あなたを合格させるCompTIA PenTest+ PT0-002試験問題集で2025年04月02日には460問あります
PT0-002無料試験学習ガイド!(更新された460問あります)
Comptia PT0-002認定試験は、浸透テストの分野で働くサイバーセキュリティの専門家の知識とスキルセットを評価するために設計されています。試験の成功した候補者は、comptia pentest+認証を取得します。
Comptia PT0-002試験に合格するには、候補者は、ネットワークアーキテクチャ、プログラミング、オペレーティングシステムなどのサイバーセキュリティの基本的な概念について知識を持つ必要があります。また、倫理的なハッキング、浸透テスト、脆弱性評価を実行するためのさまざまなツールとテクニックの実践的な経験を持つ必要があります。この試験では、候補者が脆弱性を検出および悪用する能力を実証し、調査結果を文書化および通信し、修復の推奨事項を提供する必要があります。試験に合格すると、サイバーセキュリティでエキサイティングでやりがいのあるキャリアの機会のためにドアを開けることができます。
PT0-002認定は、侵入テストの典型的な間違いを管理し回避するために必要なスキルを候補者に装備します。候補者は、組織のセキュリティ上の懸念に完全に対処するために、サイバーセキュリティに対する徹底的かつ包括的なアプローチを採用するように訓練します。
質問 # 117
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:
- A. will reveal vulnerabilities in the Modbus protocol.
- B. may cause unintended failures in control systems.
- C. may reduce the true positive rate of findings.
- D. will create a denial-of-service condition on the IP networks.
正解:B
質問 # 118
Which of the following assessment methods is the most likely to cause harm to an ICS environment?
- A. Active scanning
- B. Ping sweep
- C. Packet analysis
- D. Protocol reversing
正解:A
解説:
Active scanning is the process of sending probes or packets to a target system or network and analyzing the responses to gather information or identify vulnerabilities. Active scanning can be intrusive and disruptive, especially in an ICS environment, where availability and reliability are critical. Active scanning can cause unintended consequences, such as triggering alarms, shutting down devices, or affecting physical processes.
Therefore, active scanning is the most likely to cause harm to an ICS environment among the given options.
References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.
*The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook1, Chapter 2: Conducting Passive Reconnaissance, page 2-20.
*Risk Assessment Standards for ICS Environments2, page 8.
質問 # 119
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.




正解:
解説:
See explanation below.
Explanation:
1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)
質問 # 120
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?
- A. SQLmap
- B. DirBuster
- C. OWASP ZAP
- D. w3af
正解:D
解説:
W3AF, the Web Application Attack and Audit Framework, is an open source web application security scanner that includes directory and filename brute-forcing in its list of capabilities.
質問 # 121
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?
- A. System hardening
- B. Vulnerability scanning
- C. Network segmentation
- D. Intrusion detection
正解:C
解説:
Network segmentation is the practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, security level, or access control. Network segmentation can enhance the security of a network by isolating sensitive or critical systems from less secure or untrusted systems, reducing the attack surface, limiting the spread of malware or intrusions, and enforcing granular policies and rules for each segment. To be PCI compliant, which is a set of standards for protecting payment card data, the company should have implemented network segmentation to separate the servers that perform financial transactions from other parts of the network that may be less secure or more exposed to threats. The other options are not specific requirements for PCI compliance, although they may be good security practices in general.
質問 # 122
A penetration tester wrote the following script to be used in one engagement:
Which of the following actions will this script perform?
- A. Attempt to flood open ports.
- B. Create an encrypted tunnel.
- C. Look for open ports.
- D. Listen for a reverse shell.
正解:C
質問 # 123
A penetration tester wrote the following Bash script to brute force a local service password:
..ting as expected. Which of the following changes should the penetration tester make to get the script to work?
- A. .
{ echo "The correct password is $p" && break )
With - B. .e
cho "The correct password is $p" && break)
o "The correct password is $p" I break - C. e
cho "The correct password is Sp" && break)
echo "The correct password is $p" && break) - D. ..e
cho "The correct password is $p" && break)
ho "The correct password is $p" I| break
正解:B
解説:
I| ( echo "The correct password is $p" && break )
Explanation:
CeWL is a tool that can be used to crawl a website and build a wordlist using the data recovered to crack the password on the website. CeWL stands for Custom Word List generator, and it is a Ruby script that spiders a given website up to a specified depth and returns a list of words that can be used for password cracking or other purposes. CeWL can also generate wordlists based on metadata, email addresses, author names, or external links found on the website. CeWL can help a penetration tester create customized wordlists that are tailored to the target website and increase the chances of success for password cracking attacks. DirBuster is a tool that can be used to brute force directories and files names on web servers. w3af is a tool that can be used to scan web applications for vulnerabilities and exploits. Patator is a tool that can be used to perform brute force attacks against various protocols and services.
