CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 181:

  A penetration tester is performing a social engineering penetration test and was able to create a remote session. Which of the following social engineering techniques was most likely successful?

  A. SMS phishing

  B. Dumpster diving

  C. Executive impersonation attack

  D. Browser exploitation framework

  Correct Answer: C

• Question 182:

  A penetration tester identified numerous flaws that could lead to unauthorized modification of critical data. Which of the following would be best for the penetration tester to recommend?

  A. Flat access

  B. Role-based access control

  C. Permission-based access control

  D. Group-based control model

  Correct Answer: B

  RBAC is best for preventing unauthorized modification by assigning permissions to roles rather than individuals, ensuring that only authorized users can access critical data based on their role within the organization.

• Question 183:

  During an assessment, a penetration tester obtains a list of password digests using Responder. Which of the following tools would the penetration tester most likely use next?

  A. Hashcat

  B. Hydra

  C. CeWL

  D. Medusa

  Correct Answer: A

• Question 184:

  A penetration tester performs the following command:

  curl -l -http2 https://www.comptia.org

  Which of the following snippets of output will the tester MOST likely receive?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/

• Question 185:

  The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:

  A. NDA

  B. SLA

  C. MSA

  D. SOW

  Correct Answer: A

  The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the NDA, which stands for Non-Disclosure Agreement. The NDA is a legal agreement between two or more parties that outlines confidential material or knowledge that the parties wish to share with one another, but with restrictions on access, use or disclosure of that information. The NDA is commonly used in the context of penetration testing to protect the client's sensitive information that the tester may have access to during the engagement. The NDA defines the terms of confidentiality and non-disclosure of information related to the engagement, including the responsibilities and obligations of both the tester and the client to ensure that any information exchanged or obtained during the engagement is kept confidential and not disclosed to unauthorized parties. This is particularly important in penetration testing, as the tester is granted access to the client's network and systems, and may uncover vulnerabilities or sensitive information that should not be disclosed to unauthorized parties. In summary, the NDA plays a crucial role in defining the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure of confidential information, and is an important legal instrument for protecting the client's sensitive information during a penetration testing engagement.

• Question 186:

  A penetration tester has been hired to configure and conduct authenticated scans of all the servers on a software company's network. Which of the following accounts should the tester use to return the MOST results?

  A. Root user

  B. Local administrator

  C. Service

  D. Network administrator

  Correct Answer: C

• Question 187:

  A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement?

  A. Direct-to-origin

  B. Cross-site scripting

  C. Malware injection

  D. Credential harvesting

  Correct Answer: C

  Malware injection is the most likely cloud attack that the penetration tester implemented, as it involves adding a fake VM instance to the IaaS component of the client's VM. Malware injection is a type of attack that exploits vulnerabilities in cloud services or applications to inject malicious code or data into them. The injected malware can then compromise or control the cloud resources or data.

• Question 188:

  A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

  A. Open-source research

  B. A ping sweep

  C. Traffic sniffing

  D. Port knocking

  E. A vulnerability scan

  F. An Nmap scan

  Correct Answer: AC

  Open-source research and traffic sniffing are two activities that have a minimal chance of detection, as they do not involve sending any packets or requests to the target network or system. Open-source research is the process of gathering information from publicly available sources, such as websites, social media, blogs, forums, etc. Traffic sniffing is the process of capturing and analyzing network packets that are transmitted over a shared medium, such as wireless or Ethernet. Reference: https://www.sciencedirect.com/topics/computer-science/passive- reconnaissance

• Question 189:

  After running the enum4linux.pl command, a penetration tester received the following output: Which of the following commands should the penetration tester run NEXT?

  

  A. smbspool //192.160.100.56/print$

  B. net rpc share -S 192.168.100.56 -U ''

  C. smbget //192.168.100.56/web -U ''

  D. smbclient //192.168.100.56/web -U '' -N

  Correct Answer: D

  A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.

• Question 190:

  An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.

  Which of the following is the penetration tester trying to accomplish?

  A. Uncover potential criminal activity based on the evidence gathered.

  B. Identify all the vulnerabilities in the environment.

  C. Limit invasiveness based on scope.

  D. Maintain confidentiality of the findings.

  Correct Answer: C