認証トレーニングPT0-002試験問題集テストエンジン [2024]
2024年06月18日ガイド準備でPT0-002試験合格
Comptia PT0-002試験は、サイバーセキュリティの分野で働きたい人のためにCompTIAが提供する最新の認証です。この認定は、浸透試験または倫理的ハッキングの専門家として働きたい専門家向けに設計されています。この試験では、コンピューターシステム、ネットワーク、アプリケーションの弱点を特定するために必要な浸透テスト、倫理的ハッキング、およびその他の重要なスキルの基本をカバーしています。
サイバーセキュリティの分野でのキャリアを追求することに興味がある場合、取得を検討すべき認定の1つは、Comptia PT0-002(Comptia Pentest+)認定試験です。この試験は、浸透テストの知識と理解を測定するように設計されており、安全で倫理的で効果的な方法でそれらを実行するために必要なスキルを持っているかどうかです。
CompTIA PT0-002またはCompTIA PenTest認定試験は、ペネトレーションテストの様々な側面に熟練することを目的としたプロフェッショナル認定試験です。ペネトレーションテストとは、企業の電子インフラストラクチャに存在する脆弱性を発見するために実施されるシミュレーションされたサイバー攻撃のことです。組織は、ハッカーに悪用される可能性があるコンピュータシステムの弱点を特定し、セキュリティを向上させるためにペネトレーションテスターを雇います。CompTIA PenTest認定試験は、候補者の倫理的ハッキングとペネトレーションテストの方法論、ツール、テクニックに熟達しているかどうかをテストするよう設計されています。
質問 # 205
A penetration tester conducts an Nmap scan against a target and receives the following results:
Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?
- A. OWASPZAP
- B. Empire
- C. ProxyChains
- D. Nessus
正解:C
解説:
Reference: https://www.codeproject.com/Tips/634228/How-to-Use-Proxychains-Forwarding-Ports
質問 # 206
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)
- A. Port knocking
- B. Traffic sniffing
- C. A ping sweep
- D. Open-source research
- E. An Nmap scan
- F. A vulnerability scan
正解:E、F
質問 # 207
A penetration tester conducted a discovery scan that generated the following:
Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?
- A. nmap -o 192.168.0.1-254, cut -f 2
- B. nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'
- C. nmap --open 192.168.0.1-254, uniq
- D. nmap -oG list.txt 192.168.0.1-254 , sort
正解:B
解説:
the NMAP flag (-sn) which is for host discovery and returns that kind of NMAP output. And the AWK command selects column 5 ({print $5}) which obviously carries the returned IP of the host in the NMAP output.
This command will generate the results shown in the image and transform them into a list of active hosts for further analysis. The command consists of three parts:
* nmap -sn 192.168.0.1-254: This part uses nmap, a network scanning tool, to perform a ping scan (-sn) on the IP range 192.168.0.1-254, which means sending ICMP echo requests to each IP address and checking if they respond.
* grep "Nmap scan": This part uses grep, a text filtering tool, to search for the string "Nmap scan" in the output of the previous part and display only the matching lines. This will filter out the lines that show
* the start and end time of the scan and only show the lines that indicate the status of each host.
* awk '{print $5}': This part uses awk, a text processing tool, to print the fifth field ($5) of each line in the output of the previous part. This will extract only the IP addresses of each host and display them as a list.
The final output will look something like this:
192.168.0.1 192.168.0.12 192.168.0.17 192.168.0.34
質問 # 208
A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:
Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?
- A. Run an application vulnerability scan and then identify the TCP ports used by the application.
- B. Run the application attached to a debugger and then review the application's log.
- C. Start a packet capture with Wireshark and then run the application.
- D. Disassemble the binary code and then identify the break points.
正解:C
質問 # 209
The results of an Nmap scan are as follows:
Which of the following would be the BEST conclusion about this device?
- A. This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.
- B. This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.
- C. This device is most likely a proxy server forwarding requests over TCP/443.
- D. This device is most likely a gateway with in-band management services.
正解:D
解説:
The heart bleed bug is an open ssl bug which does not affect SSH Ref:
https://www.sos-berlin.com/en/news-heartbleed-bug-does-not-affect-jobscheduler-or-ssh
質問 # 210
A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?
- A. Deconfliction
- B. DDoS defense
- C. Situational awareness
- D. Rescheduling
正解:A
解説:
Explanation
https://redteam.guide/docs/definitions/
質問 # 211
Given the following script:
Which of the following BEST characterizes the function performed by lines 5 and 6?
