CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 401:

  Given the following user-supplied data:

  www.comptia.com/info.php?id=1 AND 1=1

  Which of the following attack techniques is the penetration tester likely implementing?

  A. Boolean-based SQL injection

  B. Time-based SQL injection

  C. Stored cross-site scripting

  D. Reflected cross-site scripting

  Correct Answer: A

  The user-supplied data www.comptia.com/info.php?id=1 AND 1=1 is indicative of a Boolean-based SQL injection attack. In this attack, the attacker manipulates a SQL query by inserting additional SQL logic that will always evaluate to true (in this case, AND 1=1) to gain unauthorized access to database information. This type of attack exploits improper input validation in web applications to manipulate database queries. The other attack techniques listed (Time-based SQL injection, Stored cross-site scripting, Reflected cross- site scripting) involve different methodologies and are not demonstrated by the given user- supplied data.

• Question 402:

  A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

  A. nmap -sU -p 1-1024 10.0.0.15

  B. nmap -p 22,25, 80, 3389 -T2 10.0.0.15 -Pn

  C. nmap -T5 -p 1-65535 -A 10.0.0.15

  D. nmap -T3 -F 10.0.0.15

  Correct Answer: B

  The -T2 flag in Nmap sets the timing template to "polite", which means that Nmap will limit the number of parallel probes to 10 and the scan delay to 0.4 seconds. This will reduce the number of connections per minute and avoid triggering the active response tool. The -Pn flag tells Nmap to skip the host discovery phase and scan the target regardless of its ping response. The other options are not suitable for bypassing the active response tool, as they either scan too many ports (sU, -T5, -F) or use a faster timing template (-T5, -T3) that will generate more connections per minute. References: map Cheat Sheet 2024: All the Commands and Flags - StationX map Commands - 17 Basic Commands for Linux Network - phoenixNAP MAP Flag Guide: What They Are, When to Use Them - CBT Nuggets

• Question 403:

  SIMULATION A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets. INSTRUCTIONS Select the appropriate answer(s), given the output from each section. Output 1

  

  

  

  A. Check the answer in explanation.

  Correct Answer: A