Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

PT0-002 Questions and Answers

Question # 6

A penetration tester performs the following command:

curl –I –http2 https://www.comptia.org

Which of the following snippets of output will the tester MOST likely receive?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 7

A penetration tester received a .pcap file to look for credentials to use in an engagement.

Which of the following tools should the tester utilize to open and read the .pcap file?

A.

Nmap

B.

Wireshark

C.

Metasploit

D.

Netcat

Full Access
Question # 8

A consultant is reviewing the following output after reports of intermittent connectivity issues:

? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]

? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]

? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]

? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]

? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]

? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]

Which of the following is MOST likely to be reported by the consultant?

A.

A device on the network has an IP address in the wrong subnet.

B.

A multicast session was initiated using the wrong multicast group.

C.

An ARP flooding attack is using the broadcast address to perform DDoS.

D.

A device on the network has poisoned the ARP cache.

Full Access
Question # 9

A penetration tester runs the following command on a system:

find / -user root –perm -4000 –print 2>/dev/null

Which of the following is the tester trying to accomplish?

A.

Set the SGID on all files in the / directory

B.

Find the /root directory on the system

C.

Find files with the SUID bit set

D.

Find files that were created during exploitation and move them to /dev/null

Full Access
Question # 10

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A.

chmod u+x script.sh

B.

chmod u+e script.sh

C.

chmod o+e script.sh

D.

chmod o+x script.sh

Full Access
Question # 11

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

A.

Socat

B.

tcpdump

C.

Scapy

D.

dig

Full Access
Question # 12

A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client’s building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.

Which of the following tools or techniques would BEST support additional reconnaissance?

A.

Wardriving

B.

Shodan

C.

Recon-ng

D.

Aircrack-ng

Full Access
Question # 13

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

A.

Forensically acquire the backdoor Trojan and perform attribution

B.

Utilize the backdoor in support of the engagement

C.

Continue the engagement and include the backdoor finding in the final report

D.

Inform the customer immediately about the backdoor

Full Access
Question # 14

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

A.

Aircrack-ng

B.

Wireshark

C.

Wifite

D.

Kismet

Full Access
Question # 15

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

A.

Analyze the malware to see what it does.

B.

Collect the proper evidence and then remove the malware.

C.

Do a root-cause analysis to find out how the malware got in.

D.

Remove the malware immediately.

E.

Stop the assessment and inform the emergency contact.

Full Access
Question # 16

A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

A.

Nmap

B.

tcpdump

C.

Scapy

D.

hping3

Full Access
Question # 17

A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.

Which of the following actions should the tester take?

A.

Perform forensic analysis to isolate the means of compromise and determine attribution.

B.

Incorporate the newly identified method of compromise into the red team’s approach.

C.

Create a detailed document of findings before continuing with the assessment.

D.

Halt the assessment and follow the reporting procedures as outlined in the contract.

Full Access
Question # 18

Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

A.

Buffer overflows

B.

Cross-site scripting

C.

Race-condition attacks

D.

Zero-day attacks

E.

Injection flaws

F.

Ransomware attacks

Full Access
Question # 19

A penetration tester found the following valid URL while doing a manual assessment of a web application: http://www.example.com/product.php?id=123987.

Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?

A.

SQLmap

B.

Nessus

C.

Nikto

D.

DirBuster

Full Access
Question # 20

A penetration tester obtained the following results after scanning a web server using the dirb utility:

...

GENERATED WORDS: 4612

---- Scanning URL: http://10.2 .10.13/ ----

+ http://10.2.10.13/about (CODE:200|SIZE:1520)

+ http://10.2.10.13/home.html (CODE:200|SIZE:214)

+ http://10.2.10.13/index.html (CODE:200|SIZE:214)

+ http://10.2.10.13/info (CODE:200|SIZE:214)

...

DOWNLOADED: 4612 – FOUND: 4

Which of the following elements is MOST likely to contain useful information for the penetration tester?

A.

index.html

B.

about

C.

info

D.

home.html

Full Access
Question # 21

A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

A.

OpenVAS

B.

Nikto

C.

SQLmap

D.

Nessus

Full Access