[Oct 19, 2023] PT0-002 Exam Dumps PDF Updated Dump from DumpsMaterials Guaranteed Success
Pass Your CompTIA Exam with PT0-002 Exam Dumps
CompTIA PT0-002 certification exam topics include essentials of Pentesting, security protocols, tools, and techniques, reconnaissance, vulnerability scanning, exploitation, post-exploitation techniques, and reporting. PT0-002 exam is written to assess your ability to conduct penetration testing projects, and cover the necessary technical skills like bypassing anti-virus and malware functionalities, client-side attacks, web application attacks, database attacks, cloud and IoT deployment aspects, cryptography, etc.
NEW QUESTION # 99
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?
- A. Cybersquatting
- B. Data flooding
- C. Session riding
- D. Side channel
Answer: D
Explanation:
https://www.techtarget.com/searchsecurity/definition/side-channel-attack#:~:text=Side%2Dchannel%20attacks%20can%20even,share%20the%20same%20physical%20hardware
NEW QUESTION # 100
A penetration tester gives the following command to a systems administrator to execute on one of the target servers:
rm -f /var/www/html/G679h32gYu.php
Which of the following BEST explains why the penetration tester wants this command executed?
- A. To trick the systems administrator into installing a rootkit
- B. To remove a web shell after the penetration test
- C. To delete credentials the tester created
- D. To close down a reverse shell
Answer: B
Explanation:
Explanation
A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.
NEW QUESTION # 101
Given the following script:
Which of the following BEST characterizes the function performed by lines 5 and 6?
- A. Performs a single DNS query for www.comptia.org and prints the raw data output
- B. Loops through variable b to count the results returned for the DNS query and prints that count to screen
- C. Prints each DNS query result already stored in variable b
- D. Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
Answer: C
Explanation:
Explanation
The script is using the scapy library to perform a DNS query for www.comptia.org and store the response in variable b. Lines 5 and 6 are using a for loop to iterate over each answer in variable b and print its summary to the screen. This can help the penetration tester to view the DNS records returned by the query.
NEW QUESTION # 102
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?
- A. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
- B. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan
- C. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
- D. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
Answer: D
NEW QUESTION # 103
A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?
- A. Continue the engagement and include the backdoor finding in the final report
- B. Inform the customer immediately about the backdoor
- C. Forensically acquire the backdoor Trojan and perform attribution
- D. Utilize the backdoor in support of the engagement
Answer: A
NEW QUESTION # 104
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:
Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)
- A. HTTP
- B. DNS
- C. Telnet
- D. SNMP
- E. SMTP
- F. NTP
Answer: A,B
NEW QUESTION # 105
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?
- A. #!
- B. <$
- C. <#
- D. ##
- E. #$
Answer: E
NEW QUESTION # 106
A new client hired a penetration-testing company for a month-long contract for various security assessments against the client's new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.
Which of the following is most important for the penetration tester to define FIRST?
- A. Establish the method of potential false positives.
- B. Establish the format required by the client.
- C. Establish the threshold of risk to escalate to the client immediately.
- D. Establish the preferred day of the week for reporting.
Answer: C
NEW QUESTION # 107
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?
- A. DLL injection
- B. HTML injection
- C. SQL injection
- D. Remote command injection
Answer: C
Explanation:
Explanation
WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.
NEW QUESTION # 108
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat
a. Which of the following should the tester do with this information to make this a successful exploit?
- A. Conduct a watering-hole attack.
- B. Perform XSS.
- C. Use BeEF.
- D. Use browser autopwn.
Answer: B
NEW QUESTION # 109
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
----
Scanning URL: http://10.2.10.13/ ----
+
http://10.2.10.13/about (CODE:200|SIZE:1520)
+
http://10.2.10.13/home.html (CODE:200|SIZE:214)
+
http://10.2.10.13/index.html (CODE:200|SIZE:214)
+
http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 - FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?
- A. index.html
- B. about
- C. home.html
- D. info
Answer: B
NEW QUESTION # 110
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?
- A. Set the SGID on all files in the / directory
- B. Find the /root directory on the system
- C. Find files that were created during exploitation and move them to /dev/null
- D. Find files with the SUID bit set
Answer: D
Explanation:
Explanation
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond preventing any error messages to appear in the terminal session.
The tester is trying to find files with the SUID bit set on the system. The SUID (set user ID) bit is a special permission that allows a file to be executed with the privileges of the file owner, regardless of who runs it.
