Get Oct-2022 updated PT0-002 Certification Exam Sample Questions [Q59-Q77]

Get Oct-2022 updated PT0-002 Certification Exam Sample Questions

PT0-002 Study Guide Cover to Cover as Literally

Get to know about the requirements of taking the CompTIA PT0-002 Certification Exam

Those who want to take the CompTIA PT0-002 Certification Exam should have the following knowledge and expertise.

• The candidate should have Network+, Security+ or equivalent knowledge.
• The candidate should have a minimum of 3-4 years of hands-on information security or related experience.

How much is the cost of the CompTIA PT0-002 Certification Exam?

The fee for taking the CompTIA PT0-002 Certification Exam is 381 USD.

How much is the salary of a CompTIA PT0-002 certified professional?

The salary of the CompTIA PT0-002 certified professional is dependent on the experience of the candidate, the type of organization they work for, the skills and qualifications they have, the company, location, and the certification. The average salary of a CompTIA PT0-002 certified professional who prepared himself with the help of the PT0-002 Dumps is as follows:

• In India: 40,000 INR
• In the United States: 65,000 USD
• In the United Kingdom: 59,000 GBP
• In Canada: 50,000 CAD
• In Australia: 55,000 AUD

NEW QUESTION 59
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

• A. Assume the alert is from the penetration test.
• B. Halt the penetration test.
• C. Deconflict with the penetration tester.
• D. Contact law enforcement.

Answer: D

NEW QUESTION 60
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

• A. Performing spear phishing against employees by posing as senior management
• B. Dropping a malicious USB key with the company's logo in the parking lot
• C. Using a brute-force attack against the external perimeter to gain a foothold
• D. Attempting to tailgate an employee going into the client's workplace

Answer: A

NEW QUESTION 61
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

• A. This device is most likely a proxy server forwarding requests over TCP/443.
• B. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
• C. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
• D. This device is most likely a gateway with in-band management services.

Answer: D

Explanation:
The heart bleed bug is an open ssl bug which does not affect SSH Ref: https://www.sos-berlin.com/en/news-heartbleed-bug-does-not-affect-jobscheduler-or-ssh

NEW QUESTION 62
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

• A. Local file inclusion
• B. Remote file inclusion
• C. Server-side request forgery
• D. Cross-site request forgery

Answer: C

NEW QUESTION 63
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

• A. The penetration tester used unsupported flags.
• B. A firewall or IPS blocked the scan.
• C. The edge network device was disconnected.
• D. The scan returned ICMP echo replies.

Answer: B

NEW QUESTION 64
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a "hello" payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

• A. Perform a credentialed scan with Nessus.
• B. Run nmap -Pn -sV -script vuln <IP address>.
• C. Create a script in the Lua language and use it with NSE.
• D. Employ an OpenVAS simple scan against the TCP port of the host.

Answer: C

Explanation:
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. https://nmap.org

NEW QUESTION 65
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

• A. Attempt to brute force authentication to the service.
• B. Perform a reverse DNS query and match to the service banner.
• C. Check for an open relay configuration.
• D. Test for RFC-defined protocol conformance.

Answer: B

NEW QUESTION 66
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

• A. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
• B. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
• C. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
• D. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
• E. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
• F. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

Answer: C,D

NEW QUESTION 67
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

• A. An Nmap scan
• B. Open-source research
• C. Port knocking
• D. A ping sweep
• E. A vulnerability scan
• F. Traffic sniffing

Answer: B,F

NEW QUESTION 68
A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence. Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

• A. Zone transfers
• B. Internet search engines
• C. Shodan results
• D. DNS forward and reverse lookups
• E. Externally facing open ports
• F. IP addresses and subdomains

Answer: A,F

NEW QUESTION 69
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be
valid?

• A. Controllers will not validate the origin of commands.
• B. Supervisory systems will detect a malicious injection of code/commands.
• C. PLCs will not act upon commands injected over the network.
• D. Supervisors and controllers are on a separate virtual network by default.

Answer: A

NEW QUESTION 70
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

• A. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe
• B. crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
• C. wmic startup get caption,command
• D. sudo useradd -ou 0 -g 0 user

Answer: C

NEW QUESTION 71
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

• A. chmod u+x script.sh
• B. chmod o+e script.sh
• C. chmod u+e script.sh
• D. chmod o+x script.sh

Answer: A

NEW QUESTION 72
A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?

• A. Nmap
• B. Wireshark
• C. Metasploit
• D. Netcat

Answer: B

NEW QUESTION 73
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

• A. Exposed RDP
• B. Network device
• C. Public-facing web server
• D. Print queue
• E. Active Directory domain controller
• F. IoT/embedded device

Answer: C,F

Explanation:
https://www.netscout.com/what-is-ddos/slowloris-attacks
From the http-title in the output, this looks like an IoT device with RH implying Relative Humidity, that offers a web-based interface for visualizing the results.

NEW QUESTION 74
A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client's requirements?

• A. "cisco-ios" "default-passwords"
• B. "cisco-ios" "last-modified"
• C. "cisco-ios" "no-password"
• D. "cisco-ios" "admin+1234"

Answer: D

NEW QUESTION 75
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

• A. The rules of engagement from the assessment
• B. Information regarding the business impact if compromised
• C. The executive summary and information regarding the testing company
• D. A quick description of the vulnerability and a high-level control to fix it

Answer: B

NEW QUESTION 76
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
---- Scanning URL: http://10.2.10.13/ ----
+ http://10.2.10.13/about (CODE:200|SIZE:1520)
+ http://10.2.10.13/home.html (CODE:200|SIZE:214)
+ http://10.2.10.13/index.html (CODE:200|SIZE:214)
+ http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 - FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?

• A. about
• B. info
• C. home.html
• D. index.html

Answer: A

NEW QUESTION 77
......

100% Real & Accurate PT0-002 Questions and Answers with Free and Fast Updates: https://www.vcetorrent.com/PT0-002-valid-vce-torrent.html

Get Unlimited Access to PT0-002 Certification Exam Cert Guide: https://drive.google.com/open?id=1YJPQCKgdGRk23A6VAzNHcQbnxBcqQ6JO