• Home
  • Blogs
  • Give You Free Regular Updates on PT0-002 Exam Questions Jun 21, 2024 [Q107-Q132]

Give You Free Regular Updates on PT0-002 Exam Questions Jun 21, 2024 [Q107-Q132]

Share

Give You Free Regular Updates on PT0-002 Exam Questions Jun 21, 2024

Achieve the PT0-002 Exam Best Results with Help from CompTIA Certified Experts


Obtaining the CompTIA PenTest+ certification (PT0-002) demonstrates a candidate's expertise in assessing potential security risks in any organization. It helps to boost the career prospects of the candidate as the certification is globally recognized, and it gives the candidates' confidence to offer ethical hacking services to any organization. Additionally, the certification can help candidates earn a higher salary as salaries for cybersecurity professionals have been steadily increasing due to the high demand in the industry.

 

NEW QUESTION # 107
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

  • A. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
  • B. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
  • C. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
  • D. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  • E. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
  • F. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

Answer: B,F

Explanation:
These two behaviors would be considered unethical because they violate the principles of honesty, integrity, and confidentiality that penetration testers should adhere to. Failing to share critical vulnerabilities with the client would be dishonest and unprofessional, as it would compromise the quality and value of the assessment and potentially expose the client to greater risks. Seeking help in underground hacker forums by sharing the client's public IP address would be a breach of confidentiality and trust, as it would expose the client's identity and information to malicious actors who may exploit them.


NEW QUESTION # 108
Appending string values onto another string is called:

  • A. concatenation
  • B. compilation
  • C. conjunction
  • D. connection

Answer: A

Explanation:
Concatenation is the term used to describe the process of appending string values onto another string. In Python, concatenation can be done using the + operator, such as "Hello" + "World" = "HelloWorld"4.
Reference: https://docs.microsoft.com/en-us/dotnet/csharp/how-to/concatenate-multiple-strings


NEW QUESTION # 109
During an assessment, a penetration tester emailed the following Python script to CompTIA's employees:
import pyHook, sys, logging, pythoncom, datetime
log_file='C:\\Windows\\Temp\\log_comptia.txt' def KbrdEvent(event):
logging.basicConfig(filename=log_file,level=logging.DEBUG, format='%(messages)s') chr(event.Ascii) logging.log(10, chr(event.Ascii)) return True hooks_manager = pyHook.HookManager() hooks_manager.KeyDown = KbrdEvent hooks_manager.HookKeyboard() pythoncom.PumpMessages() Which of the following is the intended effect of this script?

  • A. Keylogging
  • B. Collecting logs
  • C. Debugging an exploit
  • D. Scheduling tasks

Answer: A

Explanation:
The provided Python script is designed to function as a keylogger, which is a type of surveillance software that has the capability to record every keystroke made on a computer. The script uses the pyHook library to hook into and monitor all keyboard events. When a key is pressed, the KbrdEvent function is triggered, which logs the ASCII value of the pressed key to a file named log_comptia.txt located in C:\\Windows\\Temp. The script is configured to continuously monitor keyboard events and log them, making its intended effect keylogging, rather than debugging an exploit, collecting logs in a general sense, or scheduling tasks.


NEW QUESTION # 110
During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.

Which of the following vulnerabilities was the attacker trying to exploit?

  • A. ..Insecure direct object reference
  • B. ..URL manipulation
  • C. ..SQL injection
  • D. ..Session hijacking

Answer: A

Explanation:
The attacker is sequentially changing the serviceID parameter in the URL, likely in an attempt to access objects that they are not authorized to see. This is indicative of an attempt to exploit an Insecure Direct Object Reference (IDOR) vulnerability, where unauthorized access to objects can occur by manipulating input or changing parameters in the URL.
An insecure direct object reference (IDOR) vulnerability occurs when an application exposes a reference to an internal object, such as a file, directory, database record, or key, without any proper authorization or validation mechanism. This allows an attacker to manipulate the reference and access other objects that they are not authorized to access. In this case, the attacker was trying to exploit the IDOR vulnerability in the servicestatus.php script, which accepts a serviceID parameter that directly references a service object. By changing the value of the serviceID parameter, the attacker could access different services that they were not supposed to see. References: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.2: Insecure Direct Object References; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack.


NEW QUESTION # 111
A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.
Which of the following attack types is MOST concerning to the company?

  • A. Side channel
  • B. Cybersquatting
  • C. Session riding
  • D. Data flooding

Answer: C


NEW QUESTION # 112
A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

  • A. Deconfliction
  • B. Situational awareness
  • C. DDoS defense
  • D. Rescheduling

Answer: A

Explanation:
Explanation
https://redteam.guide/docs/definitions/


NEW QUESTION # 113
The following PowerShell snippet was extracted from a log of an attacker machine:

A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?

  • A. Line 20
  • B. Line 8
  • C. Line 19
  • D. Line 13

Answer: B

Explanation:
$X=2,4,6,8,9,20,5
$y=[System.Collections.ArrayList]$X
$y.RemoveRange(1,2) As you can see the arrat has no brackets and no periods. IT HAS SEMICOLLINS TO SEPERATE THE LISTED ITEMS OR VALUES.


