CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 321:

  A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

  A. Wireshark

  B. Nessus

  C. Retina

  D. Burp Suite

  E. Shodan

  F. Nikto

  Correct Answer: AE

  Wireshark and Shodan are two tools that can be used to perform passive reconnaissance, which means collecting information from publicly available sources without interacting with the target or revealing one's identity. Wireshark is a tool

  that can be used to capture and analyze network traffic, such as packets, protocols, or sessions, without sending any data to the target. Shodan is a tool that can be used to search for devices or services on the internet, such as web servers,

  routers, cameras, or firewalls, without contacting them directly. The other tools are not passive reconnaissance tools, but rather active reconnaissance tools, which means interacting with the target or sending data to it. Nessus and Retina are

  tools that can be used to perform vulnerability scanning, which involves sending probes or requests to the target and analyzing its responses for potential weaknesses. Burp Suite is a tool that can be used to perform web application testing,

  which involves intercepting and modifying web requests and responses between the browser and the server.

  Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

• Question 322:

  An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?

  A. nmap 192.168.0.1/24

  B. nmap 192.168.0.1/24

  C. nmap oG 192.168.0.1/24

  D. nmap 192.168.0.1/24

  Correct Answer: A

• Question 323:

  A penetration tester wrote the following script to be used in one engagement:

  

  Which of the following actions will this script perform?

  A. Look for open ports.

  B. Listen for a reverse shell.

  C. Attempt to flood open ports.

  D. Create an encrypted tunnel.

  Correct Answer: A

  The script will perform a port scan on the target IP address, looking for open ports on a list of common ports. A port scan is a technique that probes a network or a system for open ports, which can reveal potential vulnerabilities or services running on the host.

• Question 324:

  A penetration tester writes the following script:

  

  Which of the following objectives is the tester attempting to achieve?

  A. Determine active hosts on the network.

  B. Set the TTL of ping packets for stealth.

  C. Fill the ARP table of the networked devices.

  D. Scan the system on the most used ports.

  Correct Answer: A

  The tester is attempting to determine active hosts on the network by writing a script that pings a range of IP addresses. Ping is a network utility that sends ICMP echo request packets to a host and waits for ICMP echo reply packets. Ping can be used to test whether a host is reachable or not by measuring its response time. The script uses a for loop to iterate over a range of IP addresses from 192.168.1.1 to 192.168.1.254 and pings each one using the ping command with -c 1 option, which specifies one packet per address.

• Question 325:

  Given the following output: User-agent:*

  Disallow: /author/

  Disallow: /xmlrpc.php

  Disallow: /wp-admin

  Disallow: /page/

  During which of the following activities was this output MOST likely obtained?

  A. Website scraping

  B. Website cloning

  C. Domain enumeration

  D. URL enumeration

  Correct Answer: D

  URL enumeration is the activity of discovering and mapping the URLs of a website, such as directories, files, parameters, or subdomains. URL enumeration can help to identify the structure, content, and functionality of a website, as well as potential vulnerabilities or misconfigurations. One of the methods of URL enumeration is to analyze the robots.txt file of a website, which is a text file that tells search engine crawlers which URLs the crawler can or can't request from the site1. The output shown in the question is an example of a robots.txt file that disallows crawling of certain URLs, such as /author/, /xmlrpc.php, /wp-admin, or /page/.

• Question 326:

  A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom. Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

  A. Shoulder surfing

  B. Call spoofing

  C. Badge stealing

  D. Tailgating

  E. Dumpster diving

  F. Email phishing

  Correct Answer: CD

• Question 327:

  A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

  A. The web server is using a WAF.

  B. The web server is behind a load balancer.

  C. The web server is redirecting the requests.

  D. The local antivirus on the web server Is rejecting the connection.

  Correct Answer: A

  A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.

• Question 328:

  A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

  Which of the following tools or techniques would BEST support additional reconnaissance?

  A. Wardriving

  B. Shodan

  C. Recon-ng

  D. Aircrack-ng

  Correct Answer: C

• Question 329:

  Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

  A. After detection of a breach

  B. After a merger or an acquisition

  C. When an organization updates its network firewall configurations

  D. When most of the vulnerabilities have been remediated

  Correct Answer: D

• Question 330:

  A penetration tester found several critical SQL injection vulnerabilities during an assessment of a client's system. The tester would like to suggest mitigation to the client as soon as possible.

  Which of the following remediation techniques would be the BEST to recommend? (Choose two.)

  A. Closing open services

  B. Encryption users' passwords

  C. Randomizing users' credentials

  D. Users' input validation

  E. Parameterized queries

  F. Output encoding

  Correct Answer: DE

  SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can result in data theft, data corruption, authentication bypass,

  or command execution. To mitigate SQL injection vulnerabilities, the following remediation techniques are recommended:

  Users' input validation: This involves checking and sanitizing the user input before passing it to the database server. Input validation can prevent malicious or unexpected input from reaching the database server and causing harm. Input

  validation can be done by using whitelists, blacklists, regular expressions, or escaping mechanisms.

  Parameterized queries: This involves using placeholders or parameters for user input instead of concatenating it with the SQL statement. Parameterized queries can separate the user input from the SQL logic and prevent it from being

  interpreted as part of the SQL statement. Parameterized queries can be implemented by using prepared statements, stored procedures, or frameworks that support them. The other options are not relevant or effective remediation techniques

  for SQL injection vulnerabilities.