CompTIA PT0-002 CompTIA PenTest+ Certification Exam Practice Test

Page: 1 / 14
Total 464 questions
Question 1

A penetration tester managed to get control of an internal web server that is hosting the IT knowledge base. Which of the following attacks should the penetration tester attempt next?



Answer : B

A watering hole attack involves compromising a website that is frequently visited by the target organization or group. By gaining control of the internal web server hosting the IT knowledge base, a penetration tester could modify the content or introduce malicious code that would be downloaded or executed by employees who visit the site. This type of attack is effective because it leverages a trusted resource within the organization to spread malware or capture sensitive information.

Other options like vishing, whaling, and spear phishing involve direct social engineering attacks targeting individuals, whereas a watering hole attack leverages a compromised website to target multiple users within the organization.


Explanation of watering hole attacks: OWASP Watering Hole

Examples from penetration testing engagements where web server compromises were used to conduct watering hole attacks.

Question 2

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?



Answer : A

https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/

--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk

The certutil command is a Windows utility that can be used to manipulate certificates and certificate authorities. However, it can also be abused by attackers to download files from remote servers using the --urlcache option. In this case, the command downloads accesschk64.exe from http://192.168.2.124/windows-binaries/ and saves it locally. Accesschk64.exe is a tool that can be used to check service permissions and identify potential privilege escalation vectors. The other commands are not relevant for this purpose. Powershell is a scripting language that can be used to perform various tasks, but in this case it uploads a file instead of downloading one. Schtasks is a command that can be used to create or query scheduled tasks, but it does not help with service permissions. Wget is a Linux command that can be used to download files from the web, but it does not work on Windows by default.


Question 3

A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?



Answer : B


Question 4

A penetration tester learned that when users request password resets, help desk analysts change users' passwords to 123change. The penetration tester decides to brute force an internet-facing webmail to check which users are still using the temporary password. The tester configures the brute-force tool to test usernames found on a text file and the... Which of the following techniques is the penetration tester using?



Answer : A

The penetration tester is using a password brute force attack, which is a type of password guessing attack that involves trying many possible combinations of passwords against a single username or account. A password brute force attack can be effective when the password is known to be weak, simple, or predictable, such as a default or temporary password. In this case, the penetration tester knows that the help desk analysts change users' passwords to 123change when they request password resets, and decides to brute force the webmail with this password and a list of usernames.A password brute force attack can be done by using tools such as Hydra, which can perform parallelized login attacks against various protocols and services1. The other options are not techniques that the penetration tester is using. SQL injection is a type of attack that exploits a vulnerability in a web application that allows an attacker to execute malicious SQL statements on a database server. Password spraying is a type of password guessing attack that involves trying one or a few common passwords against many usernames or accounts. Kerberoasting is a type of attack that exploits a vulnerability in the Kerberos authentication protocol that allows an attacker to request and crack service tickets for service accounts with weak passwords.


Question 5

Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?



Answer : A

The document that is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables is the SOW (Statement of Work).The SOW is a formal document that describes the objectives, expectations, and responsibilities of the penetration-testing project2. The SOW should be clear, concise, and comprehensive to avoid any ambiguity or misunderstanding.


Question 6

A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?



Answer : C


Question 7

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.

Which of the following is the BEST way to ensure this is a true positive?



Answer : B


Page:    1 / 14   
Total 464 questions