PT0-002 PDF Dumps Real 2024 Recently Updated Questions Released CompTIA PT0-002 Updated Questions PDF How much is the cost of the CompTIA PT0-002 Certification Exam? The fee for taking the CompTIA PT0-002 Certification Exam is 381 USD. CompTIA PT0-002 (CompTIA PenTest+ Certification) is a popular certification exam that assesses the skills and knowledge of individuals looking to become penetration [...]

All Products Contact now

PT0-002 PDF Dumps Real 2024 Recently Updated Questions [Q59-Q81]

Share

PT0-002 PDF Dumps Real 2024 Recently Updated Questions

Released CompTIA PT0-002 Updated Questions PDF


How much is the cost of the CompTIA PT0-002 Certification Exam?

The fee for taking the CompTIA PT0-002 Certification Exam is 381 USD.


CompTIA PT0-002 (CompTIA PenTest+ Certification) is a popular certification exam that assesses the skills and knowledge of individuals looking to become penetration testers. CompTIA PenTest+ Certification certification exam is designed to validate the professionals' ability to perform ethical hacking, vulnerability testing, and other security assessments necessary to secure complex and high-value computer systems.


The PT0-002 exam covers five domains: Planning and Scoping, Information Gathering and Vulnerability Identification, Attacks and Exploits, Penetration Testing Tools, and Reporting and Communication. Organizations on the hunt for penetration testers who can think beyond tactics will prefer to employ professionals who possess CompTIA PenTest+ certifications. Moreover, the certification can unlock new career avenues, from small vendors to large corporations.

 

NEW QUESTION # 59
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

Which of the following should the penetration tester do NEXT?

  • A. Close the reverse shell the tester is using.
  • B. Contact the client immediately.
  • C. Investigate the high numbered port connections.
  • D. Note this finding for inclusion in the final report.

Answer: C

Explanation:
The image shows the output of the netstat -antu command, which displays active internet connections for the TCP and UDP protocols. The output shows that there are four established TCP connections and two listening UDP connections on the host. The established TCP connections have high numbered ports as their local addresses, such as 49152, 49153, 49154, and 49155. These ports are in the range of ephemeral ports, which are dynamically assigned by the operating system for temporary use by applications or processes. The foreign addresses of these connections are also high numbered ports, such as 4433, 4434, 4435, and 4436. These ports are not well-known or registered ports for any common service or protocol. The combination of high numbered ports for both local and foreign addresses suggests that these connections are suspicious and may indicate a backdoor or a covert channel on the host. Therefore, the penetration tester should investigate these connections next to determine their nature and purpose. The other options are not appropriate actions for the penetration tester at this stage.


NEW QUESTION # 60
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection.
The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?

  • A. ..nmap -sX -sC target.company.com
  • B. ..nmap -sU -sV -T4 -F target.company.com
  • C. ..nmap -sS -sV -F target.company.com
  • D. ..nmap -sT -v -T5 target.company.com

Answer: C

Explanation:
Explanation
The Nmap command that the tester should use to scan for ports without establishing a connection and to find version data information for services running on open ports is nmap -sS -sV -F target.company.com. This command has the following options:
-sS performs a TCP SYN scan, which is a scan technique that sends TCP packets with the SYN flag set to the target ports and analyzes the responses. A TCP SYN scan does not establish a full TCP connection, as it only completes the first step of the three-way handshake. A TCP SYN scan can stealthily scan for open ports without alerting the target system or application.
-sV performs version detection, which is a feature that probes open ports to determine the service and version information of the applications running on them. Version detection can provide useful information for identifying vulnerabilities or exploits that affect specific versions of services or applications.
-F performs a fast scan, which is a scan option that only scans the 100 most common ports according to the nmap-services file. A fast scan can speed up the scan process by avoiding scanning less likely or less interesting ports.
target.company.com specifies the domain name of the target system or network to be scanned.
The other options are not valid Nmap commands that meet the requirements of the question. Option A performs a UDP scan (-sU), which is a scan technique that sends UDP packets to the target ports and analyzes the responses. A UDP scan can scan for open ports that use UDP protocol, such as DNS, SNMP, or DHCP.
However, a UDP scan does establish a connection with the target system or application, unlike a TCP SYN scan. Option C performs a TCP connect scan (-sT), which is a scan technique that sends TCP packets with the SYN flag set to the target ports and completes the three-way handshake with an ACK packet if a SYN/ACK packet is received. A TCP connect scan can scan for open ports that use TCP protocol, such as HTTP, FTP, or SSH. However, a TCP connect scan does establish a full TCP connection with the target system or application, unlike a TCP SYN scan. Option D performs an Xmas scan (-sX), which is a scan technique that sends TCP packets with the FIN, PSH, and URG flags set to the target ports and analyzes the responses. An Xmas scan can stealthily scan for open ports without alerting the target system or application, similar to a TCP SYN scan.
However, option D does not perform version detection (-sV), which is one of the requirements of the question.


