Which of the following should the penetration tester include in the report?
A. Old, insecure ciphers are in use. B. The 3DES algorithm should be deprecated. C. 2,048-bit symmetric keys are incompatible with MD5. D. This server should be upgraded to TLS 1.2.
A. Old, insecure ciphers are in use.
Explanation
The output of the Nmap command shows that the remote host supports RC4 ciphers, which are considered weak and vulnerable to several attacks, such as the BEAST and the RC4 NOMORE attacks. RC4 ciphers should not be used in modern TLS implementations, and they are not supported by TLS 1.3. Therefore, the penetration tester should include this finding in the report and recommend disabling RC4 ciphers on the server.
Question 342:
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?
A. Reach out to the primary point of contact B. Try to take down the attackers C. Call law enforcement officials immediately D. Collect the proper evidence and add to the final report
A. Reach out to the primary point of contact
Explanation
The penetration tester should reach out to the primary point of contact as soon as possible to inform them of the critical vulnerability and the active exploitation by cybercriminals. This is the most responsible and ethical course of action, as it allows the client to take immediate steps to mitigate the risk and protect their assets. The other options are not appropriate or effective in this situation. Trying to take down the attackers would be illegal and dangerous, as it may escalate the conflict or cause collateral damage. Calling law enforcement officials immediately would be premature and unnecessary, as it may involve disclosing confidential information or violating the scope of the engagement. Collecting the proper evidence and adding to the final report would be too slow and passive, as it would delay the notification and remediation of the vulnerability.
Question 343:
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security
Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner."
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop F. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
Explanation
These two behaviors would be considered unethical because they violate the principles of honesty, integrity, and confidentiality that penetration testers should adhere to. Failing to share critical vulnerabilities with the client would be dishonest and unprofessional, as it would compromise the quality and value of the assessment and potentially expose the client to greater risks. Seeking help in underground hacker forums by sharing the client's public IP address would be a breach of confidentiality and trust, as it would expose the client's identity and information to malicious actors who may exploit them.
Question 344:
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
---- Scanning URL: http://10.2.10.13/ ---
+
http://10.2.10.13/about (CODE:200|SIZE:1520)
+
http://10.2.10.13/home.html (CODE:200|SIZE:214)
+
http://10.2.10.13/index.html (CODE:200|SIZE:214)
+
http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 ?FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?
A. index.html B. about C. info D. home.html
B. about
Explanation
The element /about is most likely to contain useful information for the penetration tester, as it may reveal details about the website's owner, purpose, history, contact information, etc. This information can be used for further reconnaissance, social engineering, or identifying potential vulnerabilities.
Question 345:
A company provided the following network scope for a penetration test:
169.137.1.0/24
221.10.1.0/24
149.14.1.0/24
A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party.
Which of the following stakeholders is responsible for this mistake?
A. The company that requested the penetration test B. The penetration testing company C. The target host's owner D. The penetration tester E. The subcontractor supporting the test
A. The company that requested the penetration test
Explanation
The company that requested the penetration test is responsible for providing the correct and accurate network scope for the test. The network scope defines the boundaries and limitations of the test, such as which IP addresses, domains, systems, or networks are in scope or out of scope. If the company provided an incorrect network scope that included an IP address that belongs to a third party, then it is responsible for this mistake. The penetration testing company, the target host's owner, the penetration tester, and the subcontractor supporting the test are not responsible for this mistake, as they relied on the network scope provided by the company that requested the penetration test.
Question 346:
Penetration tester is developing exploits to attack multiple versions of a common software package. The versions have different menus and )ut.. they have a common log-in screen that the exploit must use. The penetration tester develops code to perform the log-in that can be each of the exploits targeted to a specific version.
Which of the following terms is used to describe this common log-in code example?
A. Conditional B. Library C. Dictionary D. Sub application
B. Library
Explanation
The term that is used to describe the common log-in code example is library, which is a collection of reusable code or functions that can be imported or called by other programs or scripts. A library can help simplify or modularize the code development process by providing common or frequently used functionality that can be shared across different programs or scripts. In this case, the penetration tester develops a library of code to perform the log-in that can be imported or called by each of the exploits targeted to a specific version of the software package. The other options are not valid terms that describe the common log-in code example. Conditional is a programming construct that executes a block of code based on a logical condition or expression, such as if-else statements. Dictionary is a data structure that stores key-value pairs, where each key is associated with a value, such as a Python dictionary. Sub application is not a standard programming term, but it may refer to an application that runs within another application, such as a web application.
Question 347:
A client evaluating a penetration testing company requests examples of its work.
Which of the following represents the BEST course of action for the penetration testers?
A. Redact identifying information and provide a previous customer's documentation. B. Allow the client to only view the information while in secure spaces. C. Determine which reports are no longer under a period of confidentiality. D. Provide raw output from penetration testing tools.
C. Determine which reports are no longer under a period of confidentiality.
Explanation
Penetration testing reports contain sensitive information about the vulnerabilities and risks of a customer's systems and networks. Therefore, penetration testers should respect the confidentiality and privacy of their customers and only share their reports with authorized parties. Penetration testers should also follow the terms and conditions of their contracts with their customers, which may include a period of confidentiality that prohibits them from disclosing any information related to the testing without the customer's consent.
Question 348:
In a wireless network assessment, penetration testers would like to discover and gather information about accessible wireless networks in the target area. Which of the following is the most suitable method of finding this information?
A. Token scoping B. RFID cloning C. Wardriving D. WAF detection E. Jamming
C. Wardriving
Explanation
Question 349:
A penetration tester is conducting an engagement against an internet-facing web application and planning a phishing campaign.
Which of the following is the BEST passive method of obtaining the technical contacts for the website?
A. WHOIS domain lookup B. Job listing and recruitment ads C. SSL certificate information D. Public data breach dumps
A. WHOIS domain lookup
Explanation
The BEST passive method of obtaining the technical contacts for the website would be a WHOIS domain lookup. WHOIS is a protocol that provides information about registered domain names, such as the registration date, registrant's name and contact information, and the name servers assigned to the domain. By performing a WHOIS lookup, the penetration tester can obtain the contact information of the website's technical staff, which can be used to craft a convincing phishing email.
Question 350:
For an engagement, a penetration tester is required to use only local operating system tools for file transfer.
Which of the following options should the penetration tester consider?
A. Netcat B. WinSCP C. Filezilla D. Netstat
A. Netcat
Explanation
Netcat is a versatile networking utility which reads and writes data across network connections, using the TCP/IP protocol. It's included in many Linux distributions and is available for Windows as well. Since the requirement is to use only local operating system tools for file transfer, Netcat is a suitable option because it can easily be scripted or used directly from the command line to send and receive files, making it a powerful tool for file transfers in a penetration testing context. Options B and C, WinSCP and Filezilla, are not typically considered local operating system tools as they are third-party applications that need to be installed. Option D, Netstat, is a network utility that displays network connections, routing tables, and a number of network interface and network protocol statistics, and is not used for file transfers.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your PT0-002 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.