CompTIA CompTIA Certifications PT0-002 Questions & Answers

• Question 61:

  Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  A. Nessus

  B. Metasploit

  C. Burp Suite

  D. Ethercap

  Correct Answer: B

• Question 62:

  A penetration tester receives the following results from an Nmap scan:

  

  Which of the following OSs is the target MOST likely running?

  A. CentOS

  B. Arch Linux

  C. Windows Server

  D. Ubuntu

  Correct Answer: C

• Question 63:

  A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

  A. The reverse-engineering team may have a history of selling exploits to third parties.

  B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

  C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

  D. The reverse-engineering team will be given access to source code for analysis.

  Correct Answer: A

• Question 64:

  A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

  A. OWASP Top 10

  B. MITRE ATTandCK framework

  C. NIST Cybersecurity Framework

  D. The Diamond Model of Intrusion Analysis

  Correct Answer: B

  The MITRE ATTandCK framework is a methodology that should be used to best meet the client's expectations. The MITRE ATTandCK framework is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are continuously updated based on real-world observations. The framework covers a wide variety of enterprise systems and networks, such as Windows, Linux, macOS, cloud, mobile, and network devices. The framework can help the penetration tester to emulate realistic threats and identify gaps in defenses.

• Question 65:

  A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

  A. Halt the penetration test.

  B. Contact law enforcement.

  C. Deconflict with the penetration tester.

  D. Assume the alert is from the penetration test.

  Correct Answer: C

  Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.

• Question 66:

  A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

  

  Which of the following tools will help the tester prepare an attack for this scenario?

  A. Hydra and crunch

  B. Netcat and cURL

  C. Burp Suite and DIRB

  D. Nmap and OWASP ZAP

  Correct Answer: B

  Netcat and cURL are tools that will help the tester prepare an attack for this scenario, as they can be used to establish a TCP connection, send payloads, and receive responses from the target web server. Netcat is a versatile tool that can create TCP or UDP connections and transfer data between hosts. cURL is a tool that can transfer data using various protocols, such as HTTP, FTP, SMTP, etc. The tester can use these tools to exploit the PHP script that executes shell commands with the value of the "item" variable.

• Question 67:

  An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible?

  A. A list

  B. A tree

  C. A dictionary

  D. An array

  Correct Answer: C

  data structures are used to store data in an organized form, and some data structures are more efficient and suitable for certain operations than others. For example, hash tables, skip lists and jump lists are some dictionary data structures

  that can insert and access elements efficiently3.

  For string comparison, there are different algorithms that can measure how similar two strings are, such as Levenshtein distance, Hamming distance or Jaccard similarity4. Some of these algorithms can be implemented using data structures

  such as arrays or hashtables 5.

• Question 68:

  Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

  A. DirBuster

  B. CeWL

  C. w3af

  D. Patator

  Correct Answer: B

  CeWL, the Custom Word List Generator, is a Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds. Running CeWL against a target

  organization's sites can help generate a custom word list, but you will typically want to add words manually based on your own OSINT gathering efforts.

  https://esgeeks.com/como-utilizar-cewl/

• Question 69:

  Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  A. Executive summary of the penetration-testing methods used

  B. Bill of materials including supplies, subcontracts, and costs incurred during assessment

  C. Quantitative impact assessments given a successful software compromise

  D. Code context for instances of unsafe type-casting operations

  Correct Answer: D

  Code context for instances of unsafe type-casting operations would most likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience, as it would provide relevant and actionable information for the developers to fix the vulnerabilities. Type-casting is the process of converting one data type to another, such as an integer to a string. Unsafe type- casting can lead to errors, crashes, or security issues, such as buffer overflows or code injection.

• Question 70:

  A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?

  A. nmap -sn 10.12.1.0/24

  B. nmap -sV -A 10.12.1.0/24

  C. nmap -Pn 10.12.1.0/24

  D. nmap -sT -p- 10.12.1.0/24

  Correct Answer: A

  Reference: https://www.tecmint.com/find-live-hosts-ip-addresses-on-linux-network/