NEW QUESTION # 114
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the MOST likely reason for the error?

  • A. The application has the API certificate pinned.
  • B. The API server is using SSL instead of TLS
  • C. The tester is using an outdated version of the application
  • D. TCP port 443 is not open on the firewall

Answer: A

Explanation:
This is the most likely reason for the error because the application is unable to validate the certificate issued by the tester's private root CA. Certificate pinning is a process where an application compares the certificate presented by the server with a predefined set of certificates and only accepts connections if the presented certificate is one of the predefined certificates. This means that the application will reject any certificate that is not in the predefined set, even if it is valid.


NEW QUESTION # 115
A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?

  • A. Use thepasswords in a credential stuffing attack when the external penetration test begins.
  • B. Add thepasswords to an appendix in the penetration test report.
  • C. Do nothing. Using passwords from breached data is unethical.
  • D. Contactthe client and inform them of the breach.

Answer: D

Explanation:
Upon discovering passwords in a publicly available data breach during the reconnaissance phase, the most ethical and constructive action for the penetration tester is to contact the client and inform them of the breach.
This approach allows the client to take necessary actions to mitigate any potential risks, such as forcing password resets or enhancing their security measures. Adding the passwords to a report appendix (option A) without context or action could be seen as irresponsible, while doing nothing (option B) neglects the tester's duty to inform the client of potential threats. Using the passwords in a credential stuffing attack (option D) without explicit permission as part of an agreed testing scope would be unethical and potentially illegal.


NEW QUESTION # 116
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

  • A. Nmap -p 445 -n -T4 -open 172.21.0.0/16
  • B. Nmap -sV --script=smb* 172.21.0.0/16
  • C. Nmap -s 445 -Pn -T5 172.21.0.0/16
  • D. Nmap -p 445 -max -sT 172. 21.0.0/16

Answer: A

Explanation:
Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n -T4 -open 172.21.0.0/16 would scan for SMB port 445 over a
/16 network with the following options:
* -p 445 specifies the port number to scan.
* -n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.
* -T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses.
* -open only shows hosts that have open ports, which can reduce the output and focus on relevant results.
The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.


NEW QUESTION # 117
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

  • A. Perform fuzz testing of compiled binaries.
  • B. Validate API security settings before deployment.
  • C. Add a dependency checker into the tool chain.
  • D. Perform routine static and dynamic analysis of committed code.

Answer: C

Explanation:
Adding a dependency checker into the tool chain is the best recommendation for the company that has been including vulnerable third-party modules in multiple products. A dependency checker is a tool that analyzes the dependencies of a software project and identifies any known vulnerabilities or outdated versions. This can help the developers to update or replace the vulnerable modules before deploying the products.


NEW QUESTION # 118
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Answer:

Explanation:


NEW QUESTION # 119
A penetration tester gains access to a system and is able to migrate to a user process:

Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

  • A. Redirecting output from a file to a remote system
  • B. Creating a new process on all domain systems
  • C. Setting up a reverse shell from a remote system
  • D. Building a scheduled task for execution
  • E. Adding an additional IP address on the compromised system
  • F. Executing a file on the remote system
  • G. Mapping a share to a remote system

Answer: F,G

Explanation:
Explanation
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.


NEW QUESTION # 120
During a security assessment of a web application, a penetration tester was able to generate the following application response:
Unclosed quotation mark after the character string Incorrect syntax near ".
Which of the following is the most probable finding?

  • A. Race condition
  • B. SQL injection
  • C. Business logic flaw
  • D. Cross-site scripting

Answer: B

Explanation:
The error message "Unclosed quotation mark after the character string Incorrect syntax near '." suggests that the application is vulnerable to SQL Injection (A). This type of vulnerability occurs when an attacker is able to inject malicious SQL queries into an application's database query. The error message indicates that the application's input handling allows for the manipulation of the underlying SQL queries, which can lead to unauthorized data access, data modification, and other database-related attacks.


NEW QUESTION # 121
A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

  • A. Nmap -p 445 -n -T4 -open 172.21.0.0/16
  • B. Nmap -sV --script=smb* 172.21.0.0/16
  • C. Nmap -s 445 -Pn -T5 172.21.0.0/16
  • D. Nmap -p 445 -max -sT 172. 21.0.0/16

Answer: A

Explanation:
Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n -T4 -open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with the following options:
-p 445 specifies the port number to scan.
-n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.
-T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses.
-open only shows hosts that have open ports, which can reduce the output and focus on relevant results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.


NEW QUESTION # 122
A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?

  • A. BLE attack
  • B. Bluejacking
  • C. WPS PIN attack
  • D. Bluesnarfing

Answer: A

Explanation:
A BLE (Bluetooth Low Energy) attack is specifically designed to exploit vulnerabilities in the Bluetooth Low Energy protocol, which is commonly used in modern wireless devices, including key fobs for electric vehicles.
This type of attack can allow a penetration tester to intercept, manipulate, or take control of the communication between the key fob and the vehicle. Bluejacking and Bluesnarfing are older Bluetooth attacks that are less effective against modern BLE implementations. WPS PIN attacks target Wi-Fi Protected Setup, which is unrelated to key fobs and electric vehicles.