NEW QUESTION # 61
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?

  • A. OWASP Top 10
  • B. The Diamond Model of Intrusion Analysis
  • C. NIST Cybersecurity Framework
  • D. MITRE ATT&CK framework

Answer: D

Explanation:
Explanation
The MITRE ATT&CK framework is a methodology that should be used to best meet the client's expectations.
The MITRE ATT&CK framework is a knowledge base of adversary tactics, techniques, and procedures (TTPs) that are continuously updated based on real-world observations. The framework covers a wide variety of enterprise systems and networks, such as Windows, Linux, macOS, cloud, mobile, and network devices.
The framework can help the penetration tester to emulate realistic threats and identify gaps in defenses.


NEW QUESTION # 62
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

  • A. CeWL
  • B. Patator
  • C. DirBuster
  • D. w3af

Answer: A

Explanation:
Explanation
CeWL, the Custom Word List Generator, is a Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds. Running CeWL against a target organization's sites can help generate a custom word list, but you will typically want to add words manually based on your own OSINT gathering efforts.
https://esgeeks.com/como-utilizar-cewl/


NEW QUESTION # 63
Which of the following is a rules engine for managing public cloud accounts and resources?

  • A. Cloud Custodian
  • B. Pacu
  • C. Cloud Brute
  • D. Scout Suite

Answer: A

Explanation:
Explanation
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.
Cloud Custodian is a tool that can be used to manage public cloud accounts and resources. Cloud Custodian can define policies and rules for cloud resources based on various criteria, such as tags, filters, actions, modes, or schedules. Cloud Custodian can enforce compliance, governance, security, cost optimization, and operational efficiency for cloud resources. Cloud Custodian supports multiple public cloud providers, such as AWS, Azure, GCP, and Kubernetes. Cloud Brute is a tool that can be used to enumerate cloud platforms and discover hidden files and buckets. Pacu is a tool that can be used to exploit AWS environments and perform post-exploitation actions. Scout Suite is a tool that can be used to audit cloud environments and identify security issues.


NEW QUESTION # 64
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

  • A. This device is most likely a proxy server forwarding requests over TCP/443.
  • B. This device is most likely a gateway with in-band management services.
  • C. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
  • D. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

Answer: D


NEW QUESTION # 65
The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?

  • A. An Nmap scan
  • B. A WHOIS lookup
  • C. A packet capture
  • D. A vulnerability scan

Answer: D

Explanation:
Explanation
A vulnerability scan is a type of penetration testing tool that is used to scan a network for vulnerabilities. A vulnerability scan can detect misconfigurations, missing patches, and other security issues that could be exploited by attackers. In this case, the output shows that 100 hosts had findings due to improper patch management, which means that the tester performed a vulnerability scan.


NEW QUESTION # 66
Penetration tester has discovered an unknown Linux 64-bit executable binary. Which of the following tools would be BEST to use to analyze this issue?

  • A. OllyDbg
  • B. GDB
  • C. WinDbg
  • D. Peach

Answer: B

Explanation:
OLLYDBG, WinDBG, and IDA are all debugging tools that support Windows environments. GDB is a Linux-specific debugging tool.


NEW QUESTION # 67
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

  • A. Weekly
  • B. Monthly
  • C. Quarterly
  • D. Annually

Answer: C

Explanation:
https://www.pcicomplianceguide.org/faq/#25
PCI DSS requires quarterly vulnerability/penetration tests, not weekly.


NEW QUESTION # 68
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

  • A. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
  • B. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
  • C. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan
  • D. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan

Answer: D


NEW QUESTION # 69
During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

Which of the following vulnerabilities was the attacker trying to exploit?

