CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 361:

  A penetration tester is enumerating shares and receives the following output:

  

  Which of the following should the penetration tester enumerate next?

  A. dev

  B. print$

  C. home

  D. notes

  Correct Answer: A

• Question 362:

  During a test of a custom-built web application, a penetration tester identifies several vulnerabilities. Which of the following would be the most interested in the steps to reproduce these vulnerabilities?

  A. Operations staff

  B. Developers

  C. Third-party stakeholders

  D. C-suite executives

  Correct Answer: B

  The developers would be the most interested in the steps to reproduce the web application vulnerabilities, because they are responsible for fixing the code and implementing security best practices. The steps to reproduce the vulnerabilities would help them understand the root cause of the problem, test the patches, and prevent similar issues in the future. The other options are less interested in the technical details of the vulnerabilities, as they have different roles and responsibilities. The operations staff are more concerned with the availability and performance of the web application, the third-party stakeholders are more interested in the business impact and risk assessment of the vulnerabilities, and the C-suite executives are more focused on the strategic and financial implications of the vulnerabilities123.

• Question 363:

  A penetration tester wants to find the password for any account in the domain without locking any of the accounts. Which of the following commands should the tester use?

  A. enum4linux -u userl -p /passwordList.txt 192.168.0.1

  B. enum4linux -u userl -p Passwordl 192.168.0.1

  C. cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt

  D. cme smb 192.168.0.0/24 -u /userList.txt -p Summer123

  Correct Answer: C

  The cme smb 192.168.0.0/24 -u /userList.txt -p /passwordList.txt command is used to perform SMB enumeration on the 192.168.0.0/24 subnet using a list of usernames and passwords. The -u option specifies the file containing the usernames, and the -p option specifies the file containing the passwords1. This command allows the tester to attempt to authenticate with multiple accounts without locking any of them out. References: SMB Command

• Question 364:

  Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?

  A. DirBuster

  B. Open VAS

  C. Scout Suite

  D. CeWL

  Correct Answer: A

  DirBuster is a tool that can brute-force directories and filenames on web servers. It can help a penetration tester locate a file that was uploaded to a content management system by trying different combinations of paths and names until it finds a match. DirBuster can also use wordlists to speed up the process and discover hidden files or directories. References: The Official CompTIA PenTest+ Instructor Guide (Exam PT0- 002) eBook, page 156

• Question 365:

  Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?

  A. OWASP Top 10

  B. MITRE ATTandCK

  C. Cyber Kill Chain

  D. Well-Architected Framework

  Correct Answer: B

• Question 366:

  Given the following code:

  $p = (80, 110, 25)

  $network = (192.168.0)

  $range = 1 .. 254

  $ErrorActionPreference = 'silentlycontinue'

  $Foreach ($add in $range)

  $Foreach ($x in $p)

  { {$ip = "{0} . {1} -F $network, $add"

  If (Test-Connection -BufferSize 32 -Count 1 -quiet -ComputerName $ip)

  {$socket = new-object System.Net. Sockets. TcpClient (andip, $x)

  If ($socket. Connected) { $ip $p open"

  $socket. Close () }

  }

  }}

  Which of the following tasks could be accomplished with the script?

  A. Reverse shell

  B. Ping sweep

  C. File download

  D. Port scan

  Correct Answer: D

  The script is performing a port scan on the network 192.168.0.0/24, by testing the connectivity of three ports (80, 110, 25) on each IP address in the range 1-254. A port scan is a technique used to identify open ports and services on a target host or network. It can be used for reconnaissance, vulnerability assessment, or penetration testing.

• Question 367:

  In Java and C/C++, variable initialization is critical because:

  A. the unknown value, when used later, will cause unexpected behavior.

  B. the compiler will assign null to the variable, which will cause warnings and errors.

  C. the initial state of the variable creates a race condition.

  D. the variable will not have an object type assigned to it.

  Correct Answer: A

  Variable initialization is the process of assigning a value to a variable at the time of declaration. In Java and C/C++, variable initialization is critical because if a variable is not initialized, it may contain a garbage value that is unpredictable and may lead to erroneous results or runtime errors when the variable is used later in the program. For example, if a variable is used in a mathematical expression or a conditional statement, the outcome may depend on the value of the variable. If the variable is not initialized, the outcome may be different each time the program is run, or the program may crash due to an invalid operation. Therefore, it is a good practice to always initialize variables before using them, or to check if they have been initialized before using them123.

• Question 368:

  A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the scan is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?

  A. nmap -T3 -p 80 10.0.0.0/16 -- max-hostgroup 100

  B. nmap -TO -p 80 10.0.0.0/16

  C. nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60

  D. nmap -T5 -p 80 10.0.0.0/16 -- min-rate 80

  Correct Answer: C

  The nmap -T4 -p 80 10.0.0.0/16 -- max-rate 60 command is used to scan the 10.0.0.0/16 subnet for web servers (port 80) at a maximum rate of 60 packets per minute. The -T4 option sets the timing template to "aggressive", which speeds up the scan. The -- max-rate option limits the number of packets sent per second, helping to bypass the network IPS that isolates the source when the scan exceeds 100 packets per minute12.

• Question 369:

  Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

  A. Non-disclosure agreement

  B. Business associate agreement

  C. Assessment scope and methodologies

  D. Executive summary

  Correct Answer: C

  The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination.

• Question 370:

  Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?

  A. The IT department

  B. The executive management team and legal personnel

  C. Organizational security personnel

  D. The human resources team

  Correct Answer: B