CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 391:

  A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following:

  python -c 'import pty; pty.spawn("/bin/bash")'

  Which of the following actions Is the penetration tester performing?

  A. Privilege escalation
  B. Upgrading the shell
  C. Writing a script for persistence
  D. Building a bind shell
  B. Upgrading the shell

  ---

  Explanation

  The penetration tester is performing an action called upgrading the shell, which means improving the functionality and interactivity of the shell. By running the python command, the penetration tester is spawning a new bash shell that has features such as tab completion, command history, and job control. This can help the penetration tester to execute commands more easily and efficiently.

• Question 392:

  Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  A. Analyze the malware to see what it does.
  B. Collect the proper evidence and then remove the malware.
  C. Do a root-cause analysis to find out how the malware got in.
  D. Remove the malware immediately.
  E. Stop the assessment and inform the emergency contact.
  E. Stop the assessment and inform the emergency contact.

  ---

  Explanation

  Stopping the assessment and informing the emergency contact is the best thing to do next after identifying that an application being tested has already been compromised with malware. This is because continuing the assessment might interfere with an ongoing investigation or compromise evidence collection. The emergency contact is the person designated by the client who should be notified in case of any critical issues or incidents during the penetration testing engagement.

  https://www.redteamsecure.com/blog/my-company-was-hacked-now-what

• Question 393:

  Which section of a penetration testing report provides a high-level overview of findings, focusing on critical issues and their impact, and is intended for non-technical stakeholders?

  A. Executive summary
  B. Testing scope
  C. Statement of work
  D. Technical report
  A. Executive summary

  ---

  Explanation

  An executive summary provides a high-level overview of findings, focusing on critical issues and their impact. It is intended for non-technical stakeholders, aligning with CompTIA Pentest+ objectives on reporting and delivering results to diverse audiences. uk.co.certification.simulator.questionpool.PList@1d24981b

• Question 394:

  A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

  

  Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

  A. Telnet
  B. HTTP
  C. SMTP
  D. DNS
  E. NTP
  F. SNMP
  B. HTTP
  D. DNS

  ---

  Explanation

• Question 395:

  A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

  A. Wardriving
  B. Captive portal
  C. Deauthentication
  D. Impersonation
  D. Impersonation

  ---

  Explanation

  Impersonation attacks involve the penetration tester assuming the identity of a valid user to gain unauthorized access to systems or information. This method is particularly effective for gathering valid user credentials, as it can involve tactics such as phishing, social engineering, or exploiting weak authentication processes. The other options, such as Wardriving, Captive portal, and Deauthentication, are more focused on wireless network vulnerabilities and are less direct in obtaining user credentials.

• Question 396:

  Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

  A. Non-disclosure agreement
  B. Business associate agreement
  C. Assessment scope and methodologies
  D. Executive summary
  C. Assessment scope and methodologies

  ---

  Explanation

  The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination.

• Question 397:

  A penetration tester has prepared the following phishing email for an upcoming penetration test:

  

  Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

  A. Familiarity and likeness
  B. Authority and urgency
  C. Scarcity and fear
  D. Social proof and greed
  B. Authority and urgency

  ---

  Explanation

• Question 398:

  A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

  A. Halt the penetration test.
  B. Contact law enforcement.
  C. Deconflict with the penetration tester.
  D. Assume the alert is from the penetration test.
  C. Deconflict with the penetration tester.

  ---

  Explanation

  Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.

• Question 399:

  During an assessment, a penetration tester needs to perform a cloud asset discovery of an organization.

  Which of the following tools would most likely provide more accurate results in this situation?

  A. Pacu
  B. Scout Suite
  C. Shodan
  D. TruffleHog
  B. Scout Suite

  ---

  Explanation

  Scout Suite is an open-source multi-cloud security-auditing tool that enables security posture assessment of cloud environments. It is designed to provide a comprehensive and accurate analysis of cloud assets by using the APIs of cloud

  service providers. Scout Suite supports major cloud platforms, including AWS, Azure, and GCP, making it suitable for performing cloud asset discovery. Other tools listed, such as Pacu, Shodan, and TruffleHog, serve different purposes. Pacu

  is a cloud exploitation framework for AWS, Shodan is a search engine for internet-connected devices, and TruffleHog is a tool for searching for secrets in files. While they are valuable tools, Scout Suite is specifically tailored for comprehensive

  cloud asset discovery.

  References:

  Scout Suite GitHub page: Scout Suite

  Cloud security auditing examples from penetration testing reports and best practices.

• Question 400:

  Which of the following tools is specifically designed for detecting and exploiting SQL injection vulnerabilities in a database server penetration test?

  A. Burp Suite
  B. Nessus
  C. Nikto
  D. SQLmap
  D. SQLmap

  ---

  Explanation

  SQLmap is specifically designed for detecting and exploiting SQL injection vulnerabilities. For a database server penetration test, it automates the process of identifying vulnerabilities in SQL queries and helps in database enumeration. This corresponds to the CompTIA Pentest+ objective on identifying vulnerabilities in application security.

  uk.co.certification.simulator.questionpool.PList@7225fa3d