最新の2023年最新の実際に出ると確認されたPT0-002問題集で100%無料PT0-002試験問題集
無料提供中で2023年最新のに更新されたCompTIA PT0-002試験問題と解答
Comptia Pentest+認定は、浸透テストと脆弱性分析の分野でのサイバーセキュリティスキルを検証しようとする個人にとって貴重な資格です。認定試験では、実際のシナリオをシミュレートする関連するさまざまなトピックをカバーし、サイバーセキュリティ業界の専門家にとって関連性が高く価値のある資格となります。さらに、認証のベンダー中立性の性質により、幅広い組織や業界に適用できます。
質問 # 52
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
正解:
解説:
Explanation
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls
質問 # 53
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host delivery and write the discovery to files without returning results of the attack machine?
- A. nmap גsSPn n iL target.txt גA target_txtl
- B. nmap snn exclude 10.1.1.15 10.1.1.0/24 oA target_txt
- C. nmap גiR10oX out.xml | grep גNmapג | cut d ג"f5 > live-hosts.txt
- D. nmap גPnsV OiL target.txt גA target_text_Service
正解:C
質問 # 54
A penetration tester discovered that a client uses cloud mail as the company's email system. During the penetration test, the tester set up a fake cloud mail login page and sent all company employees an email that stated their inboxes were full and directed them to the fake login page to remedy the issue. Which of the following BEST describes this attack?
- A. Privilege escalation
- B. Domain record abuse
- C. Password spraying
- D. Credential harvesting
正解:D
解説:
Explanation
Credential harvesting is a type of attack that aims to collect usernames and passwords from unsuspecting users by tricking them into entering their credentials on a fake or spoofed website. Credential harvesting can be done by using phishing emails that lure users to click on malicious links or attachments that redirect them to the fake website. The fake website may look identical or similar to the legitimate one, but it will capture and store the user's credentials for later use by the attacker. In this case, the penetration tester set up a fake cloud mail login page and sent phishing emails to all company employees to harvest their credentials.
質問 # 55
The following PowerShell snippet was extracted from a log of an attacker machine:
A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?
- A. Line 19
- B. Line 8
- C. Line 20
- D. Line 13
正解:B
解説:
Explanation
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_arrays?view=powe
質問 # 56
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)
- A. The libraries' code bases could be read by anyone
- B. The libraries may break the application
- C. The licensing of software is ambiguous
- D. The libraries may be vulnerable
- E. The provenance of code is unknown
- F. The libraries may be unsupported
正解:A、D
質問 # 57
A penetration tester has gained access to the Chief Executive Officer's (CEO's) internal, corporate email. The next objective is to gain access to the network.
Which of the following methods will MOST likely work?
- A. Send an email from the CEO's account, requesting a new account.
- B. Try to obtain the private key used for S/MIME from the CEO's account.
- C. Move laterally from the mail server to the domain controller.
- D. Attempt to escalate privileges on the mail server to gain root access.
正解:D
質問 # 58
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






正解:
解説:
質問 # 59
A penetration tester receives the following results from an Nmap scan:
Which of the following OSs is the target MOST likely running?
- A. Windows Server
- B. CentOS
- C. Ubuntu
- D. Arch Linux
正解:A
質問 # 60
A client would like to have a penetration test performed that leverages a continuously updated TTPs framework and covers a wide variety of enterprise systems and networks. Which of the following methodologies should be used to BEST meet the client's expectations?
- A. The Diamond Model of Intrusion Analysis
- B. MITRE ATT&CK framework
- C. OWASP Top 10
- D. NIST Cybersecurity Framework
正解:B
質問 # 61
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?
- A. The proper emergency contacts for the client
- B. The expected time frame of the assessment
- C. The correct user accounts and associated passwords
- D. A signed statement of work
正解:A
質問 # 62
The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)
- A. IoT/embedded device
- B. Network device
- C. Print queue
- D. Public-facing web server
- E. Active Directory domain controller
- F. Exposed RDP
正解:B、D
質問 # 63
A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider's metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?
