• Home
  • Articles
  • [Q158-Q179] 100% Guaranteed Results PT0-002 Unlimited 310 Questions [2024]

[Q158-Q179] 100% Guaranteed Results PT0-002 Unlimited 310 Questions [2024]

Share

100% Guaranteed Results PT0-002 Unlimited 310 Questions [2024]

PT0-002 Dumps PDF - Want To Pass PT0-002 Fast

NEW QUESTION # 158
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  • A. Scapy
  • B. tcpdump
  • C. dig
  • D. Socat

Answer: D


NEW QUESTION # 159
A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

  • A. Nessus
  • B. ProxyChains
  • C. OWASPZAP
  • D. Empire

Answer: B


NEW QUESTION # 160
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

  • A. Ping of death
  • B. Smurf
  • C. Ping flood
  • D. Fraggle

Answer: D

Explanation:
Explanation
Fraggle attack is same as a Smurf attack but rather than ICMP, UDP protocol is used. The prevention of these attacks is almost identical to Fraggle attack.
Ref: https://www.okta.com/identity-101/fraggle-attack/


NEW QUESTION # 161
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

  • A. nmap192.168.1.1-5-PS22-25,80
  • B. nmap192.168.1.1-5-PU22-25,80
  • C. nmap192.168.1.1-5-Ss22-25,80
  • D. nmap192.168.1.1-5-PA22-25,80

Answer: A

Explanation:
Explanation
PS/PA/PU/PY are host discovery flags which use TCP SYN/ACK, UDP or SCTP discovery respectively. And since the ports in the options are mostly used by TCP protocols, then it's either the PS or PA flag. But since we need to know if the ports are live, sending SYN packet is a better alternative. Hence, I choose PS in this case.
The nmap -PS22-25,80 192.168.1.1-5 command will return vulnerable ports that might be interesting to a potential attacker, as it will perform a TCP SYN scan on ports 22, 23, 24, 25, and 80 of the target hosts. A TCP SYN scan is a stealthy technique that sends a SYN packet to each port and waits for a response. If the response is a SYN/ACK packet, it means the port is open and listening for connections. If the response is a RST packet, it means the port is closed and not accepting connections. If there is no response, it means the port is filtered by a firewall or IDS1.


NEW QUESTION # 162
A security professional wants to test an IoT device by sending an invalid packet to a proprietary service listening on TCP port 3011. Which of the following would allow the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds?

  • A. Nmap
  • B. tcpdump
  • C. hping3
  • D. Scapy

Answer: D

Explanation:
Explanation
https://0xbharath.github.io/art-of-packet-crafting-with-scapy/scapy/creating_packets/index.html
https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy
Scapy is a powerful and interactive packet manipulation tool that allows the security professional to easily and programmatically manipulate the TCP header length and checksum using arbitrary numbers and to observe how the proprietary service responds. Scapy can craft, send, receive, and analyze packets of various protocols, such as TCP, UDP, ICMP, or IP. Scapy can also modify any field of any layer of a packet, such as the TCP header length and checksum, which are used to indicate the size and integrity of the TCP segment. Scapy can also display the response packets from the target system, which can reveal how the proprietary service handles the invalid packet.


NEW QUESTION # 163
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Attempt to flood open ports.
  • B. Listen for a reverse shell.
  • C. Look for open ports.
  • D. Create an encrypted tunnel.

Answer: C


NEW QUESTION # 164
The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a
"probable port scan" alert in the organization's IDS?

  • A. Line 01
  • B. Line 08
  • C. Line 07
  • D. Line 02

Answer: B


NEW QUESTION # 165
A penetration tester wrote the following comment in the final report: "Eighty-five percent of the systems tested were found to be prone to unauthorized access from the internet." Which of the following audiences was this message intended?

  • A. Data privacy ombudsman
  • B. C-suite executives
  • C. Systems administrators
  • D. Regulatory officials

Answer: B

Explanation:
Explanation
The comment in the final report was intended for C-suite executives, which are senior-level managers or leaders in an organization, such as the chief executive officer (CEO), chief financial officer (CFO), or chief information officer (CIO). C-suite executives are typically interested in high-level summaries or overviews of the penetration test results, such as the percentage of systems affected by a certain vulnerability or risk, the potential impact or cost of a breach, or the recommended actions or priorities for remediation. C-suite executives may not have the technical background or expertise to understand detailed or technical information about the penetration test, such as specific vulnerabilities, exploits, tools, or techniques. The comment in the final report provides a high-level summary of the penetration test result that is relevant and understandable for C-suite executives. The other audiences are not likely to be interested in this comment. Systems administrators are technical staff who are responsible for installing, configuring, maintaining, and securing systems and networks. They would be more interested in detailed or technical information about the penetration test, such as specific vulnerabilities, exploits, tools, or techniques. Data privacy ombudsman is a person who acts as an independent mediator between individuals and organizations regarding data privacy issues or complaints. They would be more interested in information about how the penetration test complied with data privacy laws and regulations, such as GDPR or CCPA. Regulatory officials are authorities who enforce compliance with laws and regulations related to a specific industry or sector, such as finance, health care, or energy. They would be more interested in information about how the penetration test complied with industry-specific standards and frameworks, such as PCI-DSS, HIPAA, or NERC-CIP.


NEW QUESTION # 166
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls


NEW QUESTION # 167
A tester who is performing a penetration test discovers an older firewall that is known to have serious vulnerabilities to remote attacks but is not part of the original list of IP addresses for the engagement. Which of the following is the BEST option for the tester to take?

  • A. Apply patches to the firewall.
  • B. Scan the firewall for vulnerabilities.
  • C. Segment the firewall from the cloud.
  • D. Notify the client about the firewall.

Answer: D


NEW QUESTION # 168
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

  • A. Run the nc -e /bin/sh <...> command.
  • B. Obtain /etc/shadow and brute force the root password.
  • C. Move laterally to create a user account on LDAP
  • D. Create a one-shot systemd service to establish a reverse shell.

Answer: D

Explanation:
https://hosakacorp.net/p/systemd-user.html


NEW QUESTION # 169
A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

  • A. Cain and Abel
  • B. John the Ripper
  • C. Mimikatz
  • D. Hydra

Answer: B


NEW QUESTION # 170
A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  • A. tcpdump
  • B. dig
  • C. Socat
  • D. Scapy

Answer: D

Explanation:
Explanation
https://thepacketgeek.com/scapy/building-network-tools/part-09/


NEW QUESTION # 171
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

  • A. Run the nc -e /bin/sh <...> command.
  • B. Obtain /etc/shadow and brute force the root password.
  • C. Move laterally to create a user account on LDAP
  • D. Create a one-shot system service to establish a reverse shell.

Answer: D

Explanation:
https://hosakacorp.net/p/systemd-user.html


NEW QUESTION # 172
Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

  • A. w3af
  • B. Patator
  • C. CeWL
  • D. DirBuster

Answer: C

Explanation:
CeWL, the Custom Word List Generator, is a Ruby application that allows you to spider a website based on a URL and depth setting and then generate a wordlist from the files and web pages it finds. Running CeWL against a target organization's sites can help generate a custom word list, but you will typically want to add words manually based on your own OSINT gathering efforts.
https://esgeeks.com/como-utilizar-cewl/


NEW QUESTION # 173
Which of the following OSSTM testing methodologies should be used to test under the worst conditions?

  • A. Tandem
  • B. Known environment
  • C. Reversal
  • D. Semi-authorized

Answer: B

Explanation:
Explanation
The OSSTM testing methodology that should be used to test under the worst conditions is known environment, which is a testing approach that assumes that the tester has full knowledge of the target system or network, such as its architecture, configuration, vulnerabilities, or defenses. A known environment testing can simulate a worst-case scenario, where an attacker has gained access to sensitive information or insider knowledge about the target, and can exploit it to launch more sophisticated or targeted attacks. A known environment testing can also help identify the most critical or high-risk areas of the target, and provide recommendations for improving its security posture. The other options are not OSSTM testing methodologies that should be used to test under the worst conditions. Tandem is a testing approach that involves two testers working together on the same target, one as an attacker and one as a defender, to simulate a realistic attack scenario and evaluate the effectiveness of the defense mechanisms. Reversal is a testing approach that involves switching roles between the tester and the client, where the tester acts as a defender and the client acts as an attacker, to assess the security awareness and skills of the client. Semi-authorized is a testing approach that involves giving partial or limited authorization or access to the tester, such as a user account or a network segment, to simulate an attack scenario where an attacker has compromised a legitimate user or device.


NEW QUESTION # 174
Which of the following provides an exploitation suite with payload modules that cover the broadest range of target system types?

  • A. Nessus
  • B. Burp Suite
  • C. Ethercap
  • D. Metasploit

Answer: D


NEW QUESTION # 175
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

  • A. Run nmap with the -sA option set against the target
  • B. Run nmap with the --script vulners option set against the target
  • C. Run nmap with the -sV and -p22 options set against the target
  • D. Run nmap with the -o, -p22, and -sC options set against the target

Answer: D


NEW QUESTION # 176
A penetration tester needs to perform a vulnerability scan against a web server. Which of the following tools is the tester MOST likely to choose?

  • A. Nmap
  • B. Cain and Abel
  • C. Nikto
  • D. Ethercap

Answer: C

Explanation:
https://hackertarget.com/nikto-website-scanner/


NEW QUESTION # 177
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

  • A. Modify the malicious AP configuration to not use a pre-shared key.
  • B. Perform jamming on all 2.4GHz and 5GHz channels.
  • C. Set the malicious AP to broadcast within dynamic frequency selection channels.
  • D. Send deauthentication frames to the stations.

Answer: D

Explanation:
https://steemit.com/informatica/@jordiurbina1/tutorial-hacking-wi-fi-wireless-networks-with-wifislax


NEW QUESTION # 178
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

  • A. Utilize an nmap -sV scan against the service
  • B. Manually check the version number of the VoIP service against the CVE release
  • C. Test with proof-of-concept code from an exploit database
  • D. Review SIP traffic from an on-path position to look for indicators of compromise

Answer: C


NEW QUESTION # 179
......

Updated Verified PT0-002 Q&As - Pass Guarantee: https://www.passleader.top/CompTIA/PT0-002-exam-braindumps.html

PT0-002 Practice Exam Dumps - 99% Marks In CompTIA Exam: https://drive.google.com/open?id=1mO6qEjmyC3Y1onu1KJlSsFL8I95WL7aO

Related Articles

more
CompTIA PT0-002 Certification Practice Exam