- A. Performs a single DNS query for www.comptia.org and prints the raw data output
- B. Retrieves the start-of-authority information for the zone on DNS server 10.10.10.10
- C. Prints each DNS query result already stored in variable b
- D. Loops through variable b to count the results returned for the DNS query and prints that count to screen
正解:C
解説:
The script is using the scapy library to perform a DNS query for www.comptia.org and store the response in variable b. Lines 5 and 6 are using a for loop to iterate over each answer in variable b and print its summary to the screen. This can help the penetration tester to view the DNS records returned by the query.
質問 # 212
A penetration tester opened a shell on a laptop at a client's office but is unable to pivot because of restrictive ACLs on the wireless subnet. The tester is also aware that all laptop users have a hard-wired connection available at their desks. Which of the following is the BEST method available to pivot and gain additional access to the network?
- A. Span deauthentication packets to the wireless clients.
- B. Set up a captive portal with embedded malicious code.
- C. Set up another access point and perform an evil twin attack.
- D. Capture handshakes from wireless clients to crack.
正解:A
質問 # 213
During a penetration test, a tester is in close proximity to a corporate mobile device belonging to a network administrator that is broadcasting Bluetooth frames.
Which of the following is an example of a Bluesnarfing attack that the penetration tester can perform?
- A. Dump the user address book on the device.
- B. Sniff and then crack the WPS PIN on an associated WiFi device.
- C. Break a connection between two Bluetooth devices.
- D. Transmit text messages to the device.
正解:A
解説:
Explanation
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos.
質問 # 214
After running the enum4linux.pl command, a penetration tester received the following output:Which of the following commands should the penetration tester run NEXT?
- A. smbget //192.168.100.56/web -U ''
- B. smbspool //192.160.100.56/print$
- C. net rpc share -S 192.168.100.56 -U ''
- D. smbclient //192.168.100.56/web -U '' -N
正解:D
解説:
A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.
質問 # 215
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?
- A. Review of the lessons learned during the engagement
- B. Scheduling of follow-up actions and retesting
- C. Acceptance by the client and sign-off on the final report
- D. Attestation of findings and delivery of the report
正解:C
質問 # 216
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.




正解:
解説:
See explanation below.
Explanation:
1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)
質問 # 217
Which of the following tools provides Python classes for interacting with network protocols?
- A. Empire
- B. Impacket
- C. Responder
- D. PowerSploit
正解:B
解説:
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.
質問 # 218
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?
- A. Analyze the malware to see what it does.
- B. Remove the malware immediately.
- C. Collect the proper evidence and then remove the malware.
- D. Do a root-cause analysis to find out how the malware got in.
- E. Stop the assessment and inform the emergency contact.
正解:E
解説:
Stopping the assessment and informing the emergency contact is the best thing to do next after identifying that an application being tested has already been compromised with malware. This is because continuing the assessment might interfere with an ongoing investigation or compromise evidence collection. The emergency contact is the person designated by the client who should be notified in case of any critical issues or incidents during the penetration testing engagement.
質問 # 219
A penetration tester captured the following traffic during a web-application test:
Which of the following methods should the tester use to visualize the authorization information being transmitted?
- A. Decrypt the authorization header using bcrypt.
- B. Decode the authorization header using UTF-8.
- C. Decode the authorization header using Base64.
- D. Decrypt the authorization header using AES.
正解:C
質問 # 220
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
正解:
解説:
Explanation
A picture containing shape Description automatically generated
A picture containing treemap chart Description automatically generated
Text Description automatically generated
Graphical user interface Description automatically generated
質問 # 221
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?
- A. Encrypt passwords for bank account information
- B. Enforce mandatory employee vacations
- C. Install video surveillance equipment in the office
- D. Implement multifactor authentication
正解:B
解説:
If the employee already works in the accounting department, MFA will not stop their actions because they'll already have access by virtue of their job.
Enforcing mandatory employee vacations is the best recommendation to prevent this type of activity in the future, as it will make it harder for an employee to conceal fraudulent transactions or unauthorized changes to a payment system. Mandatory employee vacations are a form of internal control that requires employees to take time off from work periodically and have their duties performed by someone else. This can help detect errors, irregularities, or frauds committed by employees who might otherwise have exclusive access or control over certain processes or systems.
質問 # 222
During an engagement, a penetration tester found the following list of strings inside a file:
Which of the following is the BEST technique to determine the known plaintext of the strings?
- A. Rainbow table attack
- B. Credential-stuffing attack
- C. Brute-force attack
- D. Dictionary attack
正解:A
質問 # 223
......
究極のガイドPT0-002認証試験準備CompTIA PenTest+:https://jp.fast2test.com/PT0-002-premium-file.html
無料最新のCompTIA PenTest+ PT0-002リアル試験問題と解答:https://drive.google.com/open?id=14kCDLf2HnqUlEI-cUnzYi75jcGG7lxaK