CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 171:

  Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

  A. Unsupported operating systems

  B. Susceptibility to DDoS attacks

  C. Inability to network

  D. The existence of default passwords

  Correct Answer: D

  Default passwords are a common vulnerability for IoT devices, making them easy targets for unauthorized access if these passwords are not changed

• Question 172:

  A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

  A. Reach out to the primary point of contact

  B. Try to take down the attackers

  C. Call law enforcement officials immediately

  D. Collect the proper evidence and add to the final report

  Correct Answer: A

  The penetration tester should reach out to the primary point of contact as soon as possible to inform them of the critical vulnerability and the active exploitation by cybercriminals. This is the most responsible and ethical course of action, as it allows the client to take immediate steps to mitigate the risk and protect their assets. The other options are not appropriate or effective in this situation. Trying to take down the attackers would be illegal and dangerous, as it may escalate the conflict or cause collateral damage. Calling law enforcement officials immediately would be premature and unnecessary, as it may involve disclosing confidential information or violating the scope of the engagement. Collecting the proper evidence and adding to the final report would be too slow and passive, as it would delay the notification and remediation of the vulnerability.

• Question 173:

  A penetration tester wrote the following Bash script to brute force a local service password:

  

  The script is not working as expected. Which of the following changes should the penetration tester make to get the script to work?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

• Question 174:

  A penetration tester issues the following command after obtaining a shell:

  

  Which of the following describes this technique?

  A. Establishing a backdoor

  B. Privilege escalation

  C. PowerShell remoting

  D. Living-off-the-land

  Correct Answer: D

• Question 175:

  A penetration tester is performing an assessment against a customer's web application that is hosted in a major cloud provider's environment. The penetration tester observes that the majority of the attacks attempted are being blocked by the organization's WAF. Which of the following attacks would be most likely to succeed?

  A. Reflected XSS

  B. Brute-force

  C. DDoS

  D. Direct-to-origin

  Correct Answer: D

• Question 176:

  After performing a web penetration test, a security consultant is ranking the findings by criticality. Which of the following standards or methodologies would be best for the consultant to use for reference?

  A. OWASP

  B. MITRE ATTandCK

  C. PTES

  D. NIST

  Correct Answer: A

• Question 177:

  In a wireless network assessment, penetration testers would like to discover and gather information about accessible wireless networks in the target area. Which of the following is the most suitable method of finding this information?

  A. Token scoping

  B. RFID cloning

  C. Wardriving

  D. WAF detection

  E. Jamming

  Correct Answer: C

• Question 178:

  A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user workstations. Which of the following should be included in the recommendations for remediation?

  A. Start a training program on proper access to the web server.

  B. Build a patch-management program for the web server.

  C. Place the web server in a screened subnet

  D. Implement endpoint protection on the workstations.

  Correct Answer: C

• Question 179:

  During passive reconnaissance of a target organization's infrastructure, a penetration tester wants to identify key contacts and job responsibilities within the company. Which of the following techniques would be the most effective for this situation?

  A. Social media scraping

  B. Website archive and caching

  C. DNS lookup

  D. File metadata analysis

  Correct Answer: A

  Social media scraping involves collecting information from social media platforms where employees might share their roles, responsibilities, and professional affiliations. This method can reveal detailed insights into the organizational structure, key personnel, and specific job functions within the target organization, making it an invaluable tool for understanding the company's internal landscape without alerting the target to the reconnaissance activities.

• Question 180:

  A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

  A. Add the passwords to an appendix in the penetration test report.

  B. Do nothing. Using passwords from breached data is unethical.

  C. Contact the client and inform them of the breach.

  D. Use the passwords in a credential stuffing attack when the external penetration test begins.

  Correct Answer: C