CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Nov 27,2024.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 27,2024
autonumA penetration tester who is working remotely is conducting a penetration test using a wireless connection.
Which of the following is the BEST way to provide confidentiality for the client while using this connection?
- A . Configure wireless access to use a AAA server.
- B . Use random MAC addresses on the penetration testing distribution.
- C . Install a host-based firewall on the penetration testing distribution.
- D . Connect to the penetration testing company’s VPS using a VPN.
autonumDRAG DROP
During a penetration test, you gain access to a system with a limited user interface. This
machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
autonumA penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments.
Which of the following techniques should the tester select to accomplish this task?
- A . Steganography
- B . Metadata removal
- C . Encryption
- D . Encode64
autonumA penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?
- A . Understanding the tactics of a security intrusion can help disrupt them.
- B . Scripts that are part of the framework can be imported directly into SIEM tools.
- C . The methodology can be used to estimate the cost of an incident better.
- D . The framework is static and ensures stability of a security program overtime.
autonumA penetration tester found several critical SQL injection vulnerabilities during an assessment of a client’s system. The tester would like to suggest mitigation to the client as soon as possible.
Which of the following remediation techniques would be the BEST to recommend? (Choose two.)
- A . Closing open services
- B . Encryption users’ passwords
- C . Randomizing users’ credentials
- D . Users’ input validation
- E . Parameterized queries
- F . Output encoding
autonumWhich of the following BEST describe the OWASP Top 10? (Choose two.)
- A . The most critical risks of web applications
- B . A list of all the risks of web applications
- C . The risks defined in order of importance
- D . A web-application security standard
- E . A risk-governance and compliance framework
- F . A checklist of Apache vulnerabilities
autonumDeconfliction is necessary when the penetration test:
- A . determines that proprietary information is being stored in cleartext.
- B . occurs during the monthly vulnerability scanning.
- C . uncovers indicators of prior compromise over the course of the assessment.
- D . proceeds in parallel with a criminal digital forensic investigation.
autonumA penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
- A . nmap192.168.1.1-5CPU22-25,80
- B . nmap192.168.1.1-5CPA22-25,80
- C . nmap192.168.1.1-5CPS22-25,80
- D . nmap192.168.1.1-5CSs22-25,80
autonumWhich of the following BEST explains why a penetration tester cannot scan a server that was previously scanned successfully?
- A . The IP address is wrong.
- B . The server is unreachable.
- C . The IP address is on the blocklist.
- D . The IP address is on the allow list.
autonumA company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet.
Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
- A . PLCs will not act upon commands injected over the network.
- B . Supervisors and controllers are on a separate virtual network by default.
- C . Controllers will not validate the origin of commands.
- D . Supervisory systems will detect a malicious injection of code/commands.
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
