CompTIA PT0-002 Exam Practice Test Instant Access

Question 1

In a standard engagement, a post-report document is provided outside of the report. This document:

* Does not contain specific findings

* Exposes vulnerabilities

* Can be shared publicly with outside parties that do not have an in-depth understanding about the client's network

Which of the following documents is described?

AAttestation letter

BFindings report

CExecutive summary

DNon-disclosure agreement

Answer : A

Question 2

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?

AVishing

BWatering hole

CWhaling

DSpear phishing

Answer : B

A watering hole attack involves compromising a website that is frequently visited by the target organization or group. By gaining control of the internal web server hosting the IT knowledge base, a penetration tester could modify the content or introduce malicious code that would be downloaded or executed by employees who visit the site. This type of attack is effective because it leverages a trusted resource within the organization to spread malware or capture sensitive information.

Other options like vishing, whaling, and spear phishing involve direct social engineering attacks targeting individuals, whereas a watering hole attack leverages a compromised website to target multiple users within the organization.

Explanation of watering hole attacks: OWASP Watering Hole

Examples from penetration testing engagements where web server compromises were used to conduct watering hole attacks.

Question 3

During a vulnerability management process that lasted several months, a security analyst found the number of vulnerabilities in a production web application consistently grew. Which of the following should the analyst do to best remediate this situation?

APerform penetration testing regularly.

BPerform a security evaluation based on the OWASP Top 10.

CImplement a peer review process during the coding phase.

DImplement security scanning during the pipeline for the CI/CD flow.

Answer : D

Question 4

During a penetration test, a tester is able to change values in the URL from example.com/login.php?id=5 to example.com/login.php?id=10 and gain access to a web application. Which of the following vulnerabilities has the penetration tester exploited?

ACommand injection

BBroken authentication

CDirect object reference

DCross-site scripting

Answer : C

Insecure direct object reference (IDOR) is a vulnerability where the developer of the application does not implement authorization features to verify that someone accessing data on the site is allowed to access that data.

Question 5

An executive needs to use Wi-Fi to connect to the company's server while traveling. While looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive most likely experiencing?

AData modification

BAmplification

CCaptive portal

DEvil twin

Answer : D

The attacker creates an access point with the same name and network settings as a legitimate access point, but with a stronger signal to attract users. Once a victim connects to the rogue access point, the attacker can intercept and steal any data transmitted over the connection, including login credentials, credit card information, and other sensitive data.

Question 6

A client evaluating a penetration testing company requests examples of its work. Which of the following represents the BEST course of action for the penetration testers?

ARedact identifying information and provide a previous customer's documentation.

BAllow the client to only view the information while in secure spaces.

CDetermine which reports are no longer under a period of confidentiality.

DProvide raw output from penetration testing tools.

Answer : C

Penetration testing reports contain sensitive information about the vulnerabilities and risks of a customer's systems and networks. Therefore, penetration testers should respect the confidentiality and privacy of their customers and only share their reports with authorized parties. Penetration testers should also follow the terms and conditions of their contracts with their customers, which may include a period of confidentiality that prohibits them from disclosing any information related to the testing without the customer's consent.

Question 7

A penetration tester is testing a company's public API and discovers that specific input allows the execution of arbitrary commands on the base operating system. Which of the following actions should the penetration tester take next?

AInclude the findings in the final report.

BNotify the client immediately.

CDocument which commands can be executed.

DUse this feature to further compromise the server.

Answer : B

The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed. Reference: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]

CompTIA PenTest+ Certification PT0-002 Exam Practice Test