOS
  B. Arch Linux
  C. Windows Server
  D. Ubuntu
  C. Windows Server

  ---

  Explanation

• Question 298:

  Which of the following is most important to include in the final report of a static application- security test that was written with a team of application developers as the intended audience?

  A. Executive summary of the penetration-testing methods used
  B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  C. Quantitative impact assessments given a successful software compromise
  D. Code context for instances of unsafe typecasting operations
  D. Code context for instances of unsafe typecasting operations

  ---

  Explanation

  A static application-security test (SAST) is a type of software testing that analyzes the source code, bytecode or binary code of an application for potential vulnerabilities, such as injection flaws, cross-site scripting, buffer overflows and insecure data handling. A SAST report should provide the application developers with detailed information about the location, severity and impact of the identified vulnerabilities, as well as recommendations for remediation. One of the most important elements to include in a SAST report is the code context for each vulnerability, which shows the relevant code snippets where the issue occurs, as well as the data flow and control flow paths that lead to the vulnerability. This helps the developers understand the root cause of the problem and how to fix it. Code context is especially important for instances of unsafe typecasting operations, which are a common source of security weaknesses in applications. Typecasting is the process of converting one data type to another, such as from an integer to a string. Unsafe typecasting occurs when the conversion is done without proper validation or sanitization, which can lead to unexpected behavior, memory corruption, data loss or code execution. For example, in C/C++, casting a pointer to an incompatible type can result in undefined behavior or buffer overflows. Therefore, a SAST report should include the code context for instances of unsafe typecasting operations, so that the developers can review and correct them.

• Question 299:

  A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

  

  Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

  A. sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.
  B. *range(1, 1025) on line 1 populated the portList list in numerical order.
  C. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM
  D. The remoteSvr variable has neither been type-hinted nor initialized.
  B. *range(1, 1025) on line 1 populated the portList list in numerical order.

  ---

  Explanation

  Port randomization is widely used in port scanners. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons) https://nmap.org/book/man-portspecification.html

• Question 300:

  Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  A. Nessus
  B. Metasploit
  C. Burp Suite
  D. Ethercap
  B. Metasploit

  ---

  Explanation