CompTIA CompTIA PenTest+ PT0-002 Questions & Answers

• Question 31:

  A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

  A. Aircrack-ng

  B. Wireshark

  C. Wifite

  D. Kismet

  Correct Answer: A

  Reference: https://purplesec.us/perform-wireless-penetration-test/

• Question 32:

  A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

  A. Nmap-s 445-Pn-T5 172.21.0.0/16

  B. Nmap-p 445-n-T4-open 172.21.0.0/16

  C. Nmap-sV--script=smb* 172.21.0.0/16

  D. Nmap-p 445-max-sT 172. 21.0.0/16

  Correct Answer: C

  The best option when stealth is not a concern and the task is time sensitive is to use the command: Nmap-sV--script=smb* 172.21.0.0/16. This command will use version detection and SMB scripts to scan for port 445 on the given IP range. The-sV option will cause Nmap to detect the version of services running on the ports, which is helpful for identifying vulnerabilities, and the--script=smb* option will cause Nmap to run all of the SMB related scripts. The-T4 option can be used to speed up the scan, as it increases the timing probes.

• Question 33:

  The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

  A. nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt

  B. nmap iR10oX out.xml | grep Nmap | cut d "f5 > live-hosts.txt

  C. nmap PnsV OiL target.txt A target_text_Service

  D. nmap sSPn n iL target.txt A target_txtl

  Correct Answer: A

  According to the Official CompTIA PenTest+ Self-Paced Study Guide1, the correct answer is A. nmap-sn-n-exclude 10.1.1.15 10.1.1.0/24-oA target_txt. This command will perform a ping scan (-sn) without reverse DNS resolution (-n) on the IP range 10.1.1.0/24, excluding the attack machine's IP address (10.1.1.15) from the scan (- exclude). It will also output the results in three formats (normal, grepable and XML) with a base name of target_txt (-oA).

• Question 34:

  Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

  A. Use of non-optimized sort functions

  B. Poor input sanitization

  C. Null pointer dereferences

  D. Non-compliance with code style guide

  E. Use of deprecated Javadoc tags

  F. A cydomatic complexity score of 3

  Correct Answer: BC

• Question 35:

  A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?

  A. Set up a captive portal with embedded malicious code.

  B. Capture handshakes from wireless clients to crack.

  C. Span deauthentication packets to the wireless clients.

  D. Set up another access point and perform an evil twin attack.

  Correct Answer: C

• Question 36:

  During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser:

  unauthorized to view this page.

  Which of the following BEST explains what occurred?

  A. The SSL certificates were invalid.

  B. The tester IP was blocked.

  C. The scanner crashed the system.

  D. The web page was not found.

  Correct Answer: B

• Question 37:

  A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

  A. As backup in case the original documents are lost

  B. To guide them through the building entrances

  C. To validate the billing information with the client

  D. As proof in case they are discovered

  Correct Answer: D

  Reference: https://hub.packtpub.com/penetration-testing-rules-of-engagement/

• Question 38:

  A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:

  python-c 'import pty; pty.spawn("/bin/bash")'

  Which of the following actions Is the penetration tester performing?

  A. Privilege escalation

  B. Upgrading the shell

  C. Writing a script for persistence

  D. Building a bind shell

  Correct Answer: B

• Question 39:

  A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

  A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

  B. wmic startup get caption,command

  C. crontab -l; echo "@reboot sleep 200 andand ncat -lvp 4242-e /bin/bash") | crontab 2>/dev/null

  D. sudo useradd-ou 0 -g 0 user

  Correct Answer: A

• Question 40:

  Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

  A. Dictionary

  B. Directory

  C. Symlink

  D. Catalog

  E. For-loop

  Correct Answer: A