最新のPT0-002問題集PDFでPT0-002リアルで有効な正確な問題集は434問題と解答が待ってます!
100%無料PT0-002試験問題集リアルCompTIA PenTest+問題集を試そう
Comptia Pentest+認定は、浸透テストと脆弱性分析の分野でのサイバーセキュリティスキルを検証しようとする個人にとって貴重な資格です。認定試験では、実際のシナリオをシミュレートする関連するさまざまなトピックをカバーし、サイバーセキュリティ業界の専門家にとって関連性が高く価値のある資格となります。さらに、認証のベンダー中立性の性質により、幅広い組織や業界に適用できます。
質問 # 34
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?
- A. The application has the API certificate pinned.
- B. TCP port 443 is not open on the firewall
- C. The tester is using an outdated version of the application
- D. The API server is using SSL instead of TLS
正解:A
質問 # 35
A client wants a security assessment company to perform a penetration test against its hot site. The purpose of the test is to determine the effectiveness of the defenses that protect against disruptions to business continuity.
Which of the following is the MOST important action to take before starting this type of assessment?
- A. Establish communication and escalation procedures with the client.
- B. Determine if the failover environment relies on resources not owned by the client.
- C. Ensure the client has signed the SOW.
- D. Verify the client has granted network access to the hot site.
正解:C
解説:
Explanation
The statement of work (SOW) is a document that defines the scope, objectives, deliverables, and timeline of a penetration testing engagement. It is important to have the client sign the SOW before starting the assessment to avoid any legal or contractual issues.
質問 # 36
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner."
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)
- A. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the
engagement - B. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
- C. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
- D. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
- E. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
- F. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
正解:E、F
質問 # 37
An assessment has been completed, and all reports and evidence have been turned over to the client. Which of the following should be done NEXT to ensure the confidentiality of the client's information?
- A. Publish the findings after the client reviews the report
- B. Follow the established data retention and destruction process
- C. Report any findings to regulatory oversight groups
- D. Encrypt and store any client information for future analysis
正解:D
解説:
Explanation
After completing an assessment and providing the report and evidence to the client, it is important to follow the established data retention and destruction process to ensure the confidentiality of the client's information.
This process typically involves securely deleting or destroying any data collected during the assessment that is no longer needed, and securely storing any data that needs to be retained. This helps to prevent unauthorized access to the client's information and protects the client's confidentiality.
Reporting any findings to regulatory oversight groups may be necessary in some cases, but it should be done only with the client's permission and in accordance with any relevant legal requirements. Publishing the findings before the client has reviewed the report is also not recommended, as it may breach the client's confidentiality and damage their reputation. Encrypting and storing client information for future analysis is also not recommended unless it is necessary and in compliance with any legal or ethical requirements.
質問 # 38
Given the following script:
while True:
print ("Hello World")
Which of the following describes True?
- A. A Boolean operator
- B. A while loop
- C. A conditional
- D. An arithmetic operator
正解:A
解説:
Explanation
True is a Boolean operator in Python, which is an operator that returns either True or False values based on logical conditions. Boolean operators can be used in expressions or statements that evaluate to True or False values, such as comparisons, assignments, or loops. In the code, True is used as the condition for a while loop, which is a loop that repeats a block of code as long as the condition is True. The code will print "Hello World" indefinitely because True will always be True and the loop will never end. The other options are not valid descriptions of True.
質問 # 39
Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?
- A. Executive summary
- B. Non-disclosure agreement
- C. Business associate agreement
- D. Assessment scope and methodologies
正解:D
解説:
The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination. References:
*CompTIA PenTest+ Certification Exam Objectives, Domain 1.0 Planning and Scoping, Objective 1.1: Given a scenario, explain the importance of scoping an engagement properly.
*The Official CompTIA PenTest+ Instructor and Student Guides (PT0-002), Lesson 1: Planning and Scoping Penetration Tests, Topic 1.1: Introduction to Penetration Testing Concepts, Topic 1.2: The Penetration Testing Process, Topic 1.3: Planning and Scoping Penetration Tests.
質問 # 40
A penetration tester has gained access to part of an internal network and wants to exploit on a different network segment. Using Scapy, the tester runs the following command:
Which of the following represents what the penetration tester is attempting to accomplish?
- A. Double-tagging attack
- B. ARP poisoning
- C. MAC spoofing
- D. DNS cache poisoning
正解:A
解説:
https://scapy.readthedocs.io/en/latest/usage.html
質問 # 41
A penetration tester discovers passwords in a publicly available data breach during the reconnaissance phase of the penetration test. Which of the following is the best action for the tester to take?
- A. Contact the client and inform them of the breach.
- B. Add the passwords to an appendix in the penetration test report.
- C. Use the passwords in a credential stuffing attack when the external penetration test begins.
- D. Do nothing. Using passwords from breached data is unethical.
