CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Nov 26,2024.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 26,2024
autonumA penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?
- A . Wardriving
- B . Shodan
- C . Recon-ng
- D . Aircrack-ng
autonumA penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment.
Identification requires the penetration tester to:
✑ Have a full TCP connection
✑ Send a “hello” payload
✑ Walt for a response
✑ Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?
- A . Run nmap CPn CsV Cscript vuln <IP address>.
- B . Employ an OpenVAS simple scan against the TCP port of the host.
- C . Create a script in the Lua language and use it with NSE.
- D . Perform a credentialed scan with Nessus.
autonumDuring a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.
Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
- A . Sniff and then crack the WPS PIN on an associated WiFi device.
- B . Dump the user address book on the device.
- C . Break a connection between two Bluetooth devices.
- D . Transmit text messages to the device.
autonumA penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?
- A . Run nmap with the Co, -p22, and CsC options set against the target
- B . Run nmap with the CsV and Cp22 options set against the target
- C . Run nmap with the –script vulners option set against the target
- D . Run nmap with the CsA option set against the target
autonumA penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function.
Which of the following OS or filesystem mechanisms is MOST likely to support this objective?
- A . Alternate data streams
- B . PowerShell modules
- C . MP4 steganography
- D . PsExec
autonumA penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server.
Which of the following is the MOST likely reason for the error?
- A . TCP port 443 is not open on the firewall
- B . The API server is using SSL instead of TLS
- C . The tester is using an outdated version of the application
- D . The application has the API certificate pinned.
autonumPerforming a penetration test against an environment with SCADA devices brings additional safety risk because the:
- A . devices produce more heat and consume more power.
- B . devices are obsolete and are no longer available for replacement.
- C . protocols are more difficult to understand.
- D . devices may cause physical world effects.
autonumA CentOS computer was exploited during a penetration test. During initial reconnaissance, the penetration tester discovered that port 25 was open on an internal Sendmail server.
To remain stealthy, the tester ran the following command from the attack machine:
Which of the following would be the BEST command to use for further progress into the targeted network?
- A . nc 10.10.1.2
- B . ssh 10.10.1.2
- C . nc 127.0.0.1 5555
- D . ssh 127.0.0.1 5555
autonumA penetration tester was hired to perform a physical security assessment of an organization’s office. After monitoring the environment for a few hours, the penetration tester notices that some employees go to lunch in a restaurant nearby and leave their belongings unattended on the table while getting food.
Which of the following techniques would MOST likely be used to get legitimate access into the organization’s building without raising too many alerts?
- A . Tailgating
- B . Dumpster diving
- C . Shoulder surfing
- D . Badge cloning
autonumDuring a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign.
Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)
- A . Scraping social media sites
- B . Using the WHOIS lookup tool
- C . Crawling the client’s website
- D . Phishing company employees
- E . Utilizing DNS lookup tools
- F . Conducting wardriving near the client facility
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
