CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 211:

  An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive most likely experiencing?

  A. Data modification

  B. Amplification

  C. Captive portal

  D. Evil twin

  Correct Answer: D

  The attacker creates an access point with the same name and network settings as a legitimate access point, but with a stronger signal to attract users. Once a victim connects to the rogue access point, the attacker can intercept and steal any data transmitted over the connection, including login credentials, credit card information, and other sensitive data.

• Question 212:

  During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

  A. SOW.

  B. SLA.

  C. ROE.

  D. NDA

  Correct Answer: C

  https://mainnerve.com/what-are-rules-of-engagement-in-pen- testing/#:~:text=The%20ROE%20includes%20the%20dates,limits%2C%20or%20out%20of %20scope.

• Question 213:

  A penetration tester ran the following commands on a Windows server:

  

  Which of the following should the tester do AFTER delivering the final report?

  A. Delete the scheduled batch job.

  B. Close the reverse shell connection.

  C. Downgrade the svsaccount permissions.

  D. Remove the tester-created credentials.

  Correct Answer: D

• Question 214:

  Which of the following describe the GREATEST concerns about using third-party open- source libraries in application code? (Choose two.)

  A. The libraries may be vulnerable

  B. The licensing of software is ambiguous

  C. The libraries' code bases could be read by anyone

  D. The provenance of code is unknown

  E. The libraries may be unsupported

  F. The libraries may break the application

  Correct Answer: AD

  A. The libraries may be vulnerable to security bugs or exploits that can compromise the application or the data. According to the web search results, open-source libraries often have vulnerabilities that can be exploited by attackers, such as Heartbleed, Shellshock, DROWN, or npm left-pad1234. These vulnerabilities can allow attackers to extract sensitive data, execute arbitrary commands, decrypt encrypted traffic, or break the functionality of the application. Therefore, using third-party open-source libraries in application code poses a significant security risk.

  D. The provenance of code is unknown, meaning that the origin and history of the code are not verified or documented. According to the web search results, open- source libraries and client projects are developed and continuously evolving in an asynchronous way, which makes it difficult to track the changes and updates of the code2. Moreover, open-source libraries may have dependencies on other libraries, which can introduce additional risks or vulnerabilities1. Therefore, using third-party open-source libraries in application code poses a significant quality risk.

• Question 215:

  A penetration tester needs to upload the results of a port scan to a centralized security tool. Which of the following commands would allow the tester to save the results in an interchangeable format?

  A. nmap -iL results 192.168.0.10-100

  B. nmap 192.168.0.10-100 -O > results

  C. nmap -A 192.168.0.10-100 -oX results

  D. nmap 192.168.0.10-100 | grep "results"

  Correct Answer: C

• Question 216:

  In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

  A. Test for RFC-defined protocol conformance.

  B. Attempt to brute force authentication to the service.

  C. Perform a reverse DNS query and match to the service banner.

  D. Check for an open relay configuration.

  Correct Answer: D

  SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.

• Question 217:

  A penetration tester gains access to a web server and notices a large number of devices in the system ARP table. Upon scanning the web server, the tester determines that many of the devices are user ...ch of the following should be included in the recommendations for remediation?

  A. training program on proper access to the web server

  B. patch-management program for the web server.

  C. the web server in a screened subnet

  D. Implement endpoint protection on the workstations

  Correct Answer: D

  The penetration tester should recommend implementing endpoint protection on the workstations, which is a security measure that involves installing software or hardware on devices that connect to a network to protect them from threats such as malware, ransomware, phishing, or unauthorized access. Endpoint protection can include antivirus software, firewalls, encryption tools, VPNs, or device management systems. Endpoint protection can help prevent user workstations from being compromised by attackers who have gained access to the web server or other devices on the network. The other options are not valid recommendations for remediation based on the discovery that many of the devices are user workstations. Changing passwords that were created before this code update is not relevant to this issue, as it refers to a different scenario involving password hashing and salting. Keeping hashes created by both methods for compatibility is not relevant to this issue, as it refers to a different scenario involving password hashing and salting. Moving the web server in a screened subnet is not relevant to this issue, as it refers to a different scenario involving network segmentation and isolation.

• Question 218:

  A penetration tester gives the following command to a systems administrator to execute on one of the target servers:

  rm -f /var/www/html/G679h32gYu.php

  Which of the following BEST explains why the penetration tester wants this command executed?

  A. To trick the systems administrator into installing a rootkit

  B. To close down a reverse shell

  C. To remove a web shell after the penetration test

  D. To delete credentials the tester created

  Correct Answer: C

  A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.

• Question 219:

  A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.

  Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  A. nmap -sT -vvv -O 192.168.1.2/24 -PO

  B. nmap -sV 192.168.1.2/24 -PO

  C. nmap -sA -v -O 192.168.1.2/24

  D. nmap -sS -O 192.168.1.2/24 -T1

  Correct Answer: D

  Reference: https://nmap.org/book/man-port-scanning-techniques.html

• Question 220:

  A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:

  comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.

  3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.

  Which of the following potential issues can the penetration tester identify based on this output?

  A. At least one of the records is out of scope.

  B. There is a duplicate MX record.

  C. The NS record is not within the appropriate domain.

  D. The SOA records outside the comptia.org domain.

  Correct Answer: A