正解:A
解説:
Upon discovering passwords in a publicly available data breach during the reconnaissance phase, the most ethical and constructive action for the penetration tester is to contact the client and inform them of the breach. This approach allows the client to take necessary actions to mitigate any potential risks, such as forcing password resets or enhancing their security measures. Adding the passwords to a report appendix (option A) without context or action could be seen as irresponsible, while doing nothing (option B) neglects the tester's duty to inform the client of potential threats. Using the passwords in a credential stuffing attack (option D) without explicit permission as part of an agreed testing scope would be unethical and potentially illegal.
質問 # 42
An organization wants to identify whether a less secure protocol is being utilized on a wireless network.
Which of the following types of attacks will achieve this goal?
- A. Downgrade attack
- B. Four-way handshake
- C. Packet sniffing
- D. Protocol negotiation
正解:A
解説:
Explanation
A downgrade attack is a type of attack that exploits a vulnerability in the protocol negotiation process between a client and a server to force them to use a less secure protocol than they originally intended. A downgrade attack can be used to identify whether a less secure protocol is being utilized on a wireless network by intercepting and modifying the messages exchanged during the protocol negotiation phase, such as the association request and response frames, and making the client and the server agree on a weaker protocol, such as WEP or WPA, instead of a stronger one, such as WPA2 or WPA3. A downgrade attack can also enable the attacker to perform other attacks, such as cracking the encryption keys or capturing the network traffic, more easily by taking advantage of the weaknesses of the less secure protocol. A downgrade attack can be performed by using tools such as Airgeddon, which is a multi-use bash script for Linux systems to audit wireless networks1.
質問 # 43
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?
- A. Changing to Wi-Fi equipment that supports strong encryption
- B. Using directional antennae
- C. Using WEP encryption
- D. Disabling Wi-Fi
正解:A
解説:
If a penetration tester was able to access the organization's wireless network from outside of the building using Aircrack-ng, then it means that the wireless network was not secured with strong encryption or authentication methods. Aircrack-ng is a tool that can crack weak wireless encryption schemes such as WEP or WPA-PSK using various techniques such as packet capture, injection, replay, and brute force. To remediate this issue, the client should change to Wi-Fi equipment that supports strong encryption such as WPA2 or WPA3, which are more resistant to cracking attacks. Using directional antennae may reduce the signal range of the wireless network, but it would not prevent an attacker who is within range from cracking the encryption. Using WEP encryption is not a good recommendation, as WEP is known to be insecure and vulnerable to Aircrack-ng attacks. Disabling Wi-Fi may eliminate the risk of wireless attacks, but it would also eliminate the benefits of wireless connectivity for the organization.
質問 # 44
A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output:
ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af803603c4c8 : Summer2023 !!
7945bb2bb08731fc8d57680ffa4aefec91c784d231de029c610b778eda5ef48b:p@ssWord123 ea88ceab69cb2fb8bdcf9ef4df884af219fffbffab473ec13f20326dc6f84d13: Love-You999 Which of the following is the best way to remediate the penetration tester's discovery?
- A. Encrypting the passwords with a stronger algorithm
- B. Setting the minimum password length to ten characters
- C. Requiring passwords to follow complexity rules
- D. Implementing a blocklist of known bad passwords
正解:D
解説:
The penetration tester's discovery of passwords vulnerable to hash cracking suggests a lack of robust password policies within the organization. Among the options provided, implementing a blocklist of known bad passwords is the most effective immediate remediation. This measure would prevent users from setting passwords that are easily guessable or commonly used, which are susceptible to hash cracking tools like Hashcat.
Requiring passwords to follow complexity rules (Option A) can be helpful, but attackers can still crack complex passwords if they are common or have been exposed in previous breaches. Setting a minimum password length (Option C) is a good practice, but length alone does not ensure a password's strength against hash cracking techniques. Encrypting passwords with a stronger algorithm (Option D) is a valid long-term strategy but would not prevent users from choosing weak passwords that could be easily guessed before hash cracking is even necessary.
Therefore, a blocklist addresses the specific vulnerability exposed by the penetration tester-users setting weak passwords that can be easily cracked. It's also worth noting that the best practice is a combination of strong, enforced password policies, user education, and the use of multi-factor authentication to enhance security further.
質問 # 45
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
Which of the following combinations of tools would the penetration tester use to exploit this script?
- A. Netcat and cURL
- B. Hydra and crunch
- C. Burp Suite and DIRB
- D. Nmap and OWASP ZAP
正解:A
質問 # 46
During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.
Which of the following vulnerabilities was the attacker trying to exploit?
- A. ..URL manipulation
- B. ..Session hijacking
- C. ..SQL injection
- D. ..Insecure direct object reference
正解:D
解説:
The attacker is sequentially changing the serviceID parameter in the URL, likely in an attempt to access objects that they are not authorized to see. This is indicative of an attempt to exploit an Insecure Direct Object Reference (IDOR) vulnerability, where unauthorized access to objects can occur by manipulating input or changing parameters in the URL.
An insecure direct object reference (IDOR) vulnerability occurs when an application exposes a reference to an internal object, such as a file, directory, database record, or key, without any proper authorization or validation mechanism. This allows an attacker to manipulate the reference and access other objects that they are not authorized to access. In this case, the attacker was trying to exploit the IDOR vulnerability in the servicestatus.php script, which accepts a serviceID parameter that directly references a service object. By changing the value of the serviceID parameter, the attacker could access different services that they were not supposed to see. References: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.2: Insecure Direct Object References; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack.
質問 # 47
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?
- A. nmap192.168.1.1-5-PA22-25,80
- B. nmap192.168.1.1-5-PS22-25,80
- C. nmap192.168.1.1-5-Ss22-25,80
- D. nmap192.168.1.1-5-PU22-25,80
正解:B
質問 # 48
A security analyst needs to perform an on-path attack on BLE smart devices. Which of the following tools would be BEST suited to accomplish this task?
- A. tcpdump
- B. Gattacker
- C. Wireshark
- D. Netcat
正解:B
解説:
Explanation
The best tool for performing an on-path attack on BLE smart devices is Gattacker. Gattacker is a Bluetooth Low Energy (BLE) pentesting and fuzzing framework specifically designed for on-path attacks. It allows security analysts to perform a variety of tasks, including man-in-the-middle attacks, passive and active scans, fuzzing of BLE services, and more. Gattacker also provides an interactive command-line interface that makes it easy to interact with the target BLE device and execute various commands.
質問 # 49
A penetration tester is enumerating shares and receives the following output:
Which of the following should the penetration tester enumerate next?
- A. print$
- B. dev
- C. notes
- D. home
正解:B
解説:
The output displayed is typical of what one might see when using a tool like smbclient or enum4linux to list shared directories on a system that uses the SMB (Server Message Block) protocol. Here's a brief overview of the shared resources that have been found:
1. print$ - This share is generally used for printer drivers.
2. home - Could be a user's home directory, usually requires authentication.
3. dev - Suggests a development environment, possibly containing code, scripts, or tools that could be useful for further penetration.
4. notes - This has read and write permissions and could contain information such as user notes or documentation.
While all these shares could potentially provide valuable information, the dev share stands out for several reasons:
* Development Environment: As it seems to be a development share, it may contain scripts, tools, or code repositories which could be less secure than production environments and possibly contain sensitive information such as hardcoded credentials, configuration files, or backup files.
* Standard Names: Shares like print$ and home are common and are likely to be properly secured or to contain less sensitive information.
* Writable Share: The notes share is also interesting because it has read and write permissions, which could be exploited to upload malicious files or modify existing ones. However, the potential for finding exploitable material or sensitive information might be higher with the dev share.
In penetration testing, the goal is to find the path of least resistance that provides the highest potential for deeper access or sensitive information discovery. The dev share represents a target that could yield such information or further avenues for exploitation, making it the next logical step for enumeration.
質問 # 50
A penetration tester analyzed a web-application log file and discovered an input that was sent to the company's web application. The input contains a string that says "WAITFOR." Which of the following attacks is being attempted?
- A. DLL injection
- B. HTML injection
- C. Remote command injection
- D. SQL injection
正解:D
解説:
Explanation
WAITFOR can be used in a type of SQL injection attack known as time delay SQL injection or blind SQL injection34. This attack works on the basis that true or false queries can be answered by the amount of time a request takes to complete. For example, an attacker can inject a WAITFOR command with a delay argument into an input field of a web application that uses SQL Server as its database. If the query returns true, then the web application will pause for the specified period of time before responding; if the query returns false, then the web application will respond immediately. By observing the response time, the attacker can infer information about the database structure and data Based on this information, one possible answer to your question is A. SQL injection, because it is an attack that exploits a vulnerability in a web application that allows an attacker to execute arbitrary SQL commands on the database server.
質問 # 51
......
Comptia Pentest+認定は、浸透テストにおけるサイバーセキュリティの専門家のスキルを検証する評判の良いグローバルに認められた認定です。この認定は2018年に導入され、実践的な仕事と現実世界のシナリオに重点を置いているため、人気を博しています。この認定の目的は、ネットワーク内の問題と脆弱性を特定する個人の能力とそれに関連するシステムを評価することを目的としています。 PT0-002の試験では、計画とスコープ、情報収集と脆弱性の識別、攻撃と悪用、爆発後の概念をカバーしています。
あなたを余裕でPT0-002は100%試験合格率保証:https://jp.fast2test.com/PT0-002-premium-file.html
PT0-002問題集本日限定!無料アクセスが可能に!:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK