CompTIA PT0-002 CompTIA PenTest+ Certification Exam Online Training
CompTIA PT0-002 Online Training
The questions for PT0-002 were last updated at Nov 26,2024.
- Exam Code: PT0-002
- Exam Name: CompTIA PenTest+ Certification Exam
- Certification Provider: CompTIA
- Latest update: Nov 26,2024
autonumGiven the following script:
Which of the following BEST characterizes the function performed by lines 5 and 6?
- A . Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
- B . Performs a single DNS query for www.comptia.org and prints the raw data output
- C . Loops through variable b to count the results returned for the DNS query and prints that count to screen
- D . Prints each DNS query result already stored in variable b
autonumA company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources.
Which of the following attack types is MOST concerning to the company?
- A . Data flooding
- B . Session riding
- C . Cybersquatting
- D . Side channel
autonumA penetration tester is exploring a client’s website.
The tester performs a curl command and obtains the following:
* Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html> <html lang=”en”> <head>
<meta name=”viewport” content=”width=device-width” />
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /> <title>WordPress › ReadMe</title>
<link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /> </head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?
- A . Burp Suite
- B . DirBuster
- C . WPScan
- D . OWASP ZAP
autonumA company requires that all hypervisors have the latest available patches installed.
Which of the following would BEST explain the reason why this policy is in place?
- A . To provide protection against host OS vulnerabilities
- B . To reduce the probability of a VM escape attack
- C . To fix any misconfigurations of the hypervisor
- D . To enable all features of the hypervisor
autonumA penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server.
Which of the following log files will show this activity?
- A . /var/log/messages
- B . /var/log/last_user
- C . /var/log/user_log
- D . /var/log/lastlog
autonumA penetration tester is contracted to attack an oil rig network to look for vulnerabilities. While conducting the assessment, the support organization of the rig reported issues connecting to corporate applications and upstream services for data acquisitions.
Which of the following is the MOST likely culprit?
- A . Patch installations
- B . Successful exploits
- C . Application failures
- D . Bandwidth limitations
autonumIn the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers.
Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?
- A . Test for RFC-defined protocol conformance.
- B . Attempt to brute force authentication to the service.
- C . Perform a reverse DNS query and match to the service banner.
- D . Check for an open relay configuration.
autonumA penetration tester received a 16-bit network block that was scoped for an assessment. During the assessment, the tester realized no hosts were active in the provided block of IPs and reported this to the company. The company then provided an updated block of IPs to the tester.
Which of the following would be the most appropriate NEXT step?
- A . Terminate the contract.
- B . Update the ROE with new signatures. Most Voted
- C . Scan the 8-bit block to map additional missed hosts.
- D . Continue the assessment.
autonumDuring an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server.
Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)
- A . Cross-site scripting
- B . Server-side request forgery
- C . SQL injection
- D . Log poisoning
- E . Cross-site request forgery
- F . Command injection
autonumCORRECT TEXT
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.
Latest PT0-002 Dumps Valid Version with 110 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
