Scribd Logo
Upload

Welcome to Scribd!

  • IT-Pruefung: Prüfungshilfen Für IT Zertifizierungen

    Uploaded by

    Bana
    48 views6 pages
    This document contains sample questions from the CompTIA PenTest+ PT0-002 certification exam. It provides 10 multiple choice questions related to penetration testing topics like vulnerability scanning, brute forcing, and penetration testing best practices. It also includes an advertisement for PT0-002 exam preparation resources in German.

    Original Description:

    Original Title

    pt0-002

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains sample questions from the CompTIA PenTest+ PT0-002 certification exam. It provides 10 multiple choice questions related to penetration testing topics like vulnerability scanning, brute forcing, and penetration testing best practices. It also includes an advertisement for PT0-002 exam preparation resources in German.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    48 views6 pages

    IT-Pruefung: Prüfungshilfen Für IT Zertifizierungen

    Uploaded by

    Bana
    This document contains sample questions from the CompTIA PenTest+ PT0-002 certification exam. It provides 10 multiple choice questions related to penetration testing topics like vulnerability scanning, brute forcing, and penetration testing best practices. It also includes an advertisement for PT0-002 exam preparation resources in German.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    IT-Pruefung

    Prüfungshilfen für IT Zertifizierungen

    http://www.it-pruefung.com
    Wir bieten Ihnen einen kostenlosen einjährigen Upgrade Service an
    Die neuesten PT0-002 echte Prüfungsfragen, CompTIA PT0-002 originale fragen
    IT Certification Guaranteed, The Easy Way!

    Exam : PT0-002

    Title : CompTIA PenTest+


    Certification

    Vendor : CompTIA

    Version : DEMO

    CompTIA PT0-002 deutsch, PT0-002 prüfung, PT0-0021 prüfungsfragen


    https://www.it-pruefung.com/PT0-002.html
    Die neuesten PT0-002 echte Prüfungsfragen, CompTIA PT0-002 originale fragen
    IT Certification Guaranteed, The Easy Way!

    NO.1 A penetration tester completed a vulnerability scan against a web server and identified a single
    but severe vulnerability.
    Which of the following is the BEST way to ensure this is a true positive?
    A. Perform a manual test on the server.
    B. Check the results on the scanner.
    C. Run another scanner to compare.
    D. Look for the vulnerability online.
    Answer: A

    NO.2 A company hired a penetration-testing team to review the cyber-physical systems in a


    manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both
    connected to the company intranet. Which of the following assumptions, if made by the penetration-
    testing team, is MOST likely to be
    valid?
    A. PLCs will not act upon commands injected over the network.
    B. Supervisors and controllers are on a separate virtual network by default.
    C. Controllers will not validate the origin of commands.
    D. Supervisory systems will detect a malicious injection of code/commands.
    Answer: C

    NO.3 A penetration tester finds a PHP script used by a web application in an unprotected internal
    source code repository. After reviewing the code, the tester identifies the following:

    Which of the following tools will help the tester prepare an attack for this scenario?
    A. Nmap and OWASP ZAP
    B. Burp Suite and DIRB
    C. Hydra and crunch
    D. Netcat and cURL
    Answer: B

    NO.4 A penetration tester was brute forcing an internal web server and ran a command that
    produced the following output:

    CompTIA PT0-002 deutsch, PT0-002 prüfung, PT0-0022 prüfungsfragen


    https://www.it-pruefung.com/PT0-002.html
    Die neuesten PT0-002 echte Prüfungsfragen, CompTIA PT0-002 originale fragen
    IT Certification Guaranteed, The Easy Way!

    However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a
    blank page was displayed.
    Which of the following is the MOST likely reason for the lack of output?
    A. The HTTP port is not open on the firewall.
    B. The web server is using HTTPS instead of HTTP.
    C. This URI returned a server error.
    D. The tester did not run sudo before the command.
    Answer: A

    NO.5 Which of the following BEST describes why a client would hold a lessons-learned meeting with
    the penetration-testing team?
    A. To discuss the findings and dispute any false positives
    B. To provide feedback on the report structure and recommend improvements
    C. To determine any processes that failed to meet expectations during the assessment
    D. To ensure the penetration-testing team destroys all company data that was gathered during the
    test
    Answer: C

    NO.6 A software company has hired a penetration tester to perform a penetration test on a
    database server. The tester has been given a variety of tools used by the company's privacy policy.
    Which of the following would be the BEST to use to find vulnerabilities on this server?
    A. Nikto
    B. Nessus

    CompTIA PT0-002 deutsch, PT0-002 prüfung, PT0-0023 prüfungsfragen


    https://www.it-pruefung.com/PT0-002.html
    Die neuesten PT0-002 echte Prüfungsfragen, CompTIA PT0-002 originale fragen
    IT Certification Guaranteed, The Easy Way!

    C. OpenVAS
    D. SQLmap
    Answer: D

    NO.7 A penetration tester performs the following command:


    curl -I -http2 https://www.comptia.org
    Which of the following snippets of output will the tester MOST likely receive?

    A. Option B
    B. Option C
    C. Option D
    D. Option A
    Answer: D

    NO.8 A penetration tester who is performing a physical assessment of a company's security practices
    notices the company does not have any shredders inside the office building. Which of the following
    techniques would be BEST to use to gain confidential information?
    A. Badge cloning
    B. Shoulder surfing
    C. Dumpster diving
    D. Tailgating
    Answer: C

    NO.9 A penetration tester has completed an analysis of the various software products produced by
    the company under assessment. The tester found that over the past several years the company has
    been including vulnerable third-party modules in multiple products, even though the quality of the

    CompTIA PT0-002 deutsch, PT0-002 prüfung, PT0-0024 prüfungsfragen


    https://www.it-pruefung.com/PT0-002.html
    Die neuesten PT0-002 echte Prüfungsfragen, CompTIA PT0-002 originale fragen
    IT Certification Guaranteed, The Easy Way!

    organic code being developed is very good. Which of the following recommendations should the
    penetration tester include in the report?
    A. Perform fuzz testing of compiled binaries.
    B. Add a dependency checker into the tool chain.
    C. Validate API security settings before deployment.
    D. Perform routine static and dynamic analysis of committed code.
    Answer: A

    NO.10 A penetration tester is reviewing the following SOW prior to engaging with a client:
    "Network diagrams, logical and physical asset inventory, and employees' names are to be treated as
    client confidential. Upon completion of the engagement, the penetration tester will submit findings
    to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently
    dispose of all findings by erasing them in a secure manner."
    Based on the information in the SOW, which of the following behaviors would be considered
    unethical? (Choose two.)
    A. Using a software-based erase tool to wipe the client's findings from the penetration tester's lapto
    p
    B. Seeking help with the engagement in underground hacker forums by sharing the client's public IP
    address
    C. Utilizing proprietary penetration-testing tools that are not available to the public or to the client
    for auditing and inspection
    D. Retaining the SOW within the penetration tester's company for future use so the sales team can
    plan future engagements
    E. Failing to share with the client critical vulnerabilities that exist within the client architecture to
    appease the client's senior leadership team
    F. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of
    the
    engagement
    Answer: B,E

    CompTIA PT0-002 deutsch, PT0-002 prüfung, PT0-0025 prüfungsfragen


    https://www.it-pruefung.com/PT0-002.html

    You might also like