CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 371:

  A penetration tester is reviewing the security of a web application running in an laaS compute instance. Which of the following payloads should the tester send to get the running process credentials?

  A. file=http://192.168. 1. 78?+document.cookie

  B. file =.. / .. / .. /proc/self/environ

  C. file='%20or%2054365=54365 ;-

  D. file=http://169.254.169.254/latest/meta-data/

  Correct Answer: D

  The payload D is used to access the metadata service of the laaS compute instance, which can provide information about the running process credentials, such as the instance ID, the service account, and the SSH keys. This is a common technique for exploiting cloud-based web applications that do not properly secure their metadata service. The other payloads are not effective for this purpose, as they either try to access the cookie data (A), the environment variables (B), or perform a SQL injection attack ? which are not related to the running process credentials.

• Question 372:

  A penetration tester is performing a vulnerability scan on a large ATM network. One of the organization's requirements is that the scan does not affect legitimate clients' usage of the ATMs. Which of the following should the tester do to best meet the company's vulnerability scan requirements?

  A. Use Nmap's -T2 switch to run a slower scan and with less resources.

  B. Run the scans using multiple machines.

  C. Run the scans only during lunch hours.

  D. Use Nmap's -host-timeout switch to skip unresponsive targets.

  Correct Answer: A

• Question 373:

  A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end

  database. Using the application's search form, the penetration tester inputs the following code in the search input field:

  IMG SRC=vbscript:msgbox ("Vulnerable_to_Attack") ; >originalAttribute="SRC"originalPath="vbscript;msgbox ("Vulnerable_to_Attack ") ;>"

  When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays "Vulnerable_to_Attack."

  Which of the following vulnerabilities did the tester discover in the web application?

  A. SQL injection

  B. Command injection

  C. Cross-site request forgery

  D. Cross-site scripting

  Correct Answer: D

• Question 374:

  A penetration tester observes an application enforcing strict access controls. Which of the following would allow the tester to bypass these controls and successfully access the organization's sensitive files?

  A. Remote file inclusion

  B. Cross-site scripting

  C. SQL injection

  D. Insecure direct object references

  Correct Answer: D

  Insecure Direct Object References (IDOR) vulnerabilities occur when an application provides direct access to objects based on user-supplied input. This can allow an attacker to bypass authorization and access resources in the system directly, for example database records or files1. In this case, the penetration tester could potentially bypass the strict access controls and access the organization's sensitive files. References: IDOR Vulnerability Overview

• Question 375:

  Which of the following tools would be best to use to conceal data in various kinds of image files?

  A. Kismet

  B. Snow

  C. Responder

  D. Metasploit

  Correct Answer: B

  Snow is a tool designed for steganography, which is the practice of concealing messages or information within other non-secret text or data. In this context, Snow is specifically used to hide data within whitespace of text files, which can include the whitespace areas of images saved in formats that support text descriptions or metadata, such as certain PNG or JPEG files. While the other tools listed (Kismet, Responder, Metasploit) are powerful in their respective areas (network sniffing, LLMNR/NBT-NS poisoning, and exploitation framework), they do not offer functionality related to data concealment in image files or steganography.

• Question 376:

  A penetration tester is reviewing the logs of a proxy server and discovers the following URLs: https://test.comptia.com/profile.php?userid=1546 https://test.cpmptia.com/profile.php?userid=5482 https://test.comptia.com/profile.php?userid=3618 Which of the following types of vulnerabilities should be remediated?

  A. Insecure direct object reference

  B. Improper error handling

  C. Race condition

  D. Weak or default configurations

  Correct Answer: A

  Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. In the provided URLs, the userid parameter is directly referenced, which can allow attackers to manipulate these references to access unauthorized data. This vulnerability can lead to unauthorized access to other users' profiles by simply changing the userid parameter value. The other vulnerabilities listed (Improper error handling, Race condition, Weak or default configurations) do not directly relate to the issue demonstrated by the URLs.

• Question 377:

  During an assessment, a penetration tester discovers the following code sample in a web application: "(and(userid=*)(userid=*))(I(userid=*)(userPwd=(SHAl}a9993e364706816aba3e25717850c26 c9cd0d89d==)) Which of the following injections is being performed?

  A. Boolean SQL

  B. Command

  C. Blind SQL

  D. LDAP

  Correct Answer: D

  The code sample provided involves LDAP (Lightweight Directory Access Protocol) query syntax, not SQL or command injection syntax. LDAP injections occur when user-supplied inputs are not properly sanitized before being incorporated into LDAP queries. The given code demonstrates a potential LDAP injection point, where an attacker might manipulate the (userid=*) part to execute unauthorized queries or access unauthorized information within the LDAP directory. Boolean and Blind SQL injections, as well as Command injections, do not apply to LDAP query syntax.

• Question 378:

  A penetration tester is performing an assessment for an organization and must gather valid user credentials. Which of the following attacks would be best for the tester to use to achieve this objective?

  A. Wardriving

  B. Captive portal

  C. Deauthentication

  D. Impersonation

  Correct Answer: D

  Impersonation attacks involve the penetration tester assuming the identity of a valid user to gain unauthorized access to systems or information. This method is particularly effective for gathering valid user credentials, as it can involve tactics such as phishing, social engineering, or exploiting weak authentication processes. The other options, such as Wardriving, Captive portal, and Deauthentication, are more focused on wireless network vulnerabilities and are less direct in obtaining user credentials.

• Question 379:

  Which of the following describes how a penetration tester could prioritize findings in a report?

  A. Business mission and goals

  B. Cyberassets

  C. Network infrastructure

  D. Cyberthreats

  Correct Answer: A

  Prioritizing findings in a penetration test report should align with the business mission and goals. Understanding the business context allows a penetration tester to assess the impact of vulnerabilities in relation to the organization's critical functions and assets. This approach ensures that recommendations are not only technically sound but also relevant and actionable within the business's strategic framework. Options B, C, and D (Cyberassets, Network infrastructure, and Cyberthreats) are important factors but should be considered within the context of how they affect the business's mission and goals.

• Question 380:

  A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

  A. Bluejacking

  B. Bluesnarfing

  C. BLE attack

  D. WPS PIN attack

  Correct Answer: C

  A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles. This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi- Fi Protected Setup, which is unrelated to key fobs and electric vehicles.