NEW QUESTION # 123
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:
* Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>WordPress &#8250; ReadMe</title>
<link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css" />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

  • A. Burp Suite
  • B. DirBuster
  • C. WPScan
  • D. OWASP ZAP

Answer: C

Explanation:
Explanation
WPScan is a tool that can be used to scan WordPress sites for vulnerabilities, such as outdated plugins, themes, or core files, misconfigured settings, weak passwords, or user enumeration. The curl command reveals that the site is running WordPress and has a readme.html file that may disclose the version number. Therefore, WPScan would be the best tool to use to explore this site further. Burp Suite is a tool that can be used to intercept and modify web requests and responses, but it does not specialize in WordPress scanning. DirBuster is a tool that can be used to brute-force directories and files on web servers, but it does not exploit WordPress vulnerabilities. OWASP ZAP is a tool that can be used to perform web application security testing, but it does not focus on WordPress scanning.


NEW QUESTION # 124
A penetration tester is examining a Class C network to identify active systems quickly. Which of the following commands should the penetration tester use?

  • A. nmap sN 192.168.0.0/24
  • B. nmap sn 192.168.0.1/16
  • C. nmap sn 192.168.0.1-254
  • D. nmap sn 192.168.0.1 192.168.0.1.254

Answer: C


NEW QUESTION # 125
Which of the following expressions in Python increase a variable val by one (Choose two.)

  • A. +val
  • B. ++val
  • C. val=(val+1)
  • D. val++
  • E. val=val++
  • F. val+=1

Answer: C,F

Explanation:
https://pythonguides.com/increment-and-decrement-operators-in-python/


NEW QUESTION # 126
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?

  • A. SQL injection
  • B. Remote command injection
  • C. DLL injection
  • D. HTML injection

Answer: A

Explanation:
Explanation
WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data1.
Based on this information, one possible answer to your question is A.
SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.


NEW QUESTION # 127
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

  • A. hping3
  • B. Nmap
  • C. tcpdump
  • D. Scapy

Answer: D

Explanation:
https://0xbharath.github.io/art-of-packet-crafting-with-scapy/scapy/creating_packets/index.html
https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy
Scapy is a powerful and interactive packet manipulation tool that allows the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds. Scapy can craft, send, receive, and analyze packets of various protocols, such as TCP, UDP, ICMP, or IP. Scapy can also modify any field of any layer of a packet, such as the TCP header length and checksum, which are used to indicate the size and integrity of the TCP segment. Scapy can also display the response packets from the target system, which can reveal how the proprietary service handles the invalid packet.


NEW QUESTION # 128
During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

  • A. Credential-stuffing attack
  • B. Dictionary attack
  • C. Brute-force attack
  • D. Rainbow table attack

Answer: D


NEW QUESTION # 129
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

  • A. Clarify the statement of work.
  • B. Identify all third parties involved.
  • C. Interview all stakeholders.
  • D. Obtain an asset inventory from the client.

Answer: A

Explanation:
Explanation
Clarifying the statement of work is one of the most important items to develop fully prior to beginning the penetration testing activities, as it defines the scope, objectives, deliverables, and expectations of the engagement. The statement of work is a formal document that outlines the agreement between the penetration tester and the client and serves as a reference for both parties throughout the engagement. It should include details such as the type, duration, and frequency of testing, the target systems and networks, the authorized methods and tools, the reporting format and schedule, and any legal or ethical considerations.


NEW QUESTION # 130
A penetration tester writes the following script:

Which of the following is the tester performing?

  • A. Searching for service vulnerabilities
  • B. Trying to recover a lost bind shell
  • C. Building a reverse shell listening on specified ports
  • D. Scanning a network for specific open ports

Answer: D

Explanation:
-z zero-I/O mode [used for scanning]
-v verbose
example output of script:
10.0.0.1: inverse host lookup failed: Unknown host
(UNKNOWN) [10.0.0.1] 22 (ssh) open
(UNKNOWN) [10.0.0.1] 23 (telnet) : Connection timed out
https://unix.stackexchange.com/questions/589561/what-is-nc-z-used-for


NEW QUESTION # 131
A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

  • A. nmap -A -T4 -p80 192.168.1.20
  • B. nmap -sS -sL -p80 192.168.1.20
  • C. nmap -f -sV -p80 192.168.1.20
  • D. nmap -O -v -p80 192.168.1.20

Answer: A


NEW QUESTION # 132
......

Detailed New PT0-002 Exam Questions for Concept Clearance: https://www.exam-killer.com/PT0-002-valid-questions.html

Provide PT0-002 Practice Test Engine for Preparation: https://drive.google.com/open?id=1N7bJMLXQd83O0rl4HQ8h5760-35J-n9X

Related Blogs

more
CompTIA PT0-002 Certification Practice Exam

All we do is to help you pass the actual test with our training material. The most relevant questions together with verified answers can ensure you 100% pass.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 EXAM-KILLER.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy