Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. CompTIA
  3. PenTest+
  4. PT0-002
  5. CompTIA PenTest+ Certification Exam Questions and Answers

Pass the CompTIA PenTest+ PT0-002 Questions and answers with ValidTests

Exam PT0-002 All Questions
Exam PT0-002 Premium Access

View all detail and faqs for the PT0-002 exam

Go to Exam
Viewing page 7 out of 14 pages
Viewing questions 61-70 out of questions
Questions # 61:

A penetration tester who is performing a physical assessment of a company’s security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

Options:

A.

Badge cloning

B.

Dumpster diving

C.

Tailgating

D.

Shoulder surfing

Expert Solution
Questions # 62:

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

Options:

A.

Enforce mandatory employee vacations

B.

Implement multifactor authentication

C.

Install video surveillance equipment in the office

D.

Encrypt passwords for bank account information

Expert Solution
Questions # 63:

Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

Options:

A.

Use of non-optimized sort functions

B.

Poor input sanitization

C.

Null pointer dereferences

D.

Non-compliance with code style guide

E.

Use of deprecated Javadoc tags

F.

A cydomatic complexity score of 3

Expert Solution
Questions # 64:

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

Options:

A.

chmod u+x script.sh

B.

chmod u+e script.sh

C.

chmod o+e script.sh

D.

chmod o+x script.sh

Expert Solution
Questions # 65:

A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?

Options:

A.

To meet PCI DSS testing requirements

B.

For testing of the customer's SLA with the ISP

C.

Because of concerns regarding bandwidth limitations

D.

To ensure someone is available if something goes wrong

Expert Solution
Questions # 66:

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

Options:

A.

Exploiting a configuration weakness in the SQL database

B.

Intercepting outbound TLS traffic

C.

Gaining access to hosts by injecting malware into the enterprise-wide update server

D.

Leveraging a vulnerability on the internal CA to issue fraudulent client certificates

E.

Establishing and maintaining persistence on the domain controller

Expert Solution
Questions # 67:

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

Options:

A.

nmap –vv sUV –p 53, 123-159 10.10.1.20/24 –oA udpscan

B.

nmap –vv sUV –p 53,123,161-162 10.10.1.20/24 –oA udpscan

C.

nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan

D.

nmap –vv sUV –p 53, 122-123, 160-161 10.10.1.20/24 –oA udpscan

Expert Solution
Questions # 68:

A penetration tester gains access to a system and establishes persistence, and then runs the following commands:

cat /dev/null > temp

touch –r .bash_history temp

mv temp .bash_history

Which of the following actions is the tester MOST likely performing?

Options:

A.

Redirecting Bash history to /dev/null

B.

Making a copy of the user's Bash history for further enumeration

C.

Covering tracks by clearing the Bash history

D.

Making decoy files on the system to confuse incident responders

Expert Solution
Questions # 69:

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

Options:

A.

To remove hash-cracking registry entries

B.

To remove the tester-created Mimikatz account

C.

To remove tools from the server

D.

To remove a reverse shell from the system

Expert Solution
Questions # 70:

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company’s request?

Options:

A.

The reverse-engineering team may have a history of selling exploits to third parties.

B.

The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.

C.

The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.

D.

The reverse-engineering team will be given access to source code for analysis.

Expert Solution
Viewing page 7 out of 14 pages
Viewing questions 61-70 out of questions