Login / Register   My Cart (0)
  • Home
  • Articles
  • [2024] Use Valid Exam PT0-002 by TestPassed Books For Free Website [Q109-Q131]

[2024] Use Valid Exam PT0-002 by TestPassed Books For Free Website [Q109-Q131]

Share

[2024] Use Valid Exam PT0-002 by TestPassed Books For Free Website

Free CompTIA PenTest+ PT0-002 Official Cert Guide PDF Download


How much is the salary of a CompTIA PT0-002 certified professional?

The salary of the CompTIA PT0-002 certified professional is dependent on the experience of the candidate, the type of organization they work for, the skills and qualifications they have, the company, location, and the certification. The average salary of a CompTIA PT0-002 certified professional who prepared himself with the help of the PT0-002 Dumps is as follows:

  • In the United States: 65,000 USD
  • In the United Kingdom: 59,000 GBP
  • In Canada: 50,000 CAD
  • In India: 40,000 INR
  • In Australia: 55,000 AUD

 

NEW QUESTION # 109
A penetration tester attempted a DNS poisoning attack. After the attempt, no traffic was seen from the target machine. Which of the following MOST likely caused the attack to fail?

  • A. The DNS cache was not refreshed.
  • B. The client did not receive a trusted response.
  • C. The DNS information was incorrect.
  • D. The injection was too slow.

Answer: A


NEW QUESTION # 110
A penetration tester gains access to a system and is able to migrate to a user process:

Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

  • A. Setting up a reverse shell from a remote system
  • B. Redirecting output from a file to a remote system
  • C. Executing a file on the remote system
  • D. Creating a new process on all domain systems
  • E. Adding an additional IP address on the compromised system
  • F. Mapping a share to a remote system
  • G. Building a scheduled task for execution

Answer: C,F

Explanation:
Explanation
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.


NEW QUESTION # 111
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

  • A. Perform routine static and dynamic analysis of committed code.
  • B. Validate API security settings before deployment.
  • C. Add a dependency checker into the tool chain.
  • D. Perform fuzz testing of compiled binaries.

Answer: C


NEW QUESTION # 112
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

  • A. nmap 192.168.1.1-5 -PA22-25,80
  • B. nmap 192.168.1.1-5 -PU22-25,80
  • C. nmap 192.168.1.1-5 -Ss22-25,80
  • D. nmap 192.168.1.1-5 -PS22-25,80

Answer: D


NEW QUESTION # 113
A consultant is reviewing the following output after reports of intermittent connectivity issues:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet] Which of the following is MOST likely to be reported by the consultant?

  • A. A device on the network has poisoned the ARP cache.
  • B. A multicast session was initiated using the wrong multicast group.
  • C. A device on the network has an IP address in the wrong subnet.
  • D. An ARP flooding attack is using the broadcast address to perform DDoS.

Answer: A

Explanation:
Explanation
The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address. With this on the same network, intermittent connectivity will be inevitable as along as the gateway remains unreachable on the IP known by the others machines on the network, and given that the new machine claiming to be the gateway has not been configured to route traffic.
The output shows an ARP table that contains entries for IP addresses and their corresponding MAC addresses on a local network interface (en0). ARP stands for Address Resolution Protocol and is used to map IP addresses to MAC addresses on a network. However, one entry in the table is suspicious:
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
This entry has the same MAC address as another entry:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
This indicates that a device on the network has poisoned the ARP cache by sending false ARP replies that associate its MAC address with multiple IP addresses, including 192.168.1.136 and 192.168.1.1 (which is likely the gateway address). This allows the device to intercept or redirect traffic intended for those IP addresses.


NEW QUESTION # 114
During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?

  • A. The scanner crashed the system.
  • B. The tester IP was blocked.
  • C. The SSL certificates were invalid.
  • D. The web page was not found.

Answer: B


NEW QUESTION # 115
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. PsExec
  • B. Alternate data streams
  • C. PowerShell modules
  • D. MP4 steganography

Answer: C

Explanation:
Explanation
"Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools."


NEW QUESTION # 116
A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?

  • A. Look for the vulnerability online.
  • B. Run another scanner to compare.
  • C. Perform a manual test on the server.
  • D. Check the results on the scanner.

Answer: C


NEW QUESTION # 117
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. The command requires the -port 135 option.
  • B. The tester input the incorrect IP address.
  • C. PowerShell requires administrative privilege.
  • D. An account for RDP does not exist on the server.

Answer: D


NEW QUESTION # 118
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

  • A. Start a reverse shell.
  • B. Change the file permissions.
  • C. Use privilege escalation.
  • D. Cover tracks.

Answer: C

Explanation:
Explanation
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.


