CompTIA PT0-002 Exam Practice Questions (P. 4)
- Full Access (531 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #31
A penetration tester logs in as a user in the cloud environment of a company.
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?
- Aiam_enum_permissionsMost Voted
- Biam_prive_sc_scan
- Ciam_backdoor_assume_role
- Diam_bruteforce_permissions
Correct Answer:
A
A
send
light_mode
delete
Question #32
A company becomes concerned when the security alarms are triggered during a penetration test.
Which of the following should the company do NEXT?
Which of the following should the company do NEXT?
- AHalt the penetration test.
- BConduct an incident response.Most Voted
- CDeconflict with the penetration tester.
- DAssume the alert is from the penetration test.
Correct Answer:
B
B
send
light_mode
delete
Question #33
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?
Which of the following tools or techniques would BEST support additional reconnaissance?
send
light_mode
delete
Question #34
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.
Which of the following was captured by the testing team?
Which of the following was captured by the testing team?
- AMultiple handshakes
- BIP addresses
- CEncrypted file transfers
- DUser hashes sent over SMBMost Voted
Correct Answer:
D
D
send
light_mode
delete
Question #35
A penetration tester conducts an Nmap scan against a target and receives the following results:
Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
- ANessus
- BProxyChainsMost Voted
- COWASP ZAP
- DEmpire
Correct Answer:
B
Reference:
https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports
B
Reference:
https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports
send
light_mode
delete
Question #36
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals.
Which of the following should the tester do NEXT?
Which of the following should the tester do NEXT?
- AReach out to the primary point of contact.Most Voted
- BTry to take down the attackers.
- CCall law enforcement officials immediately.
- DCollect the proper evidence and add to the final report.
Correct Answer:
A
A
send
light_mode
delete
Question #37
A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?
Which of the following tools should the tester utilize to open and read the .pcap file?
send
light_mode
delete
Question #38
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered
Which of the following MOST likely occurred on the second scan?
Nmap returned that all 65,535 ports were filtered
Which of the following MOST likely occurred on the second scan?
- AA firewall or IPS blocked the scan.Most Voted
- BThe penetration tester used unsupported flags.
- CThe edge network device was disconnected.
- DThe scan returned ICMP echo replies.
Correct Answer:
A
A
send
light_mode
delete
Question #39
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
✑ Have a full TCP connection
✑ Send a `hello` payload
✑ Wait for a response
✑ Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?
✑ Have a full TCP connection
✑ Send a `hello` payload
✑ Wait for a response
✑ Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?
- ARun nmap -Pn -sV --script vuln <IP address>.
- BEmploy an OpenVAS simple scan against the TCP port of the host.
- CCreate a script in the Lua language and use it with NSE.Most Voted
- DPerform a credentialed scan with Nessus.
Correct Answer:
D
D
send
light_mode
delete
Question #40
Performing a penetration test against an environment with SCADA devices brings an additional safety risk because the:
- Adevices produce more heat and consume more power.
- Bdevices are obsolete and are no longer available for replacement.
- Cprotocols are more difficult to understand.
- Ddevices may cause physical world effects.Most Voted
Correct Answer:
C
C
send
light_mode
delete
All Pages