CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 201:

  A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high. Which of the following should be the NEXT step?

  A. Perform a new penetration test.

  B. Remediate the findings.

  C. Provide the list of common vulnerabilities and exposures.

  D. Broaden the scope of the penetration test.

  Correct Answer: B

• Question 202:

  When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

  A. security compliance regulations or laws may be violated.

  B. testing can make detecting actual APT more challenging.

  C. testing adds to the workload of defensive cyber- and threat-hunting teams.

  D. business and network operations may be impacted.

  Correct Answer: D

• Question 203:

  A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

  A. Redact identifying information and provide a previous customer's documentation.

  B. Allow the client to only view the information while in secure spaces.

  C. Determine which reports are no longer under a period of confidentiality.

  D. Provide raw output from penetration testing tools.

  Correct Answer: C

  Penetration testing reports contain sensitive information about the vulnerabilities and risks of a customer's systems and networks. Therefore, penetration testers should respect the confidentiality and privacy of their customers and only share their reports with authorized parties. Penetration testers should also follow the terms and conditions of their contracts with their customers, which may include a period of confidentiality that prohibits them from disclosing any information related to the testing without the customer's consent.

• Question 204:

  An Nmap scan of a network switch reveals the following:

  

  Which of the following technical controls will most likely be the FIRST recommendation for this device?

  A. Encrypted passwords

  B. System-hardening techniques

  C. Multifactor authentication

  D. Network segmentation

  Correct Answer: B

• Question 205:

  During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

  

  Which of the following was the script author trying to do?

  A. Spawn a local shell.

  B. Disable NIC.

  C. List processes.

  D. Change the MAC address

  Correct Answer: D

  This Python script uses the subprocess.call function to execute shell commands that first bring down the network interface eth0 (though it seems there's a typo with "etho0"), change its MAC address to "2a:33:41:56:21:34", and then bring the interface back up. The purpose of these actions is to change the MAC address of the network interface card (NIC) associated with eth0. Changing a MAC address can be used for various reasons, including bypassing MAC address filters or anonymizing the device on the network.

• Question 206:

  Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

  A. chmod u+x script.sh

  B. chmod u+e script.sh

  C. chmod o+e script.sh

  D. chmod o+x script.sh

  Correct Answer: A

  Reference: https://newbedev.com/chmod-u-x-versus-chmod-x

• Question 207:

  A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?

  A. -8 -T0

  B. --script "http*vuln*"

  C. -sn

  D. -O -A

  Correct Answer: B

  Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n - T4 --open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with

  the following options:

  -p 445 specifies the port number to scan.

  -n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.

  -T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses.

  -Open only shows hosts that have open ports, which can reduce the output and focus on relevant results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time

  sensitive.

• Question 208:

  A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

  A. inurl:

  B. link:

  C. site:

  D. intitle:

  Correct Answer: C

  The site: command can be used to restrict searches on Google to a specific domain. For example, site:company.com will return only results from the company.com domain. This can help the penetration tester to find information or pages related to the target domain.

• Question 209:

  A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue. Which of the following would BEST protect against this vulnerability?

  A. Network segmentation

  B. Key rotation

  C. Encrypted passwords

  D. Patch management

  Correct Answer: D

  Patch management is the process of identifying, downloading, and installing security patches for a system in order to address new vulnerabilities and software exploits. In the case of EternalBlue, the vulnerability was addressed by Microsoft

  in the form of a security patch. Installing this patch on the vulnerable host will provide protection from the vulnerability. Additionally, organizations should implement a patch management program to regularly check for and install security

  patches for the systems in their environment. Network segmentation (A) can limit the impact of a compromise by separating different parts of the network into smaller, more isolated segments. However, it does not address the vulnerability

  itself.

  Key rotation (B) is the process of periodically changing cryptographic keys, which can help protect against attacks that rely on stolen or compromised keys. However, it is not directly related to the EternalBlue vulnerability.

  Encrypted passwords (C) can help protect user credentials in case of a data breach or other compromise, but it does not prevent attackers from exploiting the EternalBlue vulnerability.

  Reference: CompTIA PenTest+ Certification Guide, Chapter 1: Pre-engagement Interactions, Page 21.

• Question 210:

  An organization wants to identify whether a less secure protocol is being utilized on a wireless network. Which of the following types of attacks will achieve this goal?

  A. Protocol negotiation

  B. Packet sniffing

  C. Four-way handshake

  D. Downgrade attack

  Correct Answer: D

  A downgrade attack is a type of attack that exploits a vulnerability in the protocol negotiation process between a client and a server to force them to use a less secure protocol than they originally intended. A downgrade attack can be used to identify whether a less secure protocol is being utilized on a wireless network by intercepting and modifying the messages exchanged during the protocol negotiation phase, such as the association request and response frames, and making the client and the server agree on a weaker protocol, such as WEP or WPA, instead of a stronger one, such as WPA2 or WPA3. A downgrade attack can also enable the attacker to perform other attacks, such as cracking the encryption keys or capturing the network traffic, more easily by taking advantage of the weaknesses of the less secure protocol. A downgrade attack can be performed by using tools such as Airgeddon, which is a multi-use bash script for Linux systems to audit wireless networks1.