CompTIA PT0-002 Exam Practice Questions (P. 2)

GPT-4o - Answer

SET, or Social Engineering Toolkit, is the most appropriate choice for assessing the security awareness of employees. It facilitates the simulation of various real-world social engineering attacks, providing a practical evaluation of how employees respond to potential security threats. This allows the penetration tester to effectively measure and enhance an organization's overall security awareness.

GPT-4o - Answer

The predominant vulnerability in IoT devices directly connected to the internet is indeed the existence of default passwords. These standard default credentials are widely known and can easily be exploited, making them a significant vulnerability. Unsupported operating systems, while certainly a risk, do not pose as immediate a threat as default passwords, which are a direct pathway for attackers to gain unauthorized access. Always ensure to prioritize addressing devices with default passwords during security assessments.

GPT-4o - Answer

The correct rationale behind a penetration tester using the command `sdelete mimikatz.*` on a compromised Windows server is to securely remove all traces of the Mimikatz tool, which is often used to extract sensitive credentials. By doing so, the tester ensures that these powerful tools do not fall into the wrong hands post-assessment, maintaining operational security and preventing potential misuse. Thus, option C "To remove tools from the server" better encapsulates the intention of this action, rather than option B.

GPT-4o - Answer

The correct option, C, uses the -PS flag which initiates a TCP SYN scan specifically targeting ports 22, 25, and 80. This approach is efficient for identifying active TCP services and can highlight ports with potential vulnerabilities, making them interesting for attackers. The use of -PS offers a good balance of speed and stealth, which is ideal during the reconnaissance phase of penetration testing. This method directly stimulates the kind of traffic used by potential attackers exploring for open TCP ports.

GPT-4o - Answer

In the scenario described, the key issue clearly revolves around communication or the lack thereof. The SOC's decision to sinkhole the penetration tester's IP address highlights a lapse in notifying and coordinating with all relevant teams about the authorized penetration test. Effective communication and proper planning are fundamental to ensure that all defensive measures like sinkholing are appropriately calibrated during such assessments, avoiding unnecessary blocks and allowing the test to proceed smoothly.

GPT-4o - Answer

The penetration tester's decision to employ WPScan and SQLmap is primarily driven by a strategy to minimize the invasiveness of the testing. These tools are specialized; WPScan is used specifically for identifying vulnerabilities in WordPress sites, and SQLmap targets SQL injection vulnerabilities. This approach shows a focus on targeted, rather than comprehensive, vulnerability assessment, which aligns with the scope defined for the penetration testing engagement. Thus, the tester is acting to maintain a focused and less invasive testing strategy as per the predefined scope.

GPT-4o - Answer

The correct choice is indeed the Web archive. Websites like the Wayback Machine retain historical snapshots of websites as they appeared at various dates. Given that the phone catalog was on the company's website a few months ago, the first and most logical step for a penetration tester seeking this information would be checking these archives. This approach is likely to yield quick and detailed results about previous publications on the site, including the phone catalog. Other options like GitHub and underground forums wouldn't provide such specific past data about the website.

GPT-4o - Answer

Using the nmap tool with the --script vulners option is indeed the most effective method for identifying CVEs that can be exploited to gain execution on a Linux server with SSHD running. This script taps into Vulners, a comprehensive database that offers automated checks for numerous CVEs from various sources. It provides a targeted approach to finding precise security flaws on the host machine, exactly catering to the needs highlighted in the penetration testing scenario you are dealing with. This method directly aligns with the goal of finding actionable vulnerabilities rather than just obtaining service or operating system details.