CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 381:

  A penetration tester is looking for a particular type of service and obtains the output below:

  I Target is synchronized with 127.127.38.0 (reference clock) I Alternative Target Interfaces:

  I 10.17.4.20

  I Private Servers (0)

  I Public Servers (0)

  I Private Peers (0)

  I Public Peers (0)

  I Private Clients (2)

  I 10.20.8.69 169.254.138.63

  I Public Clients (597)

  I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152

  I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118

  I 68.56.205.98

  I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2

  I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682

  I Other Associations (1)

  |_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7

  Which of the following commands was executed by the tester?

  A. nmap-sU-pU:517-Pn-n--script=supermicro-ipmi-config

  B. nmap-sU-pU:123-Pn-n--script=ntp-monlist

  C. nmap-sU-pU:161-Pn-n--script

  D. nmap-sU-pU:37 -Pn -n --script=icap-info

  Correct Answer: B

  The output provided indicates the use of the NTP protocol (Network Time Protocol) for querying a target system. The reference to "Public Clients" and the specific IP addresses listed, along with the mention of "Other Associations" and the use of NTP version 2, points towards the execution of an NTP monlist request. The monlist feature in NTP servers can be used to obtain a list of the last 600 hosts that have interacted with the NTP server. The command nmap -sU -pU:123 -Pn -n --script=ntp-monlist specifically targets NTP servers on UDP port 123 to retrieve this information, making it the correct choice based on the output shown.

• Question 382:

  During an assessment, a penetration tester emailed the following Python script to CompTIA's employees:

  import pyHook, sys, logging, pythoncom, datetime

  log_file='C:\\Windows\\Temp\\log_comptia.txt' def KbrdEvent(event):

  logging.basicConfig(filename=log_file,level=logging.DEBUG, format='%(messages)s') chr(event.Ascii)

  logging.log(10, chr(event.Ascii))

  return True

  hooks_manager = pyHook.HookManager()

  hooks_manager.KeyDown = KbrdEvent

  hooks_manager.HookKeyboard()

  pythoncom.PumpMessages()

  Which of the following is the intended effect of this script?

  A. Debugging an exploit

  B. Keylogging

  C. Collecting logs

  D. Scheduling tasks

  Correct Answer: B

  The provided Python script is designed to function as a keylogger, which is a type of surveillance software that has the capability to record every keystroke made on a computer. The script uses the pyHook library to hook into and monitor all keyboard events. When a key is pressed, the KbrdEvent function is triggered, which logs the ASCII value of the pressed key to a file named log_comptia.txt located in C:\\Windows\\Temp. The script is configured to continuously monitor keyboard events and log them, making its intended effect keylogging, rather than debugging an exploit, collecting logs in a general sense, or scheduling tasks.

• Question 383:

  A penetration tester is conducting a test after hours and notices a critical system was taken down. Which of the following contacts should be notified first?

  A. Secondary

  B. Emergency

  C. Technical

  D. Primary

  Correct Answer: B

• Question 384:

  Which of the following elements of a penetration testing report aims to provide a normalized and standardized representation of discovered vulnerabilities and the overall threat they present to an affected system or network?

  A. Executive summary

  B. Vulnerability severity rating

  C. Recommendations of mitigation

  D. Methodology

  Correct Answer: B

  The vulnerability severity rating element of a penetration testing report provides a normalized and standardized representation of discovered vulnerabilities and their threat levels. It typically involves assigning a numerical or categorical score (such as low, medium, high, critical) to each vulnerability based on factors like exploitability, impact, and the context in which the vulnerability exists. This helps in prioritizing the vulnerabilities for remediation and provides a clear understanding of the risk they pose to the system or network.

• Question 385:

  A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leaves them unavailable for both legitimate users and further testing. Which of the following best describes this concept?

  A. Retesting

  B. De-escalation

  C. Remediation

  D. Collision detection

  Correct Answer: C

  Communicating with the client point of contact during a penetration test, especially when a testing component crashes a system or service, is crucial for remediation. Remediation involves the process of correcting or mitigating vulnerabilities that have been identified during the test. In the context of a system or service becoming unavailable, it's essential to promptly address and resolve the issue to restore availability and ensure the continuity of legitimate business operations. This communication ensures that the client is aware of the incident and can work together with the penetration tester to implement corrective actions, thereby minimizing the impact on the business and further testing activities.

