CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 221:

  A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

  A. Implement a recurring cybersecurity awareness education program for all users.

  B. Implement multifactor authentication on all corporate applications.

  C. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

  D. Implement an email security gateway to block spam and malware from email communications.

  Correct Answer: A

  The simulated phishing attack showed that most of the employees were not able to recognize or avoid a common social engineering technique that could compromise their corporate credentials and expose sensitive data or systems. The best way to address this situation is to implement a recurring cybersecurity awareness education program for all users that covers topics such as phishing, password security, data protection, and incident reporting. This will help raise the level of security awareness and reduce the risk of falling victim to phishing attacks in the future. The other options are not as effective or feasible as educating users about phishing prevention techniques.

  Reference: https://resources.infosecinstitute.com/topic/top-9-free-phishing-simulators/

• Question 222:

  A company requires that all hypervisors have the latest available patches installed. Which of the following would BEST explain the reason why this policy is in place?

  A. To provide protection against host OS vulnerabilities

  B. To reduce the probability of a VM escape attack

  C. To fix any misconfigurations of the hypervisor

  D. To enable all features of the hypervisor

  Correct Answer: B

  A hypervisor is a type of virtualization software that allows multiple virtual machines (VMs) to run on a single physical host machine. If the hypervisor is compromised, an attacker could potentially gain access to all of the VMs running on that host, which could lead to a significant data breach or other security issues. One common type of attack against hypervisors is known as a VM escape attack. In this type of attack, an attacker exploits a vulnerability in the hypervisor to break out of the VM and gain access to the host machine. From there, the attacker can potentially gain access to other VMs running on the same host. By ensuring that all hypervisors have the latest available patches installed, the company can reduce the likelihood that a VM escape attack will be successful. Patches often include security updates and vulnerability fixes that address known issues and can help prevent attacks.

• Question 223:

  A security analyst is conducting an unknown environment test from 192.168 3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve This objective?

  A. Nmap –F 192.168.5.5

  B. Map –datalength 2.192.168.5.5

  C. Nmap –D 10.5.2.2.168.5.5

  D. Map –scanflags SYNFIN 192.168.5.5

  Correct Answer: D

  To limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems, the security analyst should use the Nmap -D 10.5.2.2 192.168.3.3 command 1. The -D option is used to conceal the identity of the attacker by using decoy IP addresses. This option can be used to confuse the IDS/IPS and lower the probability of detection 1. References: 1: CompTIA. (2021). CompTIA PenTest+ Certification Exam Objectives. Retrieved from https://www.comptia.org/content/dam/comptia/documents/certifications/Exam%20Objective s/CompTIA-PenTest%2B%20Exam%20Objectives%20PT0-002.pdf

• Question 224:

  Which of the following BEST describe the OWASP Top 10? (Choose two.)

  A. The most critical risks of web applications

  B. A list of all the risks of web applications

  C. The risks defined in order of importance

  D. A web-application security standard

  E. A risk-governance and compliance framework

  F. A checklist of Apache vulnerabilities

  Correct Answer: AC

  These two options best describe the OWASP Top 10, which stands for Open Web Application Security Project Top 10 and is a list of the most critical web application security risks based on data from various sources and experts. The list is updated periodically to reflect changes in technology and threat landscape. The list also ranks the risks in order of importance based on their prevalence, impact, and ease of exploitation or remediation. The other options are not accurate descriptions of the OWASP Top 10. The list does not cover all the risks of web applications, but rather focuses on the most common and severe ones. The list is not a web application security standard, but rather a guideline or reference for developers, testers, and security professionals. The list is not a risk-governance and compliance framework, but rather a resource or tool for identifying and mitigating web application vulnerabilities. The list is not a checklist of Apache vulnerabilities, but rather a general list of web application risks that apply to any web server or platform. Reference: https://www.synopsys.com/glossary/what-is-owasp-top-10.html

• Question 225:

  A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company's privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

  A. OpenVAS

  B. Nikto

  C. SQLmap

  D. Nessus

  Correct Answer: C

  Reference: https://phoenixnap.com/blog/best-penetration-testing-tools

• Question 226:

  A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

  A. Immunity Debugger

  B. OllyDbg

  C. GDB

  D. Drozer

  Correct Answer: A

  Immunity Debugger is a tool that can be used to deconstruct 64-bit Windows binaries and see the underlying code. Immunity Debugger is a powerful debugger that integrates with Python and allows users to write their own scripts and plugins. It can be used for reverse engineering, malware analysis, vulnerability research, and exploit development

• Question 227:

  Which of the following is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten?

  A. NIST SP 800-53

  B. ISO 27001

  C. GDPR

  Correct Answer: C

  GDPR is a regulatory compliance standard that focuses on user privacy by implementing the right to be forgotten. GDPR stands for General Data Protection Regulation, and it is a law that applies to the European Union and the United Kingdom. GDPR gives individuals the right to request their personal data be deleted by data controllers and processors under certain circumstances, such as when the data is no longer necessary, when the consent is withdrawn, or when the data was unlawfully processed. GDPR also imposes other obligations and rights related to data protection, such as data minimization, data portability, data breach notification, and consent management. The other options are not regulatory compliance standards that focus on user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security and privacy controls for federal information systems and organizations in the United States. ISO 27001 is an international standard that specifies the requirements for an information security management system.

• Question 228:

  A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

  A. Remove the logs from the server.

  B. Restore the server backup.

  C. Disable the running services.

  D. Remove any tools or scripts that were installed.

  E. Delete any created credentials.

  F. Reboot the target server.

  Correct Answer: DE

• Question 229:

  A penetration tester requested, without express authorization, that a CVE number be assigned for a new vulnerability found on an internal client application. Which of the following did the penetration tester most likely breach?

  A. ROE

  B. SLA

  C. NDA

  D. SOW

  Correct Answer: A

  ROE stands for Rules of Engagement, which are the guidelines and limitations that define the scope, objectives, and methods of a penetration testing engagement. ROE should be agreed upon by both the client and the tester before the testing begins, and they should include the authorization to perform certain actions, such as requesting CVE numbers, disclosing vulnerabilities, or exploiting systems. By requesting a CVE number without express authorization, the penetration tester most likely breached the ROE and violated the client's trust and expectations.

• Question 230:

  Given the following script:

  while True:

  print ("Hello World")

  Which of the following describes True?

  A. A while loop

  B. A conditional

  C. A Boolean operator

  D. An arithmetic operator

  Correct Answer: C

  True is a Boolean operator in Python, which is an operator that returns either True or False values based on logical conditions. Boolean operators can be used in expressions or statements that evaluate to True or False values, such as comparisons, assignments, or loops. In the code, True is used as the condition for a while loop, which is a loop that repeats a block of code as long as the condition is True. The code will print "Hello World" indefinitely because True will always be True and the loop will never end. The other options are not valid descriptions of True.