CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 331:

  Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

  A. A quick description of the vulnerability and a high-level control to fix it
  B. Information regarding the business impact if compromised
  C. The executive summary and information regarding the testing company
  D. The rules of engagement from the assessment
  A. A quick description of the vulnerability and a high-level control to fix it

  ---

  Explanation

  The systems administrator and the technical stuff would be more interested in the technical aspect of the findings

• Question 332:

  A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue.

  Which of the following BEST describes this attack?

  A. Credential harvesting
  B. Privilege escalation
  C. Password spraying
  D. Domain record abuse
  A. Credential harvesting

  ---

  Explanation

  Credential harvesting is a type of attack that aims to collect usernames and passwords from unsuspecting users by tricking them into entering their credentials on a fake or spoofed website. Credential harvesting can be done by using phishing emails that lure users to click on malicious links or attachments that redirect them to the fake website. The fake website may look identical or similar to the legitimate one, but it will capture and store the user's credentials for later use by the attacker. In this case, the penetration tester set up a fake cloud mail login page and sent phishing emails to all company employees to harvest their credentials.

• Question 333:

  Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

  A. To remove hash-cracking registry entries
  B. To remove the tester-created Mimikatz account
  C. To remove tools from the server
  D. To remove a reverse shell from the system
  B. To remove the tester-created Mimikatz account

  ---

  Explanation

• Question 334:

  A penetration tester wrote the following script on a compromised system:

  #!/bin/bash

  network='10.100.100'

  ports='22 23 80 443'

  for x in {1 .. 254};

  do (nc -zv $network.$x $ports );

  done

  Which of the following would explain using this script instead of another tool?

  A. The typical tools could not be used against Windows systems.
  B. The configuration required the penetration tester to not utilize additional files.
  C. The Bash script will provide more thorough output.
  D. The penetration tester wanted to persist this script to run on reboot.
  B. The configuration required the penetration tester to not utilize additional files.

  ---

  Explanation

• Question 335:

  A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field:

  IMG SRC=vbscript:msgbox ("Vulnerable_to_Attack") ; >originalAttribute="SRC"originalPath="vbscript;msgbox ("Vulnerable_to_Attack ") ;>"

  When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays "Vulnerable_to_Attack." Which of the following vulnerabilities did the tester discover in the web application?

  A. SQL injection
  B. Command injection
  C. Cross-site request forgery
  D. Cross-site scripting
  D. Cross-site scripting

  ---

  Explanation

• Question 336:

  A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

  A. Run nmap with the -O, -p22, and -sC options set against the target.
  B. Run nmap with the -sV and -p22 options set against the target.
  C. Run nmap with the --script vulners option set against the target.
  D. Run nmap with the -sA option set against the target.
  C. Run nmap with the --script vulners option set against the target.

  ---

  Explanation

  Running nmap with the --script vulners option set against the target would best support the task of identifying CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running, as it will use an NSE script that checks for vulnerabilities based on version information from various sources, such as CVE databases. The --script option allows users to specify which NSE scripts to run during an Nmap scan.

• Question 337:

  Penetration tester who was exclusively authorized to conduct a physical assessment noticed there were no cameras pointed at the dumpster for company. The penetration tester returned at night and collected garbage that contained receipts for recently purchased networking :. The models of equipment purchased are vulnerable to attack.

  Which of the following is the most likely next step for the penetration?

  A. Alert the target company of the discovered information.
  B. Verify the discovered information is correct with the manufacturer.
  C. Scan the equipment and verify the findings.
  D. Return to the dumpster for more information.
  C. Scan the equipment and verify the findings.

  ---

  Explanation

  The most likely next step for the penetration tester is to scan the equipment and verify the findings, which is a process of using tools or techniques to probe or test the target equipment for vulnerabilities or weaknesses that can be exploited. Scanning and verifying the findings can help the penetration tester confirm that the models of equipment purchased are vulnerable to attack, and identify the specific vulnerabilities or exploits that affect them. Scanning and verifying the findings can also help the penetration tester prepare for the next steps of the assessment, such as exploiting or reporting the vulnerabilities. Scanning and verifying the findings can be done by using tools such as Nmap, which can scan hosts and networks for ports, services, versions, OS, or other information, or Metasploit, which can exploit hosts and networks using various payloads or modules. The other options are not likely next steps for the penetration tester. Alerting the target company of the discovered information is not a next step, but rather a final step, that involves reporting the findings and recommendations to the client after completing the assessment. Verifying the discovered information with the manufacturer is not a next step, as it may not provide accurate or reliable information about the vulnerabilities or exploits that affect the equipment, and it may also alert the manufacturer or the client of the assessment. Returning to the dumpster for more information is not a next step, as it may not yield any more useful or relevant information than what was already collected from the receipts.

• Question 338:

  A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

  x' OR role LIKE '%admin%

  Which of the following should be recommended to remediate this vulnerability?

  A. Multifactor authentication
  B. Encrypted communications
  C. Secure software development life cycle
  D. Parameterized queries
  D. Parameterized queries

  ---

  Explanation

  The best recommendation to remediate this vulnerability is to use parameterized queries in the web application. Parameterized queries are a way of preventing SQL injection attacks by separating the SQL statements from the user input. This way, the user input is treated as a literal value and not as part of the SQL statement. For example, instead of using x' OR role LIKE '%admin%, the user input would be passed as a parameter to a prepared statement that would check if it matches any value in the database.

• Question 339:

  Given the following code:

  

  Which of the following data structures is systems?

  A. A tuple
  B. A tree
  C. An array
  D. A dictionary
  D. A dictionary

  ---

  Explanation

  A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas. A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes. An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.

• Question 340:

  A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday.

  Which of the following should the security company have acquired BEFORE the start of the assessment?

  A. A signed statement of work
  B. The correct user accounts and associated passwords
  C. The expected time frame of the assessment
  D. The proper emergency contacts for the client
  A. A signed statement of work

  ---

  Explanation

  According to the CompTIA PenTest+ Study Guide, Exam PT0-0021, a statement of work (SOW) is a document that defines the scope, objectives, deliverables, and terms of a penetration testing project. It is a formal agreement between the

  service provider and the client that specifies what is expected from both parties, including the timeline, budget, resources, and responsibilities. A SOW is essential for any penetration testing engagement, as it helps to avoid

  misunderstandings, conflicts, and legal issues. The CompTIA PenTest+ Study Guide also provides an example of a SOW template that covers the following sections1:

  Project overview: A brief summary of the project's purpose, scope, objectives, and deliverables.

  Project scope: A detailed description of the target system, network, or application that will be tested, including the boundaries, exclusions, and assumptions. Project objectives: A clear statement of the expected outcomes and benefits of the

  project, such as identifying vulnerabilities, improving security posture, or complying with regulations.

  Project deliverables: A list of the tangible products or services that will be provided by the service provider to the client, such as reports, recommendations, or remediation plans. Project timeline: A schedule of the project's milestones and

  deadlines, such as kickoff meeting, testing phase, reporting phase, or closure meeting. Project budget: A breakdown of the project's costs and expenses, such as labor hours, travel expenses, tools, or licenses.

  Project resources: A specification of the project's human and technical resources, such as team members, roles, responsibilities, skills, or equipment. Project terms and conditions: A statement of the project's legal and contractual aspects,

  such as confidentiality, liability, warranty, or dispute resolution. The CompTIA PenTest+ Study Guide also explains why having a SOW is important before starting an assessment1:

  It establishes a clear and mutual understanding of the project's scope and expectations between the service provider and the client. It provides a basis for measuring the project's progress and performance against the agreed-upon objectives

  and deliverables.

  It protects both parties from potential risks or disputes that may arise during or after the project.