CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 231:

  A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

  Which of the following can be done with the pcap to gain access to the server?

  A. Perform vertical privilege escalation.

  B. Replay the captured traffic to the server to recreate the session.

  C. Use John the Ripper to crack the password.

  D. Utilize a pass-the-hash attack.

  Correct Answer: D

• Question 232:

  A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

  Which of the following is the BEST action for the penetration tester to take?

  A. Utilize the tunnel as a means of pivoting to other internal devices.

  B. Disregard the IP range, as it is out of scope.

  C. Stop the assessment and inform the emergency contact.

  D. Scan the IP range for additional systems to exploit.

  Correct Answer: D

• Question 233:

  A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code? salt = `123' hash = hashlib.pbkdf2_hmac(`sha256', plaintext, salt, 10000) The tester recommended the code be updated to the following salt = os.urandom(32) hash = hashlib.pbkdf2_hmac(`sha256', plaintext, salt, 10000).

  Which of the following steps should the penetration tester recommend?

  A. Changing passwords that were created before this code update

  B. Keeping hashes created by both methods for compatibility

  C. Rehashing all old passwords with the new code

  D. Replacing the SHA-256 algorithm to something more secure

  Correct Answer: A

  The penetration tester recommended the code be updated to use a random salt instead of a fixed salt for hashing passwords. A salt is a random value that is added to the plaintext password before hashing it, to prevent attacks such as rainbow tables or dictionary attacks that rely on precomputed hashes of common or weak passwords. A random salt ensures that each password hash is unique and unpredictable, even if two users have the same password. However, changing the salt does not affect the existing hashes that were created with the old salt, which may still be vulnerable to attacks. Therefore, the penetration tester should recommend changing passwords that were created before this code update, so that they can be hashed with the new salt and be more secure. The other options are not valid steps that the penetration tester should recommend. Keeping hashes created by both methods for compatibility would defeat the purpose of updating the code, as it would leave some hashes vulnerable to attacks. Rehashing all old passwords with the new code would not work, as it would require knowing the plaintext passwords, which are not stored in the database. Replacing the SHA-256 algorithm to something more secure is not necessary, as SHA-256 is a secure and widely used hashing algorithm that has no known vulnerabilities or collisions.

• Question 234:

  When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

  A. <#

  B. <$

  C. ##

  D. #$

  E. #!

  Correct Answer: E

  Reference: https://linuxconfig.org/bash-scripting-tutorial-for-beginners

  #!/bin/bash ---# and ! makes this line special because # is used as comment line in bash. ! is called

• Question 235:

  Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?

  A. Operating cost

  B. Required scope of work

  C. Non-disclosure agreement

  D. Client's budget

  Correct Answer: B

  When calculating the price of a penetration test service for a client, the most important aspect to consider is the required scope of work 1. The scope of work defines the objectives of the penetration test and the systems that will be tested. It is

  important to understand the scope of work to determine the resources required to complete the test and the time it will take to complete the test 2.

  References: 2: CompTIA. (2021). CompTIA PenTest+ Certification Exam Objectives.

  Retrieved from

  https://www.comptia.org/content/dam/comptia/documents/certifications/Exam%20Objective s/CompTIA-PenTest%2B%20Exam%20Objectives%20PT0-002.pdf 1: O'Brien, D. (2021). The Official CompTIA PenTest+ Study Guide (Exam PT0002). John Wiley and Sons.

• Question 236:

  During a penetration tester found a web component with no authentication requirements. The web component also allows file uploads and is hosted on one of the target public web the following actions should the penetration tester perform next?

  A. Continue the assessment and mark the finding as critical.

  B. Attempting to remediate the issue temporally.

  C. Notify the primary contact immediately.

  D. Shutting down the web server until the assessment is finished

  Correct Answer: A

• Question 237:

  A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client's IP address. The tester later discovered the SOC had used sinkholing on the penetration tester's IP address. Which of the following BEST describes what happened?

  A. The penetration tester was testing the wrong assets

  B. The planning process failed to ensure all teams were notified

  C. The client was not ready for the assessment to start

  D. The penetration tester had incorrect contact information

  Correct Answer: B

  Sinkholing is a technique used by security teams to redirect malicious or unwanted network traffic to a controlled destination, such as a black hole or a honeypot. This can help prevent or mitigate attacks, analyze malware behavior, or isolate infected hosts. If the SOC used sinkholing on the penetration tester's IP address, it means that they detected the tester's activity and blocked it from reaching the client's network. This indicates that the planning process failed to ensure all teams were notified about the penetration testing engagement, which could have avoided this situation.

• Question 238:

  Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

  A. To remove hash-cracking registry entries

  B. To remove the tester-created Mimikatz account

  C. To remove tools from the server

  D. To remove a reverse shell from the system

  Correct Answer: B

• Question 239:

  During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)

  A. Scraping social media sites

  B. Using the WHOIS lookup tool

  C. Crawling the client's website

  D. Phishing company employees

  E. Utilizing DNS lookup tools

  F. Conducting wardriving near the client facility

  Correct Answer: AC

  Technical and billing addresses are usually posted on company websites and company social media sites for the their clients to access. The WHOIS lookup will only avail info for the company registrant, an abuse email contact, etc but it may not contain details for billing addresses.

• Question 240:

  A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?

  A. SQL injection

  B. HTML injection

  C. Remote command injection

  D. DLL injection

  Correct Answer: A

  WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data1. Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.