CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 1:

  HOTSPOT

  A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.

  INSTRUCTIONS

  Select the tool the penetration tester should use for further investigation.

  Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Hot Area:

  

  Correct Answer:

  

  Explanation:

  The tool the penetration tester should use for the further investigation is WPScan The two entries in the robots.txt file that the penetration tester should recommend for removal are 14 Allow: /admin 15 Allow: /wp-admin

• Question 2:

  A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

  A. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the

  B. Searching for code repositories target company's organization

  C. Searching for code repositories associated with the target company's organization

  D. Searching for code repositories associated with a developer who previously worked for the target company

  Correct Answer: B

  Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company. Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.

• Question 3:

  User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

  A. MD5

  B. bcrypt

  C. SHA-1

  D. PBKDF2

  Correct Answer: A

  Reference: https://www.geeksforgeeks.org/understanding-rainbow-table-attack/

• Question 4:

  A tester who is performing a penetration test on a website receives the following output:

  Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62

  Which of the following commands can be used to further attack the website?

  A.

  B. ../../../../../../../../../../etc/passwd

  C. /var/www/html/index.php;whoami

  D. 1 UNION SELECT 1, DATABASE(),3-

  Correct Answer: D

• Question 5:

  A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:

  nmap –O –A –sS –p- 100.100.100.50

  Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

  A. A firewall or IPS blocked the scan.

  B. The penetration tester used unsupported flags.

  C. The edge network device was disconnected.

  D. The scan returned ICMP echo replies.

  Correct Answer: A

  Reference: https://phoenixnap.com/kb/nmap-scan-open-ports

• Question 6:

  A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras. Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

  A. Pick a lock.

  B. Disable the cameras remotely.

  C. Impersonate a package delivery worker.

  D. Send a phishing email.

  Correct Answer: C

• Question 7:

  A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?

  A. Segment the firewall from the cloud.

  B. Scan the firewall for vulnerabilities.

  C. Notify the client about the firewall.

  D. Apply patches to the firewall.

  Correct Answer: C

  The best option for the tester to take is to notify the client about the firewall. The firewall is not part of the original list of IP addresses for the engagement, which means it is out of scope and should not be tested without permission. The tester should inform the client about the existence and potential risks of the firewall, and ask if they want to include it in the scope or not.

• Question 8:

  A penetration tester wrote the following script on a compromised system:

  #!/bin/bash

  network='10.100.100'

  ports='22 23 80 443'

  for x in {1 .. 254};

  do (nc -zv $network.$x $ports );

  done

  Which of the following would explain using this script instead of another tool?

  A. The typical tools could not be used against Windows systems.

  B. The configuration required the penetration tester to not utilize additional files.

  C. The Bash script will provide more thorough output.

  D. The penetration tester wanted to persist this script to run on reboot.

  Correct Answer: B

• Question 9:

  A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

  A. The penetration tester conducts a retest.

  B. The penetration tester deletes all scripts from the client machines.

  C. The client applies patches to the systems.

  D. The client clears system logs generated during the test.

  Correct Answer: C

• Question 10:

  Which of the following assessment methods is the most likely to cause harm to an ICS environment?

  A. Active scanning

  B. Ping sweep

  C. Protocol reversing

  D. Packet analysis

  Correct Answer: A

  Active scanning is the process of sending probes or packets to a target system or network and analyzing the responses to gather information or identify vulnerabilities. Active scanning can be intrusive and disruptive, especially in an ICS environment, where availability and reliability are critical. Active scanning can cause unintended consequences, such as triggering alarms, shutting down devices, or affecting physical processes. Therefore, active scanning is the most likely to cause harm to an ICS environment among the given options.