  • A. ..Insecure direct object reference
  • B. ..Session hijacking
  • C. ..URL manipulation
  • D. ..SQL injection

Answer: D

Explanation:
Explanation
The vulnerability that the attacker was trying to exploit is SQL injection, which is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can allow an attacker to perform various actions on the database, such as reading, modifying, deleting, or creating data, or executing commands on the underlying OS. The log shows that the attacker was sending thousands of requests to the same URL with different parameters, such as id=1' OR
1=1;-, id=1' AND 1=2;-, or id=1' UNION SELECT * FROM users;-. These parameters are examples of SQL injection payloads, which are crafted SQL statements that are designed to manipulate or bypass the intended SQL query. For example, id=1' OR 1=1;-- is a payload that terminates the original query with a single quote and a semicolon, appends an OR condition that is always true (1=1), and comments out the rest of the query with two dashes (-). This payload can cause the web application to return all records from the database table instead of just one record with id=1. The other options are not vulnerabilities that match the log entries.
Session hijacking is a type of attack that exploits a vulnerability in a web application that allows an attacker to take over an active session of another user by stealing or guessing their session identifier or cookie. URL manipulation is a type of attack that exploits a vulnerability in a web application that allows an attacker to modify parameters or values in the URL to access unauthorized resources or functions. Insecure direct object reference is a type of attack that exploits a vulnerability in a web application that allows an attacker to access objects or resources directly by modifying their identifiers or references in the URL or request.


NEW QUESTION # 70
A penetration tester executes the following Nmap command and obtains the following output:

Which of the following commands would best help the penetration tester discover an exploitable service?
A)

B)

C)

D)

  • A. nmap -v -p 25 -- soript smtp-enum-users remotehost
  • B. nmap -p 3306 -- script "http*vuln*" remotehost
  • C. nmap -v -- script=mysql-info.nse remotehost
  • D. nmap --ocript=omb-brute.noe remotehoat

Answer: C

Explanation:
The Nmap command in the question scans all ports on the remote host and identifies the services and versions running on them. The output shows that port 3306 is open and running MariaDB, which is a fork of MySQL.
Therefore, the best command to discover an exploitable service would be to use the mysql-info.nse script, which gathers information about the MySQL server, such as the version, user accounts, databases, and configuration variables. The other commands are either misspelled, irrelevant, or too broad for the task. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam


NEW QUESTION # 71
Given the following output:
User-agent:*
Disallow: /author/
Disallow: /xmlrpc.php
Disallow: /wp-admin
Disallow: /page/
During which of the following activities was this output MOST likely obtained?

  • A. Website scraping
  • B. URL enumeration
  • C. Website cloning
  • D. Domain enumeration

Answer: B

Explanation:
URL enumeration is the activity of discovering and mapping the URLs of a website, such as directories, files, parameters, or subdomains. URL enumeration can help to identify the structure, content, and functionality of a website, as well as potential vulnerabilities or misconfigurations. One of the methods of URL enumeration is to analyze the robots.txt file of a website, which is a text file that tells search engine crawlers which URLs the crawler can or can't request from the site1. The output shown in the question is an example of a robots.txt file that disallows crawling of certain URLs, such as /author/, /xmlrpc.php, /wp-admin, or /page/.


NEW QUESTION # 72
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.
Which of the following methods will MOST likely work?

  • A. Attempt to escalate privileges on the mail server to gain root access.
  • B. Move laterally from the mail server to the domain controller.
  • C. Try to obtain the private key used for S/MIME from the CEO's account.
  • D. Send an email from the CEO's account, requesting a new account.

Answer: A


NEW QUESTION # 73
Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

  • A. Methodology
  • B. Metrics and measures
  • C. Remediation
  • D. Executive summary

Answer: C

Explanation:
The most important information to have on a penetration testing report that is written for the developers is remediation. Remediation is the process of fixing or mitigating the vulnerabilities or issues that were discovered during the penetration testing. Remediation should include specific recommendations, best practices, and resources to help the developers improve the security of their applications4.


NEW QUESTION # 74
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

  • A. Perform jamming on all 2.4GHz and 5GHz channels.
  • B. Modify the malicious AP configuration to not use a pre-shared key.
  • C. Set the malicious AP to broadcast within dynamic frequency selection channels.
  • D. Send deauthentication frames to the stations.