質問 # 124
Which of the following tools provides Python classes for interacting with network protocols?
- A. Impacket
- B. Responder
- C. PowerSploit
- D. Empire
正解:A
解説:
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE
/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.
Reference: https://github.com/SecureAuthCorp/impacket
質問 # 125
During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:
/home/user/scripts
Which of the following commands should the penetration tester use to perform this scan?
- A. nmap resume "not intrusive"
- B. nmap script /home/user/scripts
- C. nmap script default safe
- D. nmap -load /home/user/scripts
正解:B
解説:
The Nmap command in the question aims to use custom NSE scripts stored in a specific folder. The correct syntax for this option is to use the script argument followed by the path to the folder. The other commands are either invalid, use the wrong argument, or do not specify the folder path. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam
質問 # 126
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity. Which of the following is the MOST important action to take before starting this type of assessment?
- A. Establish communication and escalation procedures with the client.
- B. Ensure the client has signed the SOW.
- C. Determine if the failover environment relies on resources not owned by the client.
- D. Verify the client has granted network access to the hot site.
正解:C
質問 # 127
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.
Which of the following is the MOST important action to take before starting this type of assessment?
- A. Establish communication and escalation procedures with the client.
- B. Verify the client has granted network access to the hot site.
- C. Ensure the client has signed the SOW.
- D. Determine if the failover environment relies on resources not owned by the client.
正解:C
質問 # 128
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
- A. Create a one-shot systemd service to establish a reverse shell.
- B. Run the nc -e /bin/sh <...> command.
- C. Move laterally to create a user account on LDAP
- D. Obtain /etc/shadow and brute force the root password.
正解:A
解説:
Explanation
https://hosakacorp.net/p/systemd-user.html
質問 # 129
Which of the following is the most important to include in the scope of a wireless security assessment?
- A. Frequencies
- B. Signal strengths
- C. SSIDs
- D. APs
正解:D
解説:
Access Points (APs) are crucial in a wireless security assessment as they are the main points through which devices connect to the network. Identifying and securing APs ensures network integrity and security.
Details:
* A. Frequencies: Important but not as critical as identifying and assessing APs.
* B. APs: Central to the network's security; assessing AP configurations, placements, and security settings is essential.
* C. SSIDs: Identifying SSIDs is part of the assessment but does not provide a complete picture without evaluating APs.
* D. Signal strengths: Useful for understanding coverage but secondary to assessing AP security.
References: Wireless security assessments prioritize AP evaluation as they are the entry points to the network, as outlined in various wireless security frameworks and methodologies.
質問 # 130
A penetration tester created the following script to use in an engagement:
However, the tester is receiving the following error when trying to run the script:
Which of the following is the reason for the error?
- A. The sys variable was not defined.
- B. The argv variable was not defined.
- C. The argv module was not imported.
- D. The sys module was not imported.
正解:D
解説:
The sys module is a built-in module in Python that provides access to system-specific parameters and functions, such as command-line arguments, standard input/output, and exit status. The sys module must be imported before it can be used in a script, otherwise an error will occur. The script uses the sys.argv variable, which is a list that contains the command-line arguments passed to the script. However, the script does not import the sys module at the beginning, which causes the error "NameError: name 'sys' is not defined". To fix this error, the script should include the statement "import sys" at the top. The other options are not valid reasons for the error.
質問 # 131
A penetration tester gains access to a system and is able to migrate to a user process:
Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
- A. Adding an additional IP address on the compromised system
- B. Mapping a share to a remote system
- C. Redirecting output from a file to a remote system
- D. Setting up a reverse shell from a remote system
- E. Building a scheduled task for execution
- F. Creating a new process on all domain systems
- G. Executing a file on the remote system
正解:B、G
解説:
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.
質問 # 132
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.
The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?
- A. PLCs will not act upon commands injected over the network.
- B. Supervisory systems will detect a malicious injection of code/commands.
- C. Controllers will not validate the origin of commands.
- D. Supervisors and controllers are on a separate virtual network by default.
正解:C
質問 # 133
A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?
- A. Wireshark
- B. tcpdump
- C. Netcat
- D. Gattacker
正解:D
解説:
The best tool for performing an on-path attack on BLE smart devices is Gattacker. Gattacker is a Bluetooth Low Energy (BLE) pentesting and fuzzing framework specifically designed for on-path attacks. It allows security analysts to perform a variety of tasks, including man-in-the-middle attacks, passive and active scans, fuzzing of BLE services, and more. Gattacker also provides an interactive command-line interface that makes it easy to interact with the target BLE device and execute various commands.
質問 # 134
......
PT0-002問題集はCompTIA PenTest+認証済み試験問題と解答:https://jp.fast2test.com/PT0-002-premium-file.html
実際に出ると確認されたPT0-002試験問題集と解答でPT0-002無料更新:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK