[Q56-Q72] PT0-002 Certification Exam Dumps Questions in here [Dec-2021]

Share

PT0-002 Certification Exam Dumps Questions in here [Dec-2021]

Updated PT0-002 Exam Practice Test Questions

NEW QUESTION 56
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

  • A. Deploy a user training program
  • B. Configure access controls on each of the servers
  • C. Utilize the secure software development life cycle
  • D. Implement a patch management plan

Answer: D

 

NEW QUESTION 57
Which of the following is the MOST effective person to validate results from a penetration test?

  • A. Team leader
  • B. Chief Information Officer
  • C. Client
  • D. Third party

Answer: A

 

NEW QUESTION 58
A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

  • A. Wireshark
  • B. Kismet
  • C. Wifite
  • D. Aircrack-ng

Answer: D

 

NEW QUESTION 59
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

  • A. Run nmap with the -sV and -p22 options set against the target
  • B. Run nmap with the -sA option set against the target
  • C. Run nmap with the --script vulners option set against the target
  • D. Run nmap with the -o, -p22, and -sC options set against the target

Answer: B

 

NEW QUESTION 60
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat a. Which of the following should the tester do with this information to make this a successful exploit?

  • A. Perform XSS.
  • B. Use BeEF.
  • C. Use browser autopwn.
  • D. Conduct a watering-hole attack.

Answer: A

 

NEW QUESTION 61
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. PsExec
  • B. PowerShell modules
  • C. Alternate data streams
  • D. MP4 steganography

Answer: A

 

NEW QUESTION 62
User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

  • A. PBKDF2
  • B. MD5
  • C. bcrypt
  • D. SHA-1

Answer: B

 

NEW QUESTION 63
A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

  • A. Perform fuzz testing of compiled binaries.
  • B. Add a dependency checker into the tool chain.
  • C. Validate API security settings before deployment.
  • D. Perform routine static and dynamic analysis of committed code.

Answer: A

 

NEW QUESTION 64
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Attempt to flood open ports.
  • B. Create an encrypted tunnel.
  • C. Look for open ports.
  • D. Listen for a reverse shell.

Answer: C

 

NEW QUESTION 65
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

  • A. Try to take down the attackers
  • B. Reach out to the primary point of contact
  • C. Collect the proper evidence and add to the final report
  • D. Call law enforcement officials immediately

Answer: B

 

NEW QUESTION 66
Which of the following tools provides Python classes for interacting with network protocols?

  • A. PowerSploit
  • B. Impacket
  • C. Responder
  • D. Empire

Answer: B

 

NEW QUESTION 67
The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

  • A. This device is most likely a proxy server forwarding requests over TCP/443.
  • B. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
  • C. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
  • D. This device is most likely a gateway with in-band management services.

Answer: B

 

NEW QUESTION 68
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

  • A. The expected time frame of the assessment
  • B. A signed statement of work
  • C. The correct user accounts and associated passwords
  • D. The proper emergency contacts for the client

Answer: A

 

NEW QUESTION 69
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

  • A. EXPN and TURN
  • B. RCPT TO and VRFY
  • C. VRFY and TURN
  • D. VRFY and EXPN

Answer: D

 

NEW QUESTION 70
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  • A. Do a root-cause analysis to find out how the malware got in.
  • B. Stop the assessment and inform the emergency contact.
  • C. Collect the proper evidence and then remove the malware.
  • D. Analyze the malware to see what it does.
  • E. Remove the malware immediately.

Answer: E

 

NEW QUESTION 71
Appending string values onto another string is called:

  • A. compilation
  • B. conjunction
  • C. concatenation
  • D. connection

Answer: C

 

NEW QUESTION 72
......

Pass CompTIA PenTest+ PT0-002 Exam With  112 Questions: https://pass4sures.freepdfdump.top/PT0-002-valid-torrent.html