Answer: D

Explanation:
https://steemit.com/informatica/@jordiurbina1/tutorial-hacking-wi-fi-wireless-networks-with-wifislax
The penetration tester should send deauthentication frames to the stations to force them to disconnect from their current access point and reconnect to another one, which may be the malicious AP deployed by the tester. Deauthentication frames are part of the 802.11 protocol and are used to terminate an existing wireless association between a station and an access point. However, they can also be spoofed by an attacker to disrupt or hijack wireless connections. The other options are not effective or relevant for this purpose. Performing jamming on all 2.4GHz and 5GHz channels would interfere with all wireless signals in the area, which may cause unwanted attention or legal issues. Setting the malicious AP to broadcast within dynamic frequency selection channels would not help, as these channels are used to avoid interference with radar systems and are not commonly used by wireless stations or access points. Modifying the malicious AP configuration to not use a pre-shared key would not help, as it would make it less likely for wireless stations to connect to it if they are configured to use encryption.


NEW QUESTION # 75
A penetration tester runs the following command:
l.comptia.local axfr comptia.local
which of the following types of information would be provided?

  • A. The hostnames and IP addresses of internal systems
  • B. The DHCP scopes and ranges used on the network
  • C. The DNSSEC certificate and CA
  • D. The OS and version of the DNS server

Answer: A

Explanation:
The command dig @ns1.comptia.local axfr comptia.local is a command that performs a DNS zone transfer, which is a process of copying the entire DNS database or zone file from a primary DNS server to a secondary DNS server. A DNS zone file contains records that map domain names to IP addresses and other information, such as mail servers, name servers, or aliases. A DNS zone transfer can provide useful information for enumeration, such as the hostnames and IP addresses of internal systems, which can help identify potential targets or vulnerabilities. A DNS zone transfer can be performed by using tools such as dig, which is a tool that can query DNS servers and obtain information about domain names, such as IP addresses, mail servers, name servers, or other records1. The other options are not types of information that would be provided by a DNS zone transfer. The DNSSEC certificate and CA are not part of the DNS zone file, but rather part of the DNSSEC protocol, which is an extension of the DNS protocol that provides authentication and integrity for DNS data. The DHCP scopes and ranges used on the network are not part of the DNS zone file, but rather part of the DHCP protocol, which is a protocol that assigns dynamic IP addresses and other configuration parameters to devices on a network. The OS and version of the DNS server are not part of the DNS zone file, but rather part of the OS fingerprinting technique, which is a technique that identifies the OS and version of a remote system by analyzing its responses to network probes.


NEW QUESTION # 76
Given the following script:

Which of the following BEST characterizes the function performed by lines 5 and 6?

  • A. Performs a single DNS query for www.comptia.org and prints the raw data output
  • B. Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
  • C. Loops through variable b to count the results returned for the DNS query and prints that count to screen
  • D. Prints each DNS query result already stored in variable b

Answer: D

Explanation:
Explanation
The script is using the scapy library to perform a DNS query for www.comptia.org and store the response in variable b. Lines 5 and 6 are using a for loop to iterate over each answer in variable b and print its summary to the screen. This can help the penetration tester to view the DNS records returned by the query.


NEW QUESTION # 77
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

  • A. Searching for code repositories associated with a developer who previously worked for the target company
  • B. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the
  • C. Searching for code repositories associated with the target company's organization
  • D. Searching for code repositories target company's organization

Answer: D

Explanation:
Explanation
Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company.
Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.


NEW QUESTION # 78
A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

  • A. Fuzzer
  • B. Snort
  • C. tcpdump
  • D. Nmap
  • E. Netstat

Answer: D


NEW QUESTION # 79
An assessor wants to use Nmap to help map out a stateful firewall rule set. Which of the following scans will the assessor MOST likely run?

  • A. nmap oG 192.168.0.1/24
  • B. nmap 192.168.0.1/24
  • C. nmap 192.168.0.1/24
  • D. nmap 192.168.0.1/24

Answer: D


NEW QUESTION # 80
Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?

  • A. Scraping social media for personal details
  • B. Registering domain names that are similar to the target company's
  • C. Crawling the company's website for company information
  • D. Identifying technical contacts at the company

Answer: A


NEW QUESTION # 81
......

PT0-002 Dumps and Practice Test (360 Exam Questions): https://freetorrent.braindumpsvce.com/PT0-002_exam-dumps-torrent.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam