CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 21:

  A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

  A. nmap sn 192.168.0.1/16

  B. nmap sn 192.168.0.1-254

  C. nmap sn 192.168.0.1 192.168.0.1.254

  D. nmap sN 192.168.0.0/24

  Correct Answer: B

• Question 22:

  A penetration tester conducted a discovery scan that generated the following:

  

  Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

  A. nmap –oG list.txt 192.168.0.1-254 , sort

  B. nmap –sn 192.168.0.1-254 , grep “Nmap scan” | awk ‘{print S5}’

  C. nmap –-open 192.168.0.1-254, uniq

  D. nmap –o 192.168.0.1-254, cut –f 2

  Correct Answer: B

  the NMAP flag (-sn) which is for host discovery and returns that kind of NMAP output. And the AWK command selects column 5 ({print $5}) which obviously carries the returned IP of the host in the NMAP output.

  This command will generate the results shown in the image and transform them into a list of active hosts for further analysis. The command consists of three parts:

  nmap -sn 192.168.0.1-254: This part uses nmap, a network scanning tool, to perform a ping scan (-sn) on the IP range 192.168.0.1-254, which means sending ICMP echo requests to each IP address and checking if they respond. grep

  "Nmap scan": This part uses grep, a text filtering tool, to search for the string "Nmap scan" in the output of the previous part and display only the matching lines. This will filter out the lines that show the start and end time of the scan and only

  show the lines that indicate the status of each host. awk `{print $5}': This part uses awk, a text processing tool, to print the fifth field ($5) of each line in the output of the previous part. This will extract only the IP addresses of each host and

  display them as a list.

  The final output will look something like this:

  192.168.0.1 192.168.0.12 192.168.0.17 192.168.0.34

• Question 23:

  A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

  

  Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  A. Edit the discovered file with one line of code for remote callback

  B. Download .pl files and look for usernames and passwords

  C. Edit the smb.conf file and upload it to the server

  D. Download the smb.conf file and look at configurations

  Correct Answer: C

• Question 24:

  A penetration tester uncovers access keys within an organization's source code management solution. Which of the following would BEST address the issue? (Choose two.)

  A. Setting up a secret management solution for all items in the source code management system

  B. Implementing role-based access control on the source code management system

  C. Configuring multifactor authentication on the source code management system

  D. Leveraging a solution to scan for other similar instances in the source code management system

  E. Developing a secure software development life cycle process for committing code to the source code management system

  F. Creating a trigger that will prevent developers from including passwords in the source code management system

  Correct Answer: AE

  Access keys are credentials that allow users to authenticate and authorize requests to a source code management (SCM) system, such as GitLab or AWS. Access keys should be kept secret and not exposed in plain text within the source code, as this can compromise the security and integrity of the SCM system and its data. Some possible options for addressing the issue of access keys within an organization's SCM solution are: Setting up a secret management solution for all items in the SCM system: This is a tool or service that securely stores, manages, and distributes secrets such as access keys, passwords, tokens, certificates, etc. A secret management solution can help prevent secrets from being exposed in plain text within the source code or configuration files3456. Developing a secure software development life cycle (SDLC) process for committing code to the SCM system: This is a framework or methodology that defines how software is developed, tested, deployed, and maintained. A secure SDLC process can help ensure that best practices for security are followed throughout the software development process, such as code reviews, static analysis tools, vulnerability scanning tools, etc. A secure SDLC process can help detect and prevent access keys from being included in the source code before they are committed to the SCM system1.

• Question 25:

  A penetration tester created the following script to use in an engagement:

  

  However, the tester is receiving the following error when trying to run the script:

  

  Which of the following is the reason for the error?

  A. The sys variable was not defined.

  B. The argv variable was not defined.

  C. The sys module was not imported.

  D. The argv module was not imported.

  Correct Answer: C

  The sys module is a built-in module in Python that provides access to system-specific parameters and functions, such as command-line arguments, standard input/output, and exit status. The sys module must be imported before it can be used in a script, otherwise an error will occur. The script uses the sys.argv variable, which is a list that contains the command-line arguments passed to the script. However, the script does not import the sys module at the beginning, which causes the error "NameError: name `sys' is not defined". To fix this error, the script should include the statement "import sys" at the top. The other options are not valid reasons for the error.