NEW QUESTION # 119
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

  • A. Whether the cloud service provider allows the penetration tester to test the environment
  • B. Whether the specific cloud services are being used by the application
  • C. Whether the country where the cloud service is based has any impeding laws
  • D. The geographical location where the cloud services are running

Answer: D

Explanation:
Section: (none)
Explanation


NEW QUESTION # 120
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

  • A. Fraggle
  • B. Ping flood
  • C. Smurf
  • D. Ping of death

Answer: A

Explanation:
Explanation
Fraggle attack is same as a Smurf attack but rather than ICMP, UDP protocol is used. The prevention of these attacks is almost identical to Fraggle attack.
Ref: https://www.okta.com/identity-101/fraggle-attack/


NEW QUESTION # 121
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

  • A. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
  • B. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  • C. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
  • D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  • E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
  • F. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

Answer: D,F


NEW QUESTION # 122
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:
IP Address: 192.168.1.63
Physical Address: 60-36-dd-a6-c5-33
Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

  • A. arp -s 192.168.1.63 60-36-DD-A6-C5-33
  • B. tcpdump -i eth01 arp and arp[6:2] == 2
  • C. route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1
  • D. ipconfig /all findstr /v 00-00-00 | findstr Physical

Answer: A

Explanation:
Explanation
The arp command is used to manipulate or display the Address Resolution Protocol (ARP) cache, which is a table that maps IP addresses to physical addresses (MAC addresses) on a network. The -s option is used to add a static ARP entry to the cache, which means that it will not expire or be overwritten by dynamic ARP entries.
The syntax for adding a static ARP entry is arp -s <IP address> <physical address>. Therefore, the command arp -s 192.168.1.63 60-36-DD-A6-C5-33 would add a static ARP entry for the IP address 192.168.1.63 and the physical address 60-36-DD-A6-C5-33 to the local cache of the attacker machine. This would allow the attacker machine to communicate with the target machine without relying on ARP requests or replies. The other commands are not valid or useful for establishing a static ARP entry.


NEW QUESTION # 123
Which of the following tools provides Python classes for interacting with network protocols?

  • A. Impacket
  • B. PowerSploit
  • C. Empire
  • D. Responder

Answer: A

Explanation:
Explanation
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.


NEW QUESTION # 124
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  • A. Download the smb.conf file and look at configurations
  • B. Edit the smb.conf file and upload it to the server
  • C. Download .pl files and look for usernames and passwords
  • D. Edit the discovered file with one line of code for remote callback

Answer: B


NEW QUESTION # 125
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

  • A. Run the nc -e /bin/sh <...> command.
  • B. Obtain /etc/shadow and brute force the root password.
  • C. Create a one-shot systemd service to establish a reverse shell.
  • D. Move laterally to create a user account on LDAP

Answer: A


NEW QUESTION # 126
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

  • A. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
  • B. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
  • C. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
  • D. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  • E. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
  • F. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

Answer: D,F

Explanation:
Explanation
These two behaviors would be considered unethical because they violate the principles of honesty, integrity, and confidentiality that penetration testers should adhere to. Failing to share critical vulnerabilities with the client would be dishonest and unprofessional, as it would compromise the quality and value of the assessment and potentially expose the client to greater risks. Seeking help in underground hacker forums by sharing the client's public IP address would be a breach of confidentiality and trust, as it would expose the client's identity and information to malicious actors who may exploit them.


NEW QUESTION # 127
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






Answer:

Explanation:


NEW QUESTION # 128
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

  • A. Set the SGID on all files in the / directory
  • B. Find the /root directory on the system
  • C. Find files with the SUID bit set
  • D. Find files that were created during exploitation and move them to /dev/null

Answer: C

Explanation:
Explanation
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond preventing any error messages to appear in the terminal session.
The tester is trying to find files with the SUID bit set on the system. The SUID (set user ID) bit is a special permission that allows a file to be executed with the privileges of the file owner, regardless of who runs it.
This can be used to perform privileged operations or access restricted resources. A penetration tester can use the find command with the -user and -perm options to search for files owned by a specific user (such as root) and having a specific permission (such as 4000, which indicates the SUID bit is set).


NEW QUESTION # 129
PCI DSS requires which of the following as part of the penetration-testing process?

  • A. The network must be segmented.
  • B. Only externally facing systems should be tested.
  • C. The penetration tester must have cybersecurity certifications.
  • D. The assessment must be performed during non-working hours.

Answer: A


NEW QUESTION # 130
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

  • A. The libraries' code bases could be read by anyone
  • B. The licensing of software is ambiguous
  • C. The libraries may break the application
  • D. The libraries may be unsupported
  • E. The libraries may be vulnerable
  • F. The provenance of code is unknown

Answer: A,E


NEW QUESTION # 131
......


CompTIA PT0-002 exam focuses on various domains of penetration testing, including planning and scoping, information gathering and vulnerability identification, attacks, and exploits, and reporting and communication. The test-takers must have in-depth knowledge of different testing tools, techniques, and methodologies used to identify and exploit vulnerabilities in the target systems. They should have good communication and interpersonal skills to interact with the stakeholders regarding the vulnerabilities detected and provide guidance on remediation and mitigation plans.

 

CompTIA PT0-002 Official Cert Guide PDF: https://testking.testpassed.com/PT0-002-pass-rate.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam

If you choose TestPassed test questions, you will pass test and gain success surely! Top-level faculty and excellent educational experts guarantee high-quality test questions which make users pass exam certainly.

Latest Test Passed

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestPassed NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy