Validated CompTIA PT0-002 Samples Online

NEW QUESTION 1
A company has hired a penetration tester to deploy and set up a rogue access point on the network. Which of the following is the BEST tool to use to accomplish this goal?

• A. Wireshark
• B. Aircrack-ng
• C. Kismet
• D. Wifite

Answer: B

NEW QUESTION 2
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

• A. The libraries may be vulnerable
• B. The licensing of software is ambiguous
• C. The libraries’ code bases could be read by anyone
• D. The provenance of code is unknown
• E. The libraries may be unsupported
• F. The libraries may break the application

Answer: AC

NEW QUESTION 3
Which of the following BEST describe the OWASP Top 10? (Choose two.)

• A. The most critical risks of web applications
• B. A list of all the risks of web applications
• C. The risks defined in order of importance
• D. A web-application security standard
• E. A risk-governance and compliance framework
• F. A checklist of Apache vulnerabilities

Answer: AC

NEW QUESTION 4
A penetration tester is attempting to discover live hosts on a subnet quickly. Which of the following commands will perform a ping scan?

• A. nmap -sn 10.12.1.0/24
• B. nmap -sV -A 10.12.1.0/24
• C. nmap -Pn 10.12.1.0/24
• D. nmap -sT -p- 10.12.1.0/24

Answer: A

NEW QUESTION 5
A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.
Which of the following is MOST vulnerable to a brute-force attack?

• A. WPS
• B. WPA2-EAP
• C. WPA-TKIP
• D. WPA2-PSK

Answer: A

NEW QUESTION 6
Which of the following tools provides Python classes for interacting with network protocols?

• A. Responder
• B. Impacket
• C. Empire
• D. PowerSploit

Answer: B

NEW QUESTION 7
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
• The following request was intercepted going to the network device: GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
• Network management interfaces are available on the production network.
• An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

• A. Enforce enhanced password complexity requirements.
• B. Disable or upgrade SSH daemon.
• C. Disable HTTP/301 redirect configuration.
• D. Create an out-of-band network for management.
• E. Implement a better method for authentication.
• F. Eliminate network management and control interfaces.

Answer: CE

NEW QUESTION 8
A penetration tester is reviewing the following SOW prior to engaging with a client:
“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.”
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

• A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
• B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
• C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team
• D. Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address
• E. Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop
• F. Retaining the SOW within the penetration tester’s company for future use so the sales team can planfuture engagements

Answer: CE

NEW QUESTION 9
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

• A. Cross-site request forgery
• B. Server-side request forgery
• C. Remote file inclusion
• D. Local file inclusion

Answer: B

NEW QUESTION 10
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?

• A. Ensure the client has signed the SOW.
• B. Verify the client has granted network access to the hot site.
• C. Determine if the failover environment relies on resources not owned by the client.
• D. Establish communication and escalation procedures with the client.

Answer: A

NEW QUESTION 11
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?

• A. Partially known environment testing
• B. Known environment testing
• C. Unknown environment testing
• D. Physical environment testing

Answer: C

NEW QUESTION 12
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

• A. Scraping social media sites
• B. Using the WHOIS lookup tool
• C. Crawling the client’s website
• D. Phishing company employees
• E. Utilizing DNS lookup tools
• F. Conducting wardriving near the client facility

Answer: BC

NEW QUESTION 13
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

• A. IP addresses and subdomains
• B. Zone transfers
• C. DNS forward and reverse lookups
• D. Internet search engines
• E. Externally facing open ports
• F. Shodan results

Answer: AB

NEW QUESTION 14
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

• A. Test for RFC-defined protocol conformance.
• B. Attempt to brute force authentication to the service.
• C. Perform a reverse DNS query and match to the service banner.
• D. Check for an open relay configuration.

Answer: C

NEW QUESTION 15
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

• A. Enforce mandatory employee vacations
• B. Implement multifactor authentication
• C. Install video surveillance equipment in the office
• D. Encrypt passwords for bank account information

Answer: B

NEW QUESTION 16
......