CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 111:

  A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

  A. Weekly

  B. Monthly

  C. Quarterly

  D. Annually

  Correct Answer: C

  Quarterly is the minimum frequency to complete the scan of the system that is PCI DSS v3.2.1 compliant, according to Requirement 11.2.2 of the standard1. PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards that applies to any organization that processes, stores, or transmits credit card information. Requirement 11.2.2 states that organizations must perform internal vulnerability scans at least quarterly and after any significant change in the network. https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration tests, not weekly.

• Question 112:

  A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  A. Socat

  B. tcpdump

  C. Scapy

  D. dig

  Correct Answer: C

  https://thepacketgeek.com/scapy/building-network-tools/part-09/

• Question 113:

  A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

  

  Which of the following should the penetration tester do NEXT?

  A. Close the reverse shell the tester is using.

  B. Note this finding for inclusion in the final report.

  C. Investigate the high numbered port connections.

  D. Contact the client immediately.

  Correct Answer: C

  The image shows the output of the netstat -antu command, which displays active internet connections for the TCP and UDP protocols. The output shows that there are four established TCP connections and two listening UDP connections on the host. The established TCP connections have high numbered ports as their local addresses, such as 49152, 49153, 49154, and 49155. These ports are in the range of ephemeral ports, which are dynamically assigned by the operating system for temporary use by applications or processes. The foreign addresses of these connections are also high numbered ports, such as 4433, 4434, 4435, and 4436. These ports are not well-known or registered ports for any common service or protocol. The combination of high numbered ports for both local and foreign addresses suggests that these connections are suspicious and may indicate a backdoor or a covert channel on the host. Therefore, the penetration tester should investigate these connections next to determine their nature and purpose. The other options are not appropriate actions for the penetration tester at this stage.

• Question 114:

  Which of the following is a rules engine for managing public cloud accounts and resources?

  A. Cloud Custodian

  B. Cloud Brute

  C. Pacu

  D. Scout Suite

  Correct Answer: A

  Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.

  Cloud Custodian is a tool that can be used to manage public cloud accounts and resources. Cloud Custodian can define policies and rules for cloud resources based on various criteria, such as tags, filters, actions, modes, or schedules. Cloud Custodian can enforce compliance, governance, security, cost optimization, and operational efficiency for cloud resources. Cloud Custodian supports multiple public cloud providers, such as AWS, Azure, GCP, and Kubernetes. Cloud Brute is a tool that can be used to enumerate cloud platforms and discover hidden files and buckets. Pacu is a tool that can be used to exploit AWS environments and perform post-exploitation actions. Scout Suite is a tool that can be used to audit cloud environments and identify security issues.

• Question 115:

  A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

  A. ROE

  B. SLA

  C. MSA

  D. NDA

  Correct Answer: D

• Question 116:

  A company has recruited a penetration tester to conduct a vulnerability scan over the network. The test is confirmed to be on a known environment. Which of the following would be the BEST option to identify a system properly prior to performing the assessment?

  A. Asset inventory

  B. DNS records

  C. Web-application scan

  D. Full scan

  Correct Answer: A

• Question 117:

  After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

  

  The tester then runs the following command from the previous exploited system, which fails:

  Which of the following explains the reason why the command failed?

  A. The tester input the incorrect IP address.

  B. The command requires the -port 135 option.

  C. An account for RDP does not exist on the server.

  D. PowerShell requires administrative privilege.

  Correct Answer: C

• Question 118:

  The results of an Nmap scan are as follows:

  Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST

  Nmap scan report for ( 10.2.1.22 )

  Host is up (0.0102s latency).

  Not shown: 998 filtered ports

  Port State Service

  80/tcp open http

  |_http-title: 80F 22% RH 1009.1MB (text/html)

  |_http-slowloris-check:

  | VULNERABLE:

  | Slowloris DoS Attack

  | <..>

  Device type: bridge|general purpose

  Running (JUST GUESSING) : QEMU (95%)

  OS CPE: cpe:/a:qemu:qemu

  No exact OS matches found for host (test conditions non-ideal).

  OS detection performed. Please report any incorrect results at https://nmap.org/submit/.

  Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds

  Which of the following device types will MOST likely have a similar response? (Choose two.)

  A. Network device

  B. Public-facing web server

  C. Active Directory domain controller

  D. IoT/embedded device

  E. Exposed RDP

  F. Print queue

  Correct Answer: BD

  https://www.netscout.com/what-is-ddos/slowloris-attacks From the http-title in the output, this looks like an IoT device with RH implying Relative Humidity, that offers a web-based interface for visualizing the results.

• Question 119:

  A penetration tester wants to accomplish ARP poisoning as part of an attack. Which of the following tools will the tester most likely utilize?

  A. Wireshark

  B. Netcat

  C. Nmap

  D. Ettercap

  Correct Answer: D

  ARP poisoning is a technique that exploits the weakness of the ARP protocol to redirect network traffic to a malicious host. Ettercap is a tool that can perform ARP poisoning and other network attacks, such as DNS spoofing, SSL stripping, and password sniffing. Wireshark, Netcat, and Nmap are not designed for ARP poisoning, although they can be used for other purposes, such as packet analysis, network communication, and port scanning. References: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 5, Section 5.2.1: ARP Poisoning; Best PenTest+ certification study resources and training materials, Section 2: ARP Poisoning.

• Question 120:

  Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)

  A. OWASP ZAP

  B. Nmap

  C. Nessus

  D. BeEF

  E. Hydra

  F. Burp Suite

  Correct Answer: AF