CompTIA PT0-002 Online Practice Questions and Exam Preparation

CompTIA PT0-002 Online Questions & Answers

• Question 71:

  A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?

  A. nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100
  B. nmap -TO -p 80 10.0.0.0/16
  C. nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60
  D. nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80
  C. nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60

  ---

  Explanation

  The nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60 command is used to scan the 10.0.0.0/16 subnet for web servers (port 80) at a maximum rate of 60 packets per minute. The -T4 option sets the timing template to "aggressive", which speeds up the scan. The -- max-rate option limits the number of packets sent per second, helping to bypass the network IPS that isolates the source when the scan exceeds 100 packets per minute12.

• Question 72:

  A penetration tester is enumerating shares and receives the following output:

  

  Which of the following should the penetration tester enumerate next?

  A. dev
  B. print$
  C. home
  D. notes
  A. dev

  ---

  Explanation

• Question 73:

  A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom.

  Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

  A. Shoulder surfing
  B. Call spoofing
  C. Badge stealing
  D. Tailgating
  E. Dumpster diving
  F. Email phishing
  C. Badge stealing
  D. Tailgating

  ---

  Explanation

• Question 74:

  Given the following code:

  $p = (80, 110, 25)

  $network = (192.168.0)

  $range = 1 .. 254

  $ErrorActionPreference = 'silentlycontinue'

  $Foreach ($add in $range)

  $Foreach ($x in $p)

  { {$ip = "{0} . {1} -F $network, $add"

  If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)

  {$socket = new-object System.Net. Sockets. TcpClient (andip, $x)

  If ($socket. Connected) { $ip $p open"

  $socket. Close () }

  }

  }}

  Which of the following tasks could be accomplished with the script?

  A. Reverse shell
  B. Ping sweep
  C. File download
  D. Port scan
  D. Port scan

  ---

  Explanation

  The script is performing a port scan on the network 192.168.0.0/24, by testing the connectivity of three ports (80, 110, 25) on each IP address in the range 1-254. A port scan is a technique used to identify open ports and services on a target host or network. It can be used for reconnaissance, vulnerability assessment, or penetration testing.

• Question 75:

  During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

  nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191

  The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports.

  Which of the following does this information most likely indicate?

  A. All of the ports in the target range are closed.
  B. Nmap needs more time to scan the ports in the target range.
  C. The ports in the target range cannot be scanned because they are common UDP ports.
  D. All of the ports in the target range are open
  A. All of the ports in the target range are closed.

  ---

  Explanation

  The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST

  packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed.

  References:

  [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]

• Question 76:

  A penetration tester is explaining the MITRE ATTandCK framework to a company's chief legal counsel.

  Which of the following would the tester MOST likely describe as a benefit of the framework?

  A. Understanding the tactics of a security intrusion can help disrupt them.
  B. Scripts that are part of the framework can be imported directly into SIEM tools.
  C. The methodology can be used to estimate the cost of an incident better.
  D. The framework is static and ensures stability of a security program overtime.
  A. Understanding the tactics of a security intrusion can help disrupt them.

  ---

  Explanation

  https://attack.mitre.org/

• Question 77:

  DRAG DROP

  A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the “false positive” token to the “Confirmed” column for each vulnerability that is a false positive.

  Select and Place:

  

  

  Explanation

• Question 78:

  Which of the following documents specifies the scope, boundaries, and procedures of a penetration test, ensuring alignment with the client's security policies?

  A. ROE
  B. MOU
  C. SLA
  D. NDA
  A. ROE

  ---

  Explanation

  The Rules of Engagement (ROE) document specifies the scope, boundaries, and procedures of a penetration test, ensuring alignment with the client's security policies. This relates to CompTIA Pentest+ objectives on pre-engagement and scoping activities.

  uk.co.certification.simulator.questionpool.PList@4079d7f7

• Question 79:

  DRAG DROP

  Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once.

  Select and Place:

  

  

  Explanation

• Question 80:

  A security analyst needs to perform a scan for SMB port 445 over a/16 network.

  Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

  A. Nmap -s 445 -Pn -T5 172.21.0.0/16
  B. Nmap -p 445 -n -T4 -open 172.21.0.0/16
  C. Nmap -sV --script=smb* 172.21.0.0/16
  D. Nmap -p 445 -max -sT 172. 21.0.0/16
  B. Nmap -p 445 -n -T4 -open 172.21.0.0/16

  ---

  Explanation

  Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n - T4 -open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with the

  following options:

  -p 445 specifies the port number to scan.

  -n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.

  -T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses. -Open only shows hosts that have open ports, which can reduce the output and focus on relevant

  results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.