CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 261:

  The following output is from reconnaissance on a public-facing banking website:

  

  Based on these results, which of the following attacks is MOST likely to succeed?

  A. A birthday attack on 64-bit ciphers (Sweet32)

  B. An attack that breaks RC4 encryption

  C. An attack on a session ticket extension (Ticketbleed)

  D. A Heartbleed attack

  Correct Answer: D

  Based on these results, the most likely attack to succeed is a Heartbleed attack. The Heartbleed attack is a vulnerability in the OpenSSL implementation of the TLS/SSL protocol that allows an attacker to read the memory of the server and potentially steal sensitive information, such as private keys, passwords, or session tokens. The results show that the website is using OpenSSL 1.0.1f, which is vulnerable to the Heartbleed attack1.

• Question 262:

  During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

  

  Which of the following vulnerabilities was the attacker trying to exploit?

  A. ..Session hijacking

  B. ..URL manipulation

  C. ..SQL injection

  D. ..Insecure direct object reference

  Correct Answer: D

  The attacker is sequentially changing the serviceID parameter in the URL, likely in an attempt to access objects that they are not authorized to see. This is indicative of an attempt to exploit an Insecure Direct Object Reference (IDOR)

  vulnerability, where unauthorized access to objects can occur by manipulating input or changing parameters in the URL.

  An insecure direct object reference (IDOR) vulnerability occurs when an application exposes a reference to an internal object, such as a file, directory, database record, or key, without any proper authorization or validation mechanism. This

  allows an attacker to manipulate the reference and access other objects that they are not authorized to access. In this case, the attacker was trying to exploit the IDOR vulnerability in the servicestatus.php script, which accepts a serviceID

  parameter that directly references a service object. By changing the value of the serviceID parameter, the attacker could access different services that they were not supposed to see. References: The Official CompTIA PenTest+ Student

  Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.2: Insecure Direct Object References; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack.

• Question 263:

  A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

  A. Check the scoping document to determine if exfiltration is within scope.

  B. Stop the penetration test.

  C. Escalate the issue.

  D. Include the discovery and interaction in the daily report.

  Correct Answer: B

  "Another reason to communicate with the customer is to let the customer know if something unexpected arises while doing the pentest, such as if a critical vulnerability is found on a system, a new target system is found that is outside the scope of the penetration test targets, or a security breach is discovered when doing the penetration test. You will need to discuss how to handle such discoveries and who to contact if those events occur. In case of such events, you typically stop the pentest temporarily to discuss the issue with the customer, then resume once a resolution has been determined."

• Question 264:

  A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:

  Pre-engagement interaction (scoping and ROE) Intelligence gathering (reconnaissance) Threat modeling Vulnerability analysis Exploitation and post exploitation Reporting

  Which of the following methodologies does the client use?

  A. OWASP Web Security Testing Guide

  B. PTES technical guidelines

  C. NIST SP 800-115

  D. OSSTMM

  Correct Answer: B

  Reference: https://kirkpatrickprice.com/blog/stages-of-penetration-testing-according-to- ptes/

• Question 265:

  A penetration tester is testing a new API for the company's existing services and is preparing the following script:

  

  Which of the following would the test discover?

  A. Default web configurations

  B. Open web ports on a host

  C. Supported HTTP methods

  D. Listening web servers in a domain

  Correct Answer: C

  The script is using the requests library to send an OPTIONS request to the API endpoint, which returns a list of supported HTTP methods for that resource. This can help the penetration tester to identify potential attack vectors or vulnerabilities based on the methods allowed.

• Question 266:

  A penetration-testing team needs to test the security of electronic records in a company's office. Per the terms of engagement, the penetration test is to be conducted after hours and should not include circumventing the alarm or performing destructive entry. During outside reconnaissance, the team sees an open door from an adjoining building. Which of the following would be allowed under the terms of the engagement?

  A. Prying the lock open on the records room

  B. Climbing in an open window of the adjoining building

  C. Presenting a false employee ID to the night guard

  D. Obstructing the motion sensors in the hallway of the records room

  Correct Answer: B

  The terms of engagement state that the penetration test should not include circumventing the alarm or performing destructive entry, which rules out options A and D. Option C is also not allowed, as it involves social engineering, which is not part of the scope. Option B is the only one that does not violate the terms of engagement, as it uses an open door from an adjoining building to gain access to the records room. This can help the penetration tester to test the physical security of the electronic records without breaking any rules.

• Question 267:

  Appending string values onto another string is called:

  A. compilation

  B. connection

  C. concatenation

  D. conjunction

  Correct Answer: C

  Concatenation is the term used to describe the process of appending string values onto another string. In Python, concatenation can be done using the + operator, such as "Hello" + "World" = "HelloWorld"4. Reference: https://docs.microsoft.com/en-us/dotnet/csharp/how-to/concatenate-multiple- strings

• Question 268:

  Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

  A. Executive summary

  B. Remediation

  C. Methodology

  D. Metrics and measures

  Correct Answer: B

  The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.

• Question 269:

  Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

  A. To provide feedback on the report structure and recommend improvements

  B. To discuss the findings and dispute any false positives

  C. To determine any processes that failed to meet expectations during the assessment

  D. To ensure the penetration-testing team destroys all company data that was gathered during the test

  Correct Answer: C

• Question 270:

  A penetration tester gains access to a system and is able to migrate to a user process:

  

  Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

  A. Redirecting output from a file to a remote system

  B. Building a scheduled task for execution

  C. Mapping a share to a remote system

  D. Executing a file on the remote system

  E. Creating a new process on all domain systems

  F. Setting up a reverse shell from a remote system

  G. Adding an additional IP address on the compromised system

  Correct Answer: CD

  WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.