Real PT0-002 Practice Questions - Start Preparation in A Right Way

CompTIA PT0-002 Practice Questions CompTIA PenTest+ Certification Exam Order our PT0-002 Practice Questions Today and Get Ready to Pass with Flying Colors! PT0-002 Practice Exam Features | QuestionsTube Latest & Updated Exam Questions Subscribe to FREE Updates Both PDF & Exam Engine Download Directly Without Waiting https://www.questionstube.com/exam/pt0-002/ At QuestionsTube, you can read PT0-002 free demo questions in pdf file, so you can check the questions and answers before deciding to download the CompTIA PT0-002 practice questions. These free demo questions are parts of the PT0-002 exam questions. Download and read them carefully, you will find that the PT0-002 test questions of QuestionsTube will be your great learning materials online. Share some PT0-002 exam online questions below. 1.A penetration tester was brute forcing an internal web server and ran a command that produced the Real PT0-002 Practice Questions - Start Preparation in A Right Way following output: However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed. Which of the following is the MOST likely reason for the lack of output? A. The HTTP port is not open on the firewall. B. The tester did not run sudo before the command. C. The web server is using HTTPS instead of HTTP. D. This URI returned a server error. Answer: A 2.Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance? A. Shodan B. Nmap C. WebScarab-NG D. Nessus Answer: A 3.Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner? A. chmod u+x script.sh B. chmod u+e script.sh C. chmod o+e script.sh Real PT0-002 Practice Questions - Start Preparation in A Right Way D. chmod o+x script.sh Answer: A Explanation: Reference: https://newbedev.com/chmod-u-x-versus-chmod-x 4.A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal? A. Wireshark B. Aircrack-ng C. Kismet D. Wifite Answer: B Explanation: Reference: https://null-byte.wonderhowto.com/how-to/hack-wi-fi-stealing-wi-fi-passwords-with-evil-twin- attack-0183880/ https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-using-aircrack- ng-and-dnsmasq-part-2-the-attack/ 5.A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective? A. Alternate data streams B. PowerShell modules C. MP4 steganography D. PsExec Answer: A Explanation: Alternate Data Streams (ADS) are a feature of the NTFS file system (which is used by modern versions of Windows) that allows metadata to be associated with files, similar to the way that Macs handle resource forks. In a penetration testing scenario, ADS can be used to hide malicious payloads in a way that is unlikely to be detected by traditional antivirus tools. Given the context, ADS is most relevant. The penetration tester has already gained shell access and wants to use a binary for later execution. ADS would allow the tester to hide this binary within an existing file's metadata. B) PowerShell modules are used for extending the functionality of PowerShell, but the question does not indicate that PowerShell is in use. C) MP4 steganography refers to the practice of hiding information within MP4 files. While this could theoretically be used to deliver a payload, the scenario doesn't indicate that any MP4 files are in use. D) PsExec is a tool that allows for the execution of processes on remote systems, but it doesn't inherently help with hiding a binary for later execution. 6.A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take? A. Check the scoping document to determine if exfiltration is within scope. B. Stop the penetration test. C. Escalate the issue. D. Include the discovery and interaction in the daily report. Real PT0-002 Practice Questions - Start Preparation in A Right Way Answer: C Explanation: In a situation where illegal or unethical activity is discovered during an assessment, the appropriate course of action is to escalate the issue to the appropriate parties in the organization, such as management, or the person or team who hired the penetration tester. This ensures that those responsible for the organization's security and compliance are aware of the situation and can take appropriate action. A) Checking the scoping document won't help in this situation. While the scoping document defines the boundaries for the penetration test, the discovery of illegal activity is outside the realm of a typical penetration test and needs to be handled differently. B) Stopping the penetration test might not be necessary and doesn't address the issue at hand, which is the discovered illicit activity and bribe attempt. D) While including the discovery and interaction in the daily report is important, it is not sufficient. A situation as serious as this warrants immediate escalation. 7.A penetration tester writes the following script: Which of the following objectives is the tester attempting to achieve? A. Determine active hosts on the network. B. Set the TTL of ping packets for stealth. C. Fill the ARP table of the networked devices. D. Scan the system on the most used ports. Answer: A 8.Which of the following tools would BEST allow a penetration tester to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine? A. Wireshark B. EAPHammer C. Kismet D. Aircrack-ng Answer: D Explanation: The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine is Aircrack-ng. Aircrack-ng is a suite of tools used to assess the security of wireless networks. It starts by capturing wireless network packets [1], then attempts to crack the network password by analyzing them [1]. Aircrack-ng supports FMS, PTW, and other attack types, and can also be used to generate keystreams for WEP and WPA-PSK encryption. It is capable of running on Windows, Linux, and Mac OS X. The BEST tool to capture wireless handshakes to reveal a Wi-Fi password from a Windows machine is Aircrack-ng. Aircrack-ng is a suite of tools used to assess the security of wireless networks. It starts by capturing wireless network packets [1], then attempts to crack the network password by analyzing them [1]. Aircrack-ng supports FMS, PTW, and other attack types, and can also be used to generate keystreams for WEP and WPA-PSK encryption. It is capable of running on Windows, Linux, and Mac Real PT0-002 Practice Questions - Start Preparation in A Right Way OS X. 9.A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid? A. PLCs will not act upon commands injected over the network. B. Supervisors and controllers are on a separate virtual network by default. C. Controllers will not validate the origin of commands. D. Supervisory systems will detect a malicious injection of code/commands. Answer: C 10.A penetration tester captured the following traffic during a web-application test: Which of the following methods should the tester use to visualize the authorization information being transmitted? A. Decode the authorization header using UTF-8. B. Decrypt the authorization header using bcrypt. C. Decode the authorization header using Base64. D. Decrypt the authorization header using AES. Answer: C 11.A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity? A. /var/log/messages B. /var/log/last_user C. /var/log/user_log D. /var/log/lastlog Answer: D Explanation: The /var/log/lastlog file is a log file that stores information about the last user to sign in to the server. This file stores information such as the username, IP address, and timestamp of the last user to sign Real PT0-002 Practice Questions - Start Preparation in A Right Way in to the server. It can be used by a penetration tester to determine the identity of the last user who signed in to the web server, which can be helpful in identifying the user who may have set up the backdoors and other malicious activities. 12.A CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server. To remain stealthy, the tester ran the following command from the attack machine: Which of the following would be the BEST command to use for further progress into the targeted network? A. nc 10.10.1.2 B. ssh 10.10.1.2 C. nc 127.0.0.1 5555 D. ssh 127.0.0.1 5555 Answer: C 13.A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly. Which of the following changes should the tester apply to make the script work as intended? A. Change line 2 to $ip= 10.192.168.254; B. Remove lines 3, 5, and 6. C. Remove line 6. D. Move all the lines below line 7 to the top of the script. Answer: B Explanation: https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html Example script: #!/usr/bin/perl $ip=$argv[1]; attack($ip); sub attack { print("x"); } 14.A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing? A. Phishing B. Tailgating C. Baiting D. Shoulder surfing Answer: C Explanation: Reference: https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats Real PT0-002 Practice Questions - Start Preparation in A Right Way 15.A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited? A. Cross-site request forgery B. Server-side request forgery C. Remote file inclusion D. Local file inclusion Answer: B Explanation: Reference: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery 16.Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types? A. Nessus B. Metasploit C. Burp Suite D. Ethercap Answer: B Powered by TCPDF (www.tcpdf.org)