시험덤프
매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
  / PT0-002 덤프  / PT0-002 문제 연습

CompTIA PT0-002 시험

CompTIA PenTest+ Certification Exam 온라인 연습

최종 업데이트 시간: 2024년11월08일

당신은 온라인 연습 문제를 통해 CompTIA PT0-002 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.

시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 PT0-002 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 110개의 시험 문제와 답을 포함하십시오.

 / 4

Question No : 1


A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself .
Which of the following vulnerabilities has the tester exploited?

정답:
Explanation:
Reference: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery

Question No : 2


A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address .
Which of the following BEST describes what happened?

정답:

Question No : 3


A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

정답:

Question No : 4


A compliance-based penetration test is primarily concerned with:

정답:

Question No : 5


A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache .
Which of the following commands will accomplish this task?

정답:
Explanation:
Reference: https://nmap.org/book/man-version-detection.html

Question No : 6


A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet .
Which of the following OSs would MOST likely return a packet of this type?

정답:
Explanation:
Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/

Question No : 7


A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift .
Which of the following social-engineering attacks was the tester utilizing?

정답:
Explanation:
Reference: https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats

Question No : 8


A penetration tester was brute forcing an internal web server and ran a command that produced the following output:



However, when the penetration tester tried to browse the URL
http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

정답:

Question No : 9


A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations .
Which of the following are considered passive reconnaissance tools? (Choose two.)

정답:
Explanation:
Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

Question No : 10


A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?

정답:

Question No : 11


A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP .
Which of the following steps should the tester take NEXT?

정답:

Question No : 12


A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources .
Which of the following attack types is MOST concerning to the company?

정답:
Explanation:
Reference: https://www.iotcentral.io/blog/the-top-cloud-computing-vulnerabilities-and-threats

Question No : 13


A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host .
Which of the following utilities would BEST support this objective?

정답:
Explanation:
Reference: https://unix.stackexchange.com/QUESTION NO:s/520348/using-socat-how-to-send-to-and-receive-from-a- public-dns-server

Question No : 14


A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines .
Which of the following documents could hold the penetration tester accountable for this action?

정답:

Question No : 15


A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data .
Which of the following should the tester do with this information to make this a successful exploit?

정답:

 / 4