CompTIA PT0-002 Exam Dumps

CompTIA PT0-002 Sample Question Answers

Question # 1

During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

A. Badge cloning 
B. Watering-hole attack 
C. Impersonation 
D. Spear phishing

Show Answer

Question # 2

An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible? 

A. A list 
B. A tree 
C. A dictionary 
D. An array 

Show Answer

Question # 3

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information? 

A. Badge cloning 
B. Dumpster diving 
C. Tailgating 
D. Shoulder surfing 

Show Answer

Question # 4

A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision? 

A. The tester had the situational awareness to stop the transfer. 
B. The tester found evidence of prior compromise within the data set. 
C. The tester completed the assigned part of the assessment workflow. 
D. The tester reached the end of the assessment time frame. 

Show Answer

Question # 5

A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective? 

A. Wait for the next login and perform a downgrade attack on the server. 
B. Capture traffic using Wireshark. 
C. Perform a brute-force attack over the server. 
D. Use an FTP exploit against the server. 

Show Answer

Question # 6

Given the following output: User-agent:* Disallow: /author/ Disallow: /xmlrpc.php Disallow: /wp-admin Disallow: /page/ During which of the following activities was this output MOST likely obtained? 

A. Website scraping 
B. Website cloning
 C. Domain enumeration 
D. URL enumeration 

Show Answer

Question # 7

A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test. Which of the following describes the scope of the assessment? 

A. Partially known environment testing 
B. Known environment testing 
C. Unknown environment testing 
D. Physical environment testing 

Show Answer

Question # 8

A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router. Which of the following is MOST vulnerable to a brute-force attack? 

A. WPS 
B. WPA2-EAP 
C. WPA-TKIP
 D. WPA2-PSK 

Show Answer

Question # 9

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report? 

A. S/MIME 
B. FTPS 
C. DNSSEC 
D. AS2 

Show Answer

Question # 10

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit? 

A. Perform XSS. 
B. Conduct a watering-hole attack. 
C. Use BeEF. 
D. Use browser autopwn. 

Show Answer

Question # 11

A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement? 

A. Prying the lock open on the records room 
B. Climbing in an open window of the adjoining building 
C. Presenting a false employee ID to the night guard 
D. Obstructing the motion sensors in the hallway of the records room 

Show Answer

Question # 12

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

A. Nmap 
B. Wireshark 
C. Metasploit 
D. Netcat 

Show Answer

Question # 13

Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data? 

A. An unknown-environment assessment 
B. A known-environment assessment 
C. A red-team assessment 
D. A compliance-based assessment 

Show Answer

Question # 14

Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems: 

A. will reveal vulnerabilities in the Modbus protocol. 
B. may cause unintended failures in control systems. 
C. may reduce the true positive rate of findings. 
D. will create a denial-of-service condition on the IP networks. 

Show Answer

Question # 15

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions? 

A. Aircrack-ng 
B. Wireshark 
C. Wifite 
D. Kismet 

Show Answer

Question # 16

During the scoping phase of an assessment, a client requested that any remote code exploits discovered during testing would be reported immediately so the vulnerability could be fixed as soon as possible. The penetration tester did not agree with this request, and after testing began, the tester discovered a vulnerability and gained internal access to the system. Additionally, this scenario led to a loss of confidential credit card data and a hole in the system. At the end of the test, the penetration tester willfully failed to report this information and left the vulnerability in place. A few months later, the client was breached and credit card data was stolen. After being notified about the breach, which of the following steps should the company take NEXT? 

A. Deny that the vulnerability existed 
B. Investigate the penetration tester.
 C. Accept that the client was right. 
D. Fire the penetration tester. 

Show Answer

Question # 17

When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because: 

A. security compliance regulations or laws may be violated. 
B. testing can make detecting actual APT more challenging. 
C. testing adds to the workload of defensive cyber- and threat-hunting teams. 
D. business and network operations may be impacted. 

Show Answer

Question # 18

Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks? 

A. Scraping social media for personal details 
B. Registering domain names that are similar to the target company's
 C. Identifying technical contacts at the company 
D. Crawling the company's website for company information 

Show Answer

Question # 19

A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use? 

A. nmap sn 192.168.0.1/16 
B. nmap sn 192.168.0.1-254 
C. nmap sn 192.168.0.1 192.168.0.1.254 
D. nmap sN 192.168.0.0/24 

Show Answer

Question # 20

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987. Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL? 

A. SQLmap 
B. Nessus 
C. Nikto 
D. DirBuster 

Show Answer

Question # 21

A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network? 

A. Set up a captive portal with embedded malicious code. 
B. Capture handshakes from wireless clients to crack. 
C. Span deauthentication packets to the wireless clients. 
D. Set up another access point and perform an evil twin attack. 

Show Answer

Question # 22

Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.) 

A. Use of non-optimized sort functions 
B. Poor input sanitization 
C. Null pointer dereferences 
D. Non-compliance with code style guide 
E. Use of deprecated Javadoc tags 
F. A cydomatic complexity score of 3 

Show Answer

Question # 23

The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

 A. nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
 B. nmap iR10oX out.xml | grep Nmap | cut d "f5 > live-hosts.txt 
C. nmap PnsV OiL target.txt A target_text_Service 
D. nmap sSPn n iL target.txt A target_txtl 

Show Answer

Question # 24

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive? 

A. Nmap -s 445 -Pn -T5 172.21.0.0/16 
B. Nmap -p 445 -n -T4 -open 172.21.0.0/16 
C. Nmap -sV --script=smb* 172.21.0.0/16 
D. Nmap -p 445 -max -sT 172. 21.0.0/16 

Show Answer

Question # 25

A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them? 

A. As backup in case the original documents are lost 
B. To guide them through the building entrances 
C. To validate the billing information with the client 
D. As proof in case they are discovered 

Show Answer

Question # 26

During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred? 

A. The SSL certificates were invalid. 
B. The tester IP was blocked. 
C. The scanner crashed the system. 
D. The web page was not found. 

Show Answer

Question # 27

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop. Which of the following can be used to ensure the tester is able to maintain access to the system? 

A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe 
B. wmic startup get caption,command 
C. crontab –l; echo “@reboot sleep 200 && ncat –lvp 4242 –e /bin/bash”) | crontab 2>/dev/null 
D. sudo useradd –ou 0 –g 0 user 

Show Answer

Question # 28

A penetration tester is able to use a command injection vulnerability in a web application to get a reverse shell on a system After running a few commands, the tester runs the following: python -c 'import pty; pty.spawn("/bin/bash")' Which of the following actions Is the penetration tester performing? 

A. Privilege escalation 
B. Upgrading the shell 
C. Writing a script for persistence 
D. Building a bind shell 

Show Answer