PT0-002 Exam Dumps, PT0-002 Practice Test Questions [Q18-Q32]

Rate this post

PT0-002 Exam Dumps, PT0-002 Practice Test Questions

PDF (New 2022) Actual CompTIA PT0-002 Exam Questions

NO.18 A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

Socat

tcpdump

Scapy

dig

NO.19 You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.20 A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

Manually check the version number of the VoIP service against the CVE release

Test with proof-of-concept code from an exploit database

Review SIP traffic from an on-path position to look for indicators of compromise

Utilize an nmap -sV scan against the service

NO.21 A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

iam_enum_permissions

iam_privesc_scan

iam_backdoor_assume_role

iam_bruteforce_permissions

NO.22 A software development team is concerned that a new product’s 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries?

Immunity Debugger

OllyDbg

GDB

Drozer

NO.23 A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

Data flooding

Session riding

Cybersquatting

Side channel

NO.24 The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

Network device

Public-facing web server

Active Directory domain controller

IoT/embedded device

Exposed RDP

Print queue

NO.25 A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

nmap -oG list.txt 192.168.0.1-254 , sort

nmap -sn 192.168.0.1-254 , grep “Nmap scan” | awk ‘{print S5}’

nmap –open 192.168.0.1-254, uniq

nmap -o 192.168.0.1-254, cut -f 2

NO.26 A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a “hello” payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

Run nmap -Pn -sV -script vuln <IP address>.

Employ an OpenVAS simple scan against the TCP port of the host.

Create a script in the Lua language and use it with NSE.

Perform a credentialed scan with Nessus.

NO.27 Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

To provide feedback on the report structure and recommend improvements

To discuss the findings and dispute any false positives

To determine any processes that failed to meet expectations during the assessment

To ensure the penetration-testing team destroys all company data that was gathered during the test

NO.28 Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

Shodan

Nmap

WebScarab-NG

Nessus

NO.29 In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

Test for RFC-defined protocol conformance.

Attempt to brute force authentication to the service.

Perform a reverse DNS query and match to the service banner.

Check for an open relay configuration.

NO.30 A penetration tester has been given eight business hours to gain access to a client’s financial system. Which of the following techniques will have the highest likelihood of success?

Attempting to tailgate an employee going into the client’s workplace

Dropping a malicious USB key with the company’s logo in the parking lot

Using a brute-force attack against the external perimeter to gain a foothold

Performing spear phishing against employees by posing as senior management

NO.31 The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

This device is most likely a gateway with in-band management services.

This device is most likely a proxy server forwarding requests over TCP/443.

This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

NO.32 A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?