CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 351:

  A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

  A. iam_enum_permissions
  B. iam_privesc_scan
  C. iam_backdoor_assume_role
  D. iam_bruteforce_permissions
  A. iam_enum_permissions

  ---

  Explanation

  The iam_enum_permissions module will enable the tester to determine the level of access of the existing user in the cloud environment of a company, as it will list all permissions associated with an IAM user3. IAM (Identity and Access Management) is a service that enables users to manage access and permissions for AWS resources. Pacu is a tool that can be used to perform penetration testing on AWS environments4.

  https://essay.utwente.nl/76955/1/Szabo_MSc_EEMCS.pdf (37)

• Question 352:

  A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:

  Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting

  Which of the following methodologies does the client use?

  A. OWASP Web Security Testing Guide
  B. PTES technical guidelines
  C. NIST SP 800-115
  D. OSSTMM
  B. PTES technical guidelines

  ---

  Explanation

  https://kirkpatrickprice.com/blog/stages-of-penetration-testing-according-to- ptes/

• Question 353:

  A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

  

  Which of the following tools will help the tester prepare an attack for this scenario?

  A. Hydra and crunch
  B. Netcat and cURL
  C. Burp Suite and DIRB
  D. Nmap and OWASP ZAP
  B. Netcat and cURL

  ---

  Explanation

  Netcat and cURL are tools that will help the tester prepare an attack for this scenario, as they can be used to establish a TCP connection, send payloads, and receive responses from the target web server. Netcat is a versatile tool that can create TCP or UDP connections and transfer data between hosts. cURL is a tool that can transfer data using various protocols, such as HTTP, FTP, SMTP, etc. The tester can use these tools to exploit the PHP script that executes shell commands with the value of the "item" variable.

• Question 354:

  A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables. Which of the following should be included as a recommendation in the remediation report?

  A. Stronger algorithmic requirements
  B. Access controls on the server
  C. Encryption on the user passwords
  D. A patch management program
  A. Stronger algorithmic requirements

  ---

  Explanation

• Question 355:

  A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

  A. Specially craft and deploy phishing emails to key company leaders.
  B. Run a vulnerability scan against the company's external website.
  C. Runtime the company's vendor/supply chain.
  D. Scrape web presences and social-networking sites.
  D. Scrape web presences and social-networking sites.

  ---

  Explanation

• Question 356:

  An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems. Which of the following is the penetration tester trying to accomplish?

  A. Uncover potential criminal activity based on the evidence gathered.
  B. Identify all the vulnerabilities in the environment.
  C. Limit invasiveness based on scope.
  D. Maintain confidentiality of the findings.
  C. Limit invasiveness based on scope.

  ---

  Explanation

• Question 357:

  A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application.

  Which of the following is the best for the tester to use?

  A. JSON
  B. Lists
  C. XLS
  D. Trees
  A. JSON

  ---

  Explanation

  JSON (JavaScript Object Notation) is the best format for a penetration tester to use when they need the output of a reconnaissance script in a standardized machine- readable format to pass data to another application. JSON is widely

  supported across different programming languages and platforms, making it an ideal choice for data interchange. It allows for the hierarchical organization of data, is easy to read and write, and can be parsed and generated by numerous

  tools and libraries. This makes JSON a versatile and practical choice for a variety of applications in penetration testing and beyond.

  References:

  RFC 8259 - The JavaScript Object Notation (JSON) Data Interchange Format OWASP - JSON Security

• Question 358:

  A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

  A. The web server is using a WAF.
  B. The web server is behind a load balancer.
  C. The web server is redirecting the requests.
  D. The local antivirus on the web server Is rejecting the connection.
  A. The web server is using a WAF.

  ---

  Explanation

  A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.

• Question 359:

  A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.

  Which of the following are considered passive reconnaissance tools? (Choose two.)

  A. Wireshark
  B. Nessus
  C. Retina
  D. Burp Suite
  E. Shodan
  F. Nikto
  A. Wireshark
  E. Shodan

  ---

  Explanation

  Wireshark and Shodan are two tools that can be used to perform passive reconnaissance, which means collecting information from publicly available sources without interacting with the target or revealing one's identity. Wireshark is a tool that can be used to capture and analyze network traffic, such as packets, protocols, or sessions, without sending any data to the target. Shodan is a tool that can be used to search for devices or services on the internet, such as web servers, routers, cameras, or firewalls, without contacting them directly. The other tools are not passive reconnaissance tools, but rather active reconnaissance tools, which means interacting with the target or sending data to it. Nessus and Retina are tools that can be used to perform vulnerability scanning, which involves sending probes or requests to the target and analyzing its responses for potential weaknesses. Burp Suite is a tool that can be used to perform web application testing, which involves intercepting and modifying web requests and responses between the browser and the server.

  https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

• Question 360:

  A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions.

  Which of the following is the MOST likely culprit?

  A. Patch installations
  B. Successful exploits
  C. Application failures
  D. Bandwidth limitations
  B. Successful exploits

  ---

  Explanation

  Successful exploits could cause network disruptions, service outages, or data corruption, which could affect the connectivity and functionality of the oil rig network. Patch installations, application failures, and bandwidth limitations are less likely to be related to the penetration testing activities.