• Home
  • Articles
  • [2025] Practice with these PT0-002 dumps Certification Sample Questions [Q110-Q128]

[2025] Practice with these PT0-002 dumps Certification Sample Questions [Q110-Q128]

Share

[2025] Practice with these PT0-002 dumps Certification Sample Questions

Get Instant Access of 100% REAL PT0-002 DUMP Pass Your Exam Easily

NEW QUESTION # 110
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?

  • A. link:
  • B. site:
  • C. intitle:
  • D. inurl:

Answer: B


NEW QUESTION # 111
A penetration tester who is performing an engagement notices a specific host is vulnerable to EternalBlue.
Which of the following would BEST protect against this vulnerability?

  • A. Patch management
  • B. Encrypted passwords
  • C. Key rotation
  • D. Network segmentation

Answer: A

Explanation:
Patch management is the process of identifying, downloading, and installing security patches for a system in order to address new vulnerabilities and software exploits. In the case of EternalBlue, the vulnerability was addressed by Microsoft in the form of a security patch. Installing this patch on the vulnerable host will provide protection from the vulnerability. Additionally, organizations should implement a patch management program to regularly check for and install security patches for the systems in their environment.
Network segmentation (A) can limit the impact of a compromise by separating different parts of the network into smaller, more isolated segments. However, it does not address the vulnerability itself.
Key rotation (B) is the process of periodically changing cryptographic keys, which can help protect against attacks that rely on stolen or compromised keys. However, it is not directly related to the EternalBlue vulnerability.
Encrypted passwords (C) can help protect user credentials in case of a data breach or other compromise, but it does not prevent attackers from exploiting the EternalBlue vulnerability.
Reference: CompTIA PenTest+ Certification Guide, Chapter 1: Pre-engagement Interactions, Page 21.


NEW QUESTION # 112
A penetration tester wants to find hidden information in documents available on the web at a particular domain. Which of the following should the penetration tester use?

  • A. Responder
  • B. Netcraft
  • C. CentralOps
  • D. FOCA

Answer: D

Explanation:
Explanation
https://kalilinuxtutorials.com/foca-metadata-hidden-documents/


NEW QUESTION # 113
A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

Which of the following is the most likely explanation for the output?

  • A. The tester does not have credentials to access the server-status page.
  • B. The admin directory cannot be fuzzed because it is forbidden.
  • C. The robots.txt file has six entries in it.
  • D. The admin, test, and db directories redirect to the log-in page.

Answer: D

Explanation:
The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 77-78.
*101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam, Lab 2.3: Fuzzing Web Applications, page 69-70.


NEW QUESTION # 114
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

  • A. Disable NIC.
  • B. Spawn a local shell.
  • C. Change the MAC address
  • D. List processes.

Answer: B

Explanation:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.


NEW QUESTION # 115
An Nmap scan of a network switch reveals the following:

Which of the following technical controls will most likely be the FIRST recommendation for this device?

  • A. Multifactor authentication
  • B. Encrypted passwords
  • C. Network segmentation
  • D. System-hardening techniques

Answer: D


NEW QUESTION # 116
Which of the following tools would help a penetration tester locate a file that was uploaded to a content management system?

  • A. Scout Suite
  • B. DirBuster
  • C. CeWL
  • D. Open VAS

Answer: B

Explanation:
DirBuster is a tool that can brute-force directories and filenames on web servers. It can help a penetration tester locate a file that was uploaded to a content management system by trying different combinations of paths and names until it finds a match. DirBuster can also use wordlists to speed up the process and discover hidden files or directories. References: The Official CompTIA PenTest+ Instructor Guide (Exam PT0-002) eBook, page 156


NEW QUESTION # 117
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?

  • A. nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
  • B. nmap גsSPn n iL target.txt גA target_txtl
  • C. nmap גiR10oX out.xml | grep גNmapג | cut d ג"f5 > live-hosts.txt
  • D. nmap גPnsV OiL target.txt גA target_text_Service

Answer: A

Explanation:
According to the Official CompTIA PenTest+ Self-Paced Study Guide1, the correct answer is A. nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt.
This command will perform a ping scan (-sn) without reverse DNS resolution (-n) on the IP range 10.1.1.0/24, excluding the attack machine's IP address (10.1.1.15) from the scan (-exclude).
It will also output the results in three formats (normal, grepable and XML) with a base name of target_txt (-oA).


NEW QUESTION # 118
After compromising a system, a penetration tester wants more information in order to decide what actions to take next. The tester runs the following commands:

Which of the following attacks is the penetration tester most likely trying to perform?