This can be used to perform privileged operations or access restricted resources. A penetration tester can use the find command with the -user and -perm options to search for files owned by a specific user (such as root) and having a specific permission (such as 4000, which indicates the SUID bit is set).
NEW QUESTION # 111
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?
- A. Information regarding the business impact if compromised
- B. A quick description of the vulnerability and a high-level control to fix it
- C. The executive summary and information regarding the testing company
- D. The rules of engagement from the assessment
Answer: B
Explanation:
Explanation
The systems administrator and the technical stuff would be more interested in the technical aspect of the findings
NEW QUESTION # 112
A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?
- A. GDB
- B. OllyDbg
- C. Immunity Debugger
- D. Drozer
Answer: B
NEW QUESTION # 113
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:
The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?
- A. The tester input the incorrect IP address.
- B. An account for RDP does not exist on the server.
- C. PowerShell requires administrative privilege.
- D. The command requires the -port 135 option.
Answer: B
NEW QUESTION # 114
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection.
The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?
- A. ..nmap -sS -sV -F target.company.com
- B. ..nmap -sT -v -T5 target.company.com
- C. ..nmap -sU -sV -T4 -F target.company.com
- D. ..nmap -sX -sC target.company.com
Answer: A
Explanation:
Explanation
The Nmap command that the tester should use to scan for ports without establishing a connection and to find version data information for services running on open ports is nmap -sS -sV -F target.company.com. This command has the following options:
-sS performs a TCP SYN scan, which is a scan technique that sends TCP packets with the SYN flag set to the target ports and analyzes the responses. A TCP SYN scan does not establish a full TCP connection, as it only completes the first step of the three-way handshake. A TCP SYN scan can stealthily scan for open ports without alerting the target system or application.
-sV performs version detection, which is a feature that probes open ports to determine the service and version information of the applications running on them. Version detection can provide useful information for identifying vulnerabilities or exploits that affect specific versions of services or applications.
-F performs a fast scan, which is a scan option that only scans the 100 most common ports according to the nmap-services file. A fast scan can speed up the scan process by avoiding scanning less likely or less interesting ports.
target.company.com specifies the domain name of the target system or network to be scanned.
The other options are not valid Nmap commands that meet the requirements of the question. Option A performs a UDP scan (-sU), which is a scan technique that sends UDP packets to the target ports and analyzes the responses. A UDP scan can scan for open ports that use UDP protocol, such as DNS, SNMP, or DHCP.
However, a UDP scan does establish a connection with the target system or application, unlike a TCP SYN scan. Option C performs a TCP connect scan (-sT), which is a scan technique that sends TCP packets with the SYN flag set to the target ports and completes the three-way handshake with an ACK packet if a SYN/ACK packet is received. A TCP connect scan can scan for open ports that use TCP protocol, such as HTTP, FTP, or SSH. However, a TCP connect scan does establish a full TCP connection with the target system or application, unlike a TCP SYN scan. Option D performs an Xmas scan (-sX), which is a scan technique that sends TCP packets with the FIN, PSH, and URG flags set to the target ports and analyzes the responses. An Xmas scan can stealthily scan for open ports without alerting the target system or application, similar to a TCP SYN scan.
However, option D does not perform version detection (-sV), which is one of the requirements of the question.
NEW QUESTION # 115
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host
NEW QUESTION # 116
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
- A. MP4 steganography
- B. Alternate data streams
- C. PowerShell modules
- D. PsExec
Answer: C
Explanation:
Explanation
"Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools."
NEW QUESTION # 117
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
See explanation below.
Explanation
Part 1 - nmap 192.168.2.2 -sV -O
Part 2 - Weak SMB file permissions
NEW QUESTION # 118
Which of the following situations would MOST likely warrant revalidation of a previous security assessment?
- A. When most of the vulnerabilities have been remediated
- B. After detection of a breach
- C. When an organization updates its network firewall configurations
- D. After a merger or an acquisition
Answer: A
NEW QUESTION # 119
......
New Real PT0-002 Exam Dumps Questions: https://www.dumpsmaterials.com/PT0-002-real-torrent.html
PT0-002 Exam Dumps - CompTIA Practice Test Questions: https://drive.google.com/open?id=1ZV0LT9pfYY82iSUGbkFAAiZ6orBwadTu