• Question 26:

  A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router. Which of the following is MOST vulnerable to a brute-force attack?

  A. WPS

  B. WPA2-EAP

  C. WPA-TKIP

  D. WPA2-PSK

  Correct Answer: A

  Reference: https://us-cert.cisa.gov/ncas/alerts/TA12-006A

• Question 27:

  A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?

  A. Steganography

  B. Metadata removal

  C. Encryption

  D. Encode64

  Correct Answer: B

  All other answers are a form of encryption or randomizing the data.

• Question 28:

  Which of the following OSSTM testing methodologies should be used to test under the worst conditions?

  A. Tandem

  B. Reversal

  C. Semi-authorized

  D. Known environment

  Correct Answer: D

  The OSSTM testing methodology that should be used to test under the worst conditions is known environment, which is a testing approach that assumes that the tester has full knowledge of the target system or network, such as its architecture, configuration, vulnerabilities, or defenses. A known environment testing can simulate a worst-case scenario, where an attacker has gained access to sensitive information or insider knowledge about the target, and can exploit it to launch more sophisticated or targeted attacks. A known environment testing can also help identify the most critical or high-risk areas of the target, and provide recommendations for improving its security posture. The other options are not OSSTM testing methodologies that should be used to test under the worst conditions. Tandem is a testing approach that involves two testers working together on the same target, one as an attacker and one as a defender, to simulate a realistic attack scenario and evaluate the effectiveness of the defense mechanisms. Reversal is a testing approach that involves switching roles between the tester and the client, where the tester acts as a defender and the client acts as an attacker, to assess the security awareness and skills of the client. Semi-authorized is a testing approach that involves giving partial or limited authorization or access to the tester, such as a user account or a network segment, to simulate an attack scenario where an attacker has compromised a legitimate user or device.

• Question 29:

  A company provided the following network scope for a penetration test: 169.137.1.0/24 221.10.1.0/24 149.14.1.0/24 A penetration tester discovered a remote command injection on IP address 149.14.1.24 and exploited the system. Later, the tester learned that this particular IP address belongs to a third party. Which of the following stakeholders is

  responsible for this mistake?

  A. The company that requested the penetration test

  B. The penetration testing company

  C. The target host's owner

  D. The penetration tester

  E. The subcontractor supporting the test

  Correct Answer: A

  The company that requested the penetration test is responsible for providing the correct and accurate network scope for the test. The network scope defines the boundaries and limitations of the test, such as which IP addresses, domains, systems, or networks are in scope or out of scope. If the company provided an incorrect network scope that included an IP address that belongs to a third party, then it is responsible for this mistake. The penetration testing company, the target host's owner, the penetration tester, and the subcontractor supporting the test are not responsible for this mistake, as they relied on the network scope provided by the company that requested the penetration test.

• Question 30:

  Which of the following factors would a penetration tester most likely consider when testing at a location?

  A. Determine if visas are required.

  B. Ensure all testers can access all sites.

  C. Verify the tools being used are legal for use at all sites.

  D. Establish the time of the day when a test can occur.

  Correct Answer: D

  One of the factors that a penetration tester would most likely consider when testing at a location is to establish the time of day when a test can occur. This factor can affect the scope, duration, and impact of the test, as well as the availability and response of the client and the testers. Testing at different times of day can have different advantages and disadvantages, such as testing during business hours to simulate realistic scenarios and traffic patterns, or testing after hours to reduce disruption and interference. Testing at different locations may also require adjusting for different time zones and daylight saving times. Establishing the time of day when a test can occur can help plan and coordinate the test effectively and avoid confusion or conflict with the client or other parties involved in the test. The other options are not factors that a penetration tester would most likely consider when testing at a location.