  • A. Resource exhaustion
  • B. Credential harvesting
  • C. Container escape techniques
  • D. Metadata service attack

Answer: D

Explanation:
The penetration tester is most likely trying to perform a metadata service attack, which is an attack that exploits a vulnerability in the metadata service of a cloud provider. The metadata service is a service that provides information about the cloud instance, such as its IP address, hostname, credentials, user data, or role permissions. The metadata service can be accessed from within the cloud instance by using a special IP address, such as 169.254.169.254 for AWS, Azure, and GCP. The commands that the penetration tester runs are curl commands, which are used to transfer data from or to a server. The curl commands are requesting data from the metadata service IP address with different paths, such as /latest/meta-data/iam/security-credentials/ and /latest/user-data/. These paths can reveal sensitive information about the cloud instance, such as its IAM role credentials or user data scripts. The penetration tester may use this information to escalate privileges, access other resources, or perform other actions on the cloud environment. The other options are not likely attacks that the penetration tester is trying to perform.


NEW QUESTION # 119
A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output:
ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af803603c4c8 : Summer2023 !!
7945bb2bb08731fc8d57680ffa4aefec91c784d231de029c610b778eda5ef48b:p@ssWord123
ea88ceab69cb2fb8bdcf9ef4df884af219fffbffab473ec13f20326dc6f84d13: Love-You999
Which of the following is the best way to remediate the penetration tester's discovery?

  • A. Setting the minimum password length to ten characters
  • B. Implementing a blocklist of known bad passwords
  • C. Requiring passwords to follow complexity rules
  • D. Encrypting the passwords with a stronger algorithm

Answer: B

Explanation:
The penetration tester's discovery of passwords vulnerable to hash cracking suggests a lack of robust password policies within the organization. Among the options provided, implementing a blocklist of known bad passwords is the most effective immediate remediation. This measure would prevent users from setting passwords that are easily guessable or commonly used, which are susceptible to hash cracking tools like Hashcat.
Requiring passwords to follow complexity rules (Option A) can be helpful, but attackers can still crack complex passwords if they are common or have been exposed in previous breaches. Setting a minimum password length (Option C) is a good practice, but length alone does not ensure a password's strength against hash cracking techniques. Encrypting passwords with a stronger algorithm (Option D) is a valid long-term strategy but would not prevent users from choosing weak passwords that could be easily guessed before hash cracking is even necessary.
Therefore, a blocklist addresses the specific vulnerability exposed by the penetration tester-users setting weak passwords that can be easily cracked. It's also worth noting that the best practice is a combination of strong, enforced password policies, user education, and the use of multi-factor authentication to enhance security further.


NEW QUESTION # 120
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

  • A. Remote file inclusion
  • B. Cross-site request forgery
  • C. Server-side request forgery
  • D. Local file inclusion

Answer: C

Explanation:
Server-side request forgery (SSRF) is the vulnerability that the tester exploited by querying the provider's metadata and getting the credentials used by the instance to authenticate itself. SSRF is a type of attack that abuses a web application to make requests to other resources or services on behalf of the web server. This can allow an attacker to access internal or external resources that are otherwise inaccessible or protected. In this case, the tester was able to access the metadata service of the cloud provider, which contains sensitive information about the instance, such as credentials, IP addresses, roles, etc.


NEW QUESTION # 121
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.
The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. PLCs will not act upon commands injected over the network.
  • B. Supervisors and controllers are on a separate virtual network by default.
  • C. Supervisory systems will detect a malicious injection of code/commands.
  • D. Controllers will not validate the origin of commands.

Answer: D


NEW QUESTION # 122
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

  • A. The web server is using HTTPS instead of HTTP.
  • B. The tester did not run sudo before the command.
  • C. The HTTP port is not open on the firewall.
  • D. This URI returned a server error.

Answer: C


NEW QUESTION # 123
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:
See explanation below.
Explanation
Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting


NEW QUESTION # 124
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
Select the appropriate answer(s), given the output from each section.
Output 1





  • A. See all the solutions below in Explanation

Answer: A

Explanation:



NEW QUESTION # 125
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:

Which of the following actions should the tester perform FIRST?

  • A. Start a reverse shell.
  • B. Use privilege escalation.
  • C. Change the file permissions.
  • D. Cover tracks.

Answer: B

Explanation:
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.


NEW QUESTION # 126
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?

  • A. nmap -A -n 192.168.1.10
  • B. nmap -sA -sV --host-timeout 60 192.168.1.10
  • C. nmap -p0 -T0 -sS 192.168.1.10
  • D. nmap -f --badsum 192.168.1.10

Answer: C


NEW QUESTION # 127
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. An account for RDP does not exist on the server.
  • B. PowerShell requires administrative privilege.
  • C. The tester input the incorrect IP address.
  • D. The command requires the -port 135 option.

Answer: A


NEW QUESTION # 128
......

Free Exam Files Downloaded Instantly: https://prepaway.updatedumps.com/CompTIA/PT0-002-updated-exam-dumps.html

Related Articles

more
CompTIA PT0-002 Certification Practice Exam