- A. Local file inclusion
- B. Cross-site request forgery
- C. Remote file inclusion
- D. Server-side request forgery
正解:D
質問 # 64
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?
- A. SQL injection
- B. DLL injection
- C. HTML injection
- D. Remote command injection
正解:A
解説:
Explanation
WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.
質問 # 65
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
- A. Port knocking
- B. A vulnerability scan
- C. Open-source research
- D. Traffic sniffing
- E. A ping sweep
- F. An Nmap scan
正解:B、F
質問 # 66
An Nmap scan of a network switch reveals the following:
Which of the following technical controls will most likely be the FIRST recommendation for this device?
- A. Network segmentation
- B. Multifactor authentication
- C. Encrypted passwords
- D. System-hardening techniques
正解:D
質問 # 67
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
- A. nmap192.168.1.1-5-Ss22-25,80
- B. nmap192.168.1.1-5-PU22-25,80
- C. nmap192.168.1.1-5-PA22-25,80
- D. nmap192.168.1.1-5-PS22-25,80
正解:D
解説:
Explanation
PS/PA/PU/PY are host discovery flags which use TCP SYN/ACK, UDP or SCTP discovery respectively. And since the ports in the options are mostly used by TCP protocols, then it's either the PS or PA flag. But since we need to know if the ports are live, sending SYN packet is a better alternative. Hence, I choose PS in this case.
質問 # 68
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection.
The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?
- A. ..nmap -sU -sV -T4 -F target.company.com
- B. ..nmap -sT -v -T5 target.company.com
- C. ..nmap -sX -sC target.company.com
- D. ..nmap -sS -sV -F target.company.com
正解:D
解説:
Explanation
The Nmap command that the tester should use to scan for ports without establishing a connection and to find version data information for services running on open ports is nmap -sS -sV -F target.company.com. This command has the following options:
-sS performs a TCP SYN scan, which is a scan technique that sends TCP packets with the SYN flag set to the target ports and analyzes the responses. A TCP SYN scan does not establish a full TCP connection, as it only completes the first step of the three-way handshake. A TCP SYN scan can stealthily scan for open ports without alerting the target system or application.
-sV performs version detection, which is a feature that probes open ports to determine the service and version information of the applications running on them. Version detection can provide useful information for identifying vulnerabilities or exploits that affect specific versions of services or applications.
-F performs a fast scan, which is a scan option that only scans the 100 most common ports according to the nmap-services file. A fast scan can speed up the scan process by avoiding scanning less likely or less interesting ports.
target.company.com specifies the domain name of the target system or network to be scanned.
The other options are not valid Nmap commands that meet the requirements of the question. Option A performs a UDP scan (-sU), which is a scan technique that sends UDP packets to the target ports and analyzes the responses. A UDP scan can scan for open ports that use UDP protocol, such as DNS, SNMP, or DHCP.
However, a UDP scan does establish a connection with the target system or application, unlike a TCP SYN scan. Option C performs a TCP connect scan (-sT), which is a scan technique that sends TCP packets with the SYN flag set to the target ports and completes the three-way handshake with an ACK packet if a SYN/ACK packet is received. A TCP connect scan can scan for open ports that use TCP protocol, such as HTTP, FTP, or SSH. However, a TCP connect scan does establish a full TCP connection with the target system or application, unlike a TCP SYN scan. Option D performs an Xmas scan (-sX), which is a scan technique that sends TCP packets with the FIN, PSH, and URG flags set to the target ports and analyzes the responses. An Xmas scan can stealthily scan for open ports without alerting the target system or application, similar to a TCP SYN scan.
However, option D does not perform version detection (-sV), which is one of the requirements of the question.
質問 # 69
......
PT0-002問題集PDFとテストエンジン試験問題:https://jp.fast2test.com/PT0-002-premium-file.html
無料提供中で最新のPT0-002認定有効な試験問題集はこれ:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK