CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 141:

  Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

  A. Acceptance by the client and sign-off on the final report

  B. Scheduling of follow-up actions and retesting

  C. Attestation of findings and delivery of the report

  D. Review of the lessons learned during the engagement

  Correct Answer: C

• Question 142:

  A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

  A. IP addresses and subdomains

  B. Zone transfers

  C. DNS forward and reverse lookups

  D. Internet search engines

  E. Externally facing open ports

  F. Shodan results

  Correct Answer: AD

  A. IP addresses and subdomains. This is correct. IP addresses and subdomains are useful information for a penetration tester to identify the scope and range of the company's web presence. IP addresses can reveal the location, network, and service provider of the company's web servers, while subdomains can indicate the different functions and features of the company's website. A penetration tester can use tools like whois, Netcraft, or DNS lookups to find IP addresses and subdomains associated with the company's domain name.

  D. Internet search engines. This is correct. Internet search engines are powerful tools for a penetration tester to perform passive information gathering around the company's web presence. Search engines can provide a wealth of information, such as the company's profile, history, news, social media accounts, reviews, products, services, customers, partners, competitors, and more. A penetration tester can use advanced search operators and keywords to narrow down the results and find relevant information. For example, using the site: operator can limit the results to a specific domain or subdomain, while using the intitle: operator can filter the results by the title of the web pages.

• Question 143:

  A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

  A. Wait for the next login and perform a downgrade attack on the server.

  B. Capture traffic using Wireshark.

  C. Perform a brute-force attack over the server.

  D. Use an FTP exploit against the server.

  Correct Answer: B

  Reference: https://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b

• Question 144:

  During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

  A. Vulnerability scanning

  B. Network segmentation

  C. System hardening

  D. Intrusion detection

  Correct Answer: B

  Network segmentation is the practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, security level, or access control. Network segmentation can enhance the security of a network by isolating sensitive or critical systems from less secure or untrusted systems, reducing the attack surface, limiting the spread of malware or intrusions, and enforcing granular policies and rules for each segment. To be PCI compliant, which is a set of standards for protecting payment card data, the company should have implemented network segmentation to separate the servers that perform financial transactions from other parts of the network that may be less secure or more exposed to threats. The other options are not specific requirements for PCI compliance, although they may be good security practices in general.

• Question 145:

  Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?

  A. Scraping social media for personal details

  B. Registering domain names that are similar to the target company's

  C. Identifying technical contacts at the company

  D. Crawling the company's website for company information

  Correct Answer: A

  Scraping social media for personal details can help a penetration tester craft personalized and convincing social engineering attacks against top-level executives, who may share sensitive or confidential information on their profiles. Registering domain names that are similar to the target company's can be used for phishing or typosquatting attacks, but not specifically against executives. Identifying technical contacts at the company can help with reconnaissance, but not with social engineering. Crawling the company's website for company information can provide general background knowledge, but not specific details about executives.

• Question 146:

  Which of the following tools provides Python classes for interacting with network protocols?

  A. Responder

  B. Impacket

  C. Empire

  D. PowerSploit

  Correct Answer: B

  Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution. Reference: https://github.com/SecureAuthCorp/impacket

• Question 147:

  A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.

  Which of the following changes should the tester apply to make the script work as intended?

  A. Change line 2 to $ip= 10.192.168.254;

  B. Remove lines 3, 5, and 6.

  C. Remove line 6.

  D. Move all the lines below line 7 to the top of the script.

  Correct Answer: B

  https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html Example script:

  #!/usr/bin/perl

  $ip=$argv[1];

  attack($ip);

  sub attack {

  print("x");

  }

• Question 148:

  Which of the following can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools?

  A. Dictionary

  B. Directory

  C. Symlink

  D. Catalog

  E. For-loop

  Correct Answer: A

  A dictionary can be used to store alphanumeric data that can be fed into scripts or programs as input to penetration-testing tools. A dictionary is a collection of key- value pairs that can be accessed by using the keys. For example, a dictionary can store usernames and passwords, or IP addresses and hostnames, that can be used as input for brute-force or reconnaissance tools.

• Question 149:

  Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

  A. Use of non-optimized sort functions

  B. Poor input sanitization

  C. Null pointer dereferences

  D. Non-compliance with code style guide

  E. Use of deprecated Javadoc tags

  F. A cydomatic complexity score of 3

  Correct Answer: BC

• Question 150:

  A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection. Which of the following payloads are MOST likely to establish a shell successfully?

  A. windows/x64/meterpreter/reverse_tcp

  B. windows/x64/meterpreter/reverse_http

  C. windows/x64/shell_reverse_tcp

  D. windows/x64/powershell_reverse_tcp

  E. windows/x64/meterpreter/reverse_https

  Correct Answer: B

  These two payloads are most likely to establish a shell successfully because they use HTTP or HTTPS protocols, which are commonly allowed by network devices and can bypass firewall rules or IPS signatures. The other payloads use TCP protocols, which are more likely to be blocked or detected by network devices.