• Home
  • Articles
  • Download PT0-002 Exam Dumps Questions to get 100% Success in CompTIA [Q112-Q136]

Download PT0-002 Exam Dumps Questions to get 100% Success in CompTIA [Q112-Q136]

Share

Download PT0-002 Exam Dumps Questions to get 100% Success in CompTIA 

100% Accurate Answers! PT0-002 Actual Real Exam Questions


CompTIA PenTest+ exam (PT0-002) is a globally recognized certification that is designed to validate your technical knowledge and skills in penetration testing. PT0-002 exam is intended for cybersecurity professionals who possess intermediate to advanced-level knowledge of offensive cybersecurity testing, vulnerability management, and analytical techniques. PT0-002 exam covers five domains, which include planning and scoping, information gathering and vulnerability identification, attacks and exploits, and reporting and communication.

 

NEW QUESTION # 112
Which of the following BEST describe the OWASP Top 10? (Choose two.)

  • A. The most critical risks of web applications
  • B. A risk-governance and compliance framework
  • C. A list of all the risks of web applications
  • D. A web-application security standard
  • E. The risks defined in order of importance
  • F. A checklist of Apache vulnerabilities

Answer: A,E


NEW QUESTION # 113
A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identify the number of systems on which the password can be used?

  • A. Cain and Abel
  • B. Hydra
  • C. John the Ripper
  • D. Medusa

Answer: B


NEW QUESTION # 114
A penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions. Which of the following is the MOST likely culprit?

  • A. Successful exploits
  • B. Bandwidth limitations
  • C. Application failures
  • D. Patch installations

Answer: A


NEW QUESTION # 115
Which of the following are the MOST important items to include in the final report for a penetration test?
(Choose two.)

  • A. The CVSS score of the finding
  • B. The network location of the vulnerable device
  • C. The tool used to find the issue
  • D. The vulnerability identifier
  • E. The name of the person who found the flaw
  • F. The client acceptance form

Answer: C,D


NEW QUESTION # 116
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform
phishing in a later stage of the assessment?

  • A. Perform a reverse DNS query and match to the service banner.
  • B. Check for an open relay configuration.
  • C. Test for RFC-defined protocol conformance.
  • D. Attempt to brute force authentication to the service.

Answer: B

Explanation:
SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.


NEW QUESTION # 117
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

  • A. Inability to network
  • B. Susceptibility to DDoS attacks
  • C. The existence of default passwords
  • D. Unsupported operating systems

Answer: D


NEW QUESTION # 118
A penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester. Which of the following would be the most appropriate NEXT step?

  • A. Scan the 8-bit block to map additional missed hosts.
  • B. Continue the assessment.
  • C. Terminate the contract.
  • D. Update the ROE with new signatures. Most Voted

Answer: D


NEW QUESTION # 119
A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:
U3VQZXIkM2NyZXQhCg==
Which of the following commands should the tester use NEXT to decode the contents of the file?

  • A. john --wordlist /usr/share/seclists/rockyou.txt password.txt
  • B. tar zxvf password.txt
  • C. echo U3VQZXIkM2NyZXQhCg== | base64 "d
  • D. hydra "l svsacct "p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24

Answer: C


NEW QUESTION # 120
A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?

  • A. Exploiting a configuration weakness in the SQL database
  • B. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
  • C. Gaining access to hosts by injecting malware into the enterprise-wide update server
  • D. Intercepting outbound TLS traffic
  • E. Establishing and maintaining persistence on the domain controller

Answer: D


NEW QUESTION # 121
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

  • A. Scrape web presences and social-networking sites.
  • B. Specially craft and deploy phishing emails to key company leaders.
  • C. Run a vulnerability scan against the company's external website.
  • D. Runtime the company's vendor/supply chain.

Answer: A


NEW QUESTION # 122
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

  • A. Reach out to the primary point of contact
  • B. Try to take down the attackers
  • C. Call law enforcement officials immediately
  • D. Collect the proper evidence and add to the final report

Answer: A

Explanation:
Explanation
The penetration tester should reach out to the primary point of contact as soon as possible to inform them of the critical vulnerability and the active exploitation by cybercriminals. This is the most responsible and ethical course of action, as it allows the client to take immediate steps to mitigate the risk and protect their assets. The other options are not appropriate or effective in this situation. Trying to take down the attackers would be illegal and dangerous, as it may escalate the conflict or cause collateral damage. Calling law enforcement officials immediately would be premature and unnecessary, as it may involve disclosing confidential information or violating the scope of the engagement. Collecting the proper evidence and adding to the final report would be too slow and passive, as it would delay the notification and remediation of the vulnerability.


NEW QUESTION # 123
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?

  • A. FOCA
  • B. CentralOps
  • C. Responder
  • D. Netcraft

Answer: A

Explanation:
Explanation
https://kalilinuxtutorials.com/foca-metadata-hidden-documents/


NEW QUESTION # 124
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

  • A. Deconflict with the penetration tester.
  • B. Halt the penetration test.
  • C. Contact law enforcement.
  • D. Assume the alert is from the penetration test.

Answer: C


NEW QUESTION # 125
During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the target company's website and then creates a list of possible usernames based on the email address format. Which of the following types of attacks would MOST likely be used to avoid account lockout?

  • A. Rainbow
  • B. Password spraying
  • C. Mask
  • D. Dictionary

Answer: B

Explanation:
Explanation
Password spraying is a type of password guessing attack that involves trying one or a few common passwords against many usernames or accounts. Password spraying can avoid account lockout policies that limit the number of failed login attempts per account by spreading out the attempts over time and across different accounts. Password spraying can also increase the chances of success by using passwords that are likely to be used by many users, such as default passwords, seasonal passwords, or company names. Mask is a type of password cracking attack that involves using a mask or a pattern to generate passwords based on known or guessed characteristics of the password, such as length, case, or symbols. Rainbow is a technique of storing precomputed hashes of passwords in a table that can be used to quickly crack passwords by looking up the hashes. Dictionary is a type of password cracking attack that involves using a wordlist or a dictionary of common or likely passwords to try against an account.


NEW QUESTION # 126
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

  • A. Whether the cloud applications were developed using a secure SDLC
  • B. Whether sensitive client data is publicly accessible
  • C. Whether the client's employees are trained properly to use the platform
  • D. Whether the connection between the cloud and the client is secure

Answer: B


NEW QUESTION # 127
A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root.
During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks.
To avoid disrupting this user's work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?

  • A. Change the password of the root user and revert after the test.
  • B. Upgrade the reverse shell to a true TTY terminal.
  • C. Add a new user with ID 0 to the /etc/passwd file.
  • D. Add a web shell to the root of the website.

Answer: C

Explanation:
Explanation
The best option for the penetration tester to maintain root-level persistence on this server during the test is to add a new user with ID 0 to the /etc/passwd file. This will allow the penetration tester to use the same user account as the other user, but with root privileges, meaning that it won't disrupt the other user's work. This can be done by adding a new line with the username and the numerical user ID 0 to the /etc/passwd file. For example, if the username for the other user is "johndoe", the line to add would be "johndoe:x:0:0:John Doe:/root:/bin/bash". After the user is added, the penetration tester can use the "su" command to switch to the new user and gain root privileges.


NEW QUESTION # 128
A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.
Which of the following changes should the tester apply to make the script work as intended?

  • A. Remove lines 3, 5, and 6.
  • B. Remove line 6.
  • C. Change line 2 to $ip= €10.192.168.254€;
  • D. Move all the lines below line 7 to the top of the script.

Answer: A

Explanation:
Explanation
https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html
Example script:
#!/usr/bin/perl
$ip=$argv[1];
attack($ip);
sub attack {
print("x");
}


NEW QUESTION # 129
A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

  • A. Scan the IP range for additional systems to exploit.
  • B. Stop the assessment and inform the emergency contact.
  • C. Utilize the tunnel as a means of pivoting to other internal devices.
  • D. Disregard the IP range, as it is out of scope.

Answer: A


NEW QUESTION # 130
Given the following code:

Which of the following data structures is systems?

  • A. A tree
  • B. An array
  • C. A tuple
  • D. A dictionary

Answer: D

Explanation:
Explanation
A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas.
A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes. An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.


NEW QUESTION # 131
A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

  • A. Decode the authorization header using Base64.
  • B. Decrypt the authorization header using bcrypt.
  • C. Decrypt the authorization header using AES.
  • D. Decode the authorization header using UTF-8.

Answer: A


NEW QUESTION # 132
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  • A. Scapy
  • B. Socat
  • C. dig
  • D. tcpdump

Answer: B


NEW QUESTION # 133
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Create an encrypted tunnel.
  • B. Attempt to flood open ports.
  • C. Listen for a reverse shell.
  • D. Look for open ports.

Answer: D


NEW QUESTION # 134
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

  • A. Using directional antennae
  • B. Using WEP encryption
  • C. Disabling Wi-Fi
  • D. Changing to Wi-Fi equipment that supports strong encryption

Answer: D

Explanation:
Explanation
If a penetration tester was able to access the organization's wireless network from outside of the building using Aircrack-ng, then it means that the wireless network was not secured with strong encryption or authentication methods. Aircrack-ng is a tool that can crack weak wireless encryption schemes such as WEP or WPA-PSK using various techniques such as packet capture, injection, replay, and brute force. To remediate this issue, the client should change to Wi-Fi equipment that supports strong encryption such as WPA2 or WPA3, which are more resistant to cracking attacks. Using directional antennae may reduce the signal range of the wireless network, but it would not prevent an attacker who is within range from cracking the encryption.
Using WEP encryption is not a good recommendation, as WEP is known to be insecure and vulnerable to Aircrack-ng attacks. Disabling Wi-Fi may eliminate the risk of wireless attacks, but it would also eliminate the benefits of wireless connectivity for the organization.


NEW QUESTION # 135
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Answer:

Explanation:


NEW QUESTION # 136
......


The CompTIA PenTest+ Certification certification exam is based on the latest penetration testing methodologies, techniques, and technologies and is recognized globally as a reliable and valid standard certification for cybersecurity professionals interested in penetrating testing as a career. CompTIA PenTest+ Certification certification exam has been designed in line with modern security practices and is geared towards testing practical knowledge and usage of real-world problems rather than mere theoretical concepts and memorization of knowledge.


CompTIA PT0-002 exam is a vendor-neutral certification, which means that it does not promote a particular product or technology. It is designed to test the candidates' knowledge of penetration testing methodologies, tools, and techniques. By passing this certification, candidates can demonstrate their expertise in pen testing, which can help them to advance their career in the cybersecurity industry.

 

Best Value Available! Realistic Verified Free PT0-002 Exam Questions: https://killexams.practicevce.com/CompTIA/PT0-002-practice-exam-dumps.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam