CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 371:

  A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR."

  Which of the following attacks is being attempted?

  A. SQL injection
  B. HTML injection
  C. Remote command injection
  D. DLL injection
  A. SQL injection

  ---

  Explanation

  WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data. Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.

• Question 372:

  HOTSPOT

  You are a security analyst tasked with hardening a web server.

  You have been given a list of HTTP payloads that were flagged as malicious.

  INSTRUCTIONS

  Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Explanation

• Question 373:

  A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  A. Alternate data streams
  B. PowerShell modules
  C. MP4 steganography
  D. PsExec
  A. Alternate data streams

  ---

  Explanation

  Alternate data streams (ADS) are a feature of the NTFS file system that allows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially crafted binary for later execution. ADS can be created or accessed using various tools or commands, such as the command prompt, PowerShell, or Sysinternals12. For example, the following command can create an ADS named secret.exe in a file named test.txt and run it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe and wmic process call create "cmd.exe /c test.txt:secret.exe"

• Question 374:

  During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)

  A. Cross-site scripting
  B. Server-side request forgery
  C. SQL injection
  D. Log poisoning
  E. Cross-site request forgery
  F. Command injection
  D. Log poisoning
  F. Command injection

  ---

  Explanation

  Local File Inclusion (LFI) is a web vulnerability that allows an attacker to include files on a server through the web browser. This can expose sensitive information or lead to remote code execution.

  Some possible next steps that a penetration tester can try after exploiting an LFI vulnerability are:

  Log poisoning: This involves injecting malicious code into the web server's log files and then including them via LFI to execute the code34. PHP wrappers: These are special streams that can be used to manipulate files or data via LFI. For

  example, php://input can be used to pass arbitrary data to an LFI script, or php://filter can be used to encode or decode files5.

• Question 375:

  Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

  A. NDA
  B. MSA
  C. SOW
  D. MOU
  C. SOW

  ---

  Explanation

  The SOW describes the specific activities, deliverables, and schedules for a penetration tester. The other documents are not relevant for this purpose. An NDA is a non-disclosure agreement that protects the confidentiality of the client's information. An MSA is a master service agreement that defines the general terms and conditions of a business relationship. An MOU is a memorandum of understanding that expresses a common intention or agreement between parties.

• Question 376:

  During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

  A. Badge cloning
  B. Watering-hole attack
  C. Impersonation
  D. Spear phishing
  D. Spear phishing

  ---

  Explanation

  Spear phishing is a type of targeted attack where the attacker sends emails that appear to come from a legitimate source, often a company or someone familiar to the target, with the goal of tricking the target into clicking on a malicious link or providing sensitive information. In this case, the penetration tester has already gathered OSINT on the IT system administrator, so they can use this information to craft a highly targeted spear phishing attack to try and gain access to the target system.

• Question 377:

  A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data. Which of the following should the tester verify FIRST to assess this risk?

  A. Whether sensitive client data is publicly accessible
  B. Whether the connection between the cloud and the client is secure
  C. Whether the client's employees are trained properly to use the platform
  D. Whether the cloud applications were developed using a secure SDLC
  A. Whether sensitive client data is publicly accessible

  ---

  Explanation

• Question 378:

  Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?

  A. Scope details
  B. Findings
  C. Methodology
  D. Statement of work
  C. Methodology

  ---

  Explanation

• Question 379:

  A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems.

  Which of the following tools can help the tester identify the number of systems on which the password can be used?

  A. Hydra
  B. John the Ripper
  C. Cain and Abel
  D. Medusa
  D. Medusa

  ---

  Explanation

  Both Hydra and Medusa can be used for that same purpose:

  THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.

  Medusa is a Parallel, Modular and Speedy method for brute-force which issued for remote authentication. Following are the applications and protocols like modular design, Thread based parallel testing and flexible user input and protocols are AFP, CVS, FTP, HTTP, IMAP etc.

• Question 380:

  Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?

  A. Peach
  B. WinDbg
  C. GDB
  D. OllyDbg
  C. GDB

  ---

  Explanation

  OLLYDBG, WinDBG, and IDA are all debugging tools that support Windows environments. GDB is a Linuxspecific debugging tool. GDB is a tool that can be used to analyze and debug executable binaries, especially on Linux systems. GDB can disassemble, decompile, set breakpoints, examine memory, modify registers, and perform other operations on binaries. GDB can help a penetration tester understand the functionality, behavior, and vulnerabilities of an unknown binary. Peach is a tool that can be used to perform fuzzing, which is a technique of sending malformed or random data to a target to trigger errors or crashes. WinDbg and OllyDbg are tools that can be used to analyze and debug executable binaries, but they are mainly designed for Windows systems.