• Question 386:

  A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

  A. To maintain confidentiality of data/information

  B. To avoid disclosure of how the hashes were obtained

  C. To make the hashes appear shorter and easier to crack

  D. To prevent analysis based on the type of hash

  Correct Answer: A

  When a penetration tester captures screen images that include hashes from a domain controller, obscuring parts of these images before saving is crucial to maintain the confidentiality of sensitive data. Hashes can be considered sensitive information as they represent a form of digital identity for users within an organization. Revealing these hashes in full could lead to unauthorized access if the hashes were to be cracked or otherwise misused by malicious actors. By partially obscuring the images, the penetration tester ensures that the data remains confidential and reduces the risk of compromising user accounts and the integrity of the organization's security posture.

• Question 387:

  During a security assessment, a penetration tester decides to implement a simple TCP port scanner to check the open ports from 1000 to 2000. Which of the following Python scripts would achieve this task?

  A. fori in range(1000, 2001): s = socket(AF_INET, SOCK_STREAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(fPort {i} OPEN')

  B. close ()

  C. fori in range(1001, 2000): s = socket(AF_INET, SOCK_STREAM) conn =

  D. connect--ex((host_IP, i)) if (conn == 0): print (f'Port {i} OPEN') s.close ()

  E. fori in range(1000, 2001): s = socket(AF--INET, SOCK_DGRAM) conn =

  F. connect--ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close ()

  G. fori in range (1000, 2000): s = socket(SOCK_STREAM, AF_INET) conn =

  H. connect--ex((host--IP, i)) if (conn == 0): print (f'Port {i} OPEN') s.close()

  Correct Answer: A

  The correct Python script for implementing a simple TCP port scanner that checks for open ports from 1000 to 2000 is option A. This script uses a for loop to iterate through the range of ports, creates a socket object for each port using the socket.AF_INET address family (indicating IPv4) and socket.SOCK_STREAM socket type (indicating TCP), and attempts to connect to each port. If the connection attempt (connect_ex) returns 0, it indicates the port is open, and the script prints a message stating that the port is open before closing the socket. The other options contain syntax errors, use incorrect socket types, or have incorrect ranges that do not fully cover the specified ports.

• Question 388:

  A penetration tester is preparing a credential stuffing attack against a company's website. Which of the following can be used to passively get the most relevant information?

  A. Shodan

  B. BeEF

  C. HavelBeenPwned

  D. Maltego

  Correct Answer: C

  HaveIBeenPwned is a website that allows users to check if their personal data has been compromised by data breaches. For a penetration tester preparing a credential stuffing attack, HaveIBeenPwned can provide valuable information about which accounts and passwords have been exposed, making them more likely targets for successful credential stuffing. This passive information gathering tool can help in identifying the most relevant credentials without actively probing the target's systems. The other tools listed (Shodan, BeEF, Maltego) serve different purposes, such as device and service enumeration, client-side exploitation, and information gathering through different means, respectively.

• Question 389:

  A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

  A. Add thepasswords to an appendix in the penetration test report.

  B. Do nothing. Using passwords from breached data is unethical.

  C. Contactthe client and inform them of the breach.

  D. Use thepasswords in a credential stuffing attack when the external penetration test begins.

  Correct Answer: C

  Upon discovering passwords in a publicly available data breach during the reconnaissance phase, the most ethical and constructive action for the penetration tester is to contact the client and inform them of the breach. This approach allows the client to take necessary actions to mitigate any potential risks, such as forcing password resets or enhancing their security measures. Adding the passwords to a report appendix (option A) without context or action could be seen as irresponsible, while doing nothing (option B) neglects the tester's duty to inform the client of potential threats. Using the passwords in a credential stuffing attack (option D) without explicit permission as part of an agreed testing scope would be unethical and potentially illegal.

• Question 390:

  A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?

  A. Compare PI I from data leaks to publicly exposed user profiles.

  B. Target the user profile page with a denial-of-service attack.

  C. Target the user profile page with a reflected XSS attack.

  D. Compare the API response fields to GUI fields looking for PH.

  Correct Answer: D

  When additional data is returned in the API response that is not displayed in the web user interface, it indicates that there might be sensitive data being transmitted that is not intended for user display. By comparing the fields returned in the API response to those that are visible in the GUI, a penetration tester can identify any Personally Identifiable Information (PII) or other sensitive data that might be exposed unintentionally. This method is direct and does not involve attacking the system but rather analyzing the data being transmitted. The other options do not directly address the identification of sensitive data in API responses.