CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 41:

  CORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated.

  

  

  Correct Answer: Answer: See explanation below.

  1: Null session enumeration

  Weak SMB file permissions

  Fragmentation attack

  2: nmap

  -sV

  -p 1-1023

  192.168.2.2

  3: #!/usr/bin/python

  export $PORTS = 21,22

  for $PORT in $PORTS:

  try:

  s.connect((ip, port))

  print("%s:%s ?OPEN" % (ip, port))

  except socket.timeout

  print("%:%s ?TIMEOUT" % (ip, port))

  except socket.error as e:

  print("%:%s ?CLOSED" % (ip, port))

  finally

  s.close()

  port_scan(sys.argv[1], ports)

• Question 42:

  DRAG DROP

  A technician is reviewing the following report. Given this information, identify which vulnerability can be definitively confirmed to be a false positive by dragging the “false positive” token to the “Confirmed” column for each vulnerability that is a false positive.

  Select and Place:

  

  Correct Answer:

  

• Question 43:

  DRAG DROP

  Instructions:

  Analyze the code segments to determine which sections are needed to complete a port scanning script. Drag the appropriate elements into the correct locations to complete the script.

  If at any time you would like to bring back the initial state of the simulation, please click the reset all button.

  During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

  Select and Place:

  

  Correct Answer:

  

• Question 44:

  Place each of the following passwords in order of complexity from least complex (1) to most complex (4), based on the character sets represented Each password may be used only once.

  Select and Place:

  

  Correct Answer:

  

• Question 45:

  A manager calls upon a tester to assist with diagnosing an issue within the following:

  Python script: #!/usr/bin/python s = “Administrator”

  The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all.

  Select and Place:

  

  Correct Answer:

  

• Question 46:

  SIMULATION

  You are a penetration tester running port scans on a server.

  INSTRUCTIONS

  Part 1: Given the output, construct the command that was used to generate this output from the available options.

  Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A.

  Correct Answer: See explanation below.

• Question 47:

  DRAG DROP

  You are a penetration tester reviewing a client's website through a web browser.

  INSTRUCTIONS

  Review all components of the website through the browser to determine if vulnerabilities are present.

  Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Select and Place:

  

  Correct Answer:

  

• Question 48:

  HOTSPOT

  You are a security analyst tasked with hardening a web server.

  You have been given a list of HTTP payloads that were flagged as malicious.

  INSTRUCTIONS

  Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Hot Area:

  

  Correct Answer:

  

• Question 49:

  A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

  

  Which of the following is the most likely explanation for the output?

  A. The tester does not have credentials to access the server-status page.

  B. The admin directory cannot be fuzzed because it is forbidden.

  C. The admin, test, and db directories redirect to the log-in page.

  D. The robots.txt file has six entries in it.

  Correct Answer: C

  The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server.

• Question 50:

  Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  A. Buffer overflows

  B. Cross-site scripting

  C. Race-condition attacks

  D. Zero-day attacks

  E. Injection flaws

  F. Ransomware attacks

  Correct Answer: BE

  A01-Injection A02-Broken Authentication A03-Sensitive Data Exposure A04-XXE A05-Broken Access Control A06-Security Misconfiguration A07-XSS A08-Insecure Deserialization A09-Using Components with Known Vulnerabilities A10-Insufficient Logging and Monitoring

  Reference: https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf

  Cross-site scripting (XSS) and injection flaws are two of the web-application security risks that are part of the OWASP Top 10 v2017 list. XSS is a type of attack that injects malicious scripts into web pages or applications that are viewed by other users, resulting in compromised sessions, stolen cookies, or redirected browsers. Injection flaws are a type of attack that exploits a vulnerability in an application's data input or output, such as SQL injection, command injection, or LDAP injection, resulting in unauthorized access, data loss, or remote code execution. The other options are not part of the OWASP Top 10 v2017 list.