CompTIA PT0-002 Exam Practice Test Instant Access

Question 1

A security analyst is conducting an unknown environment test from 192.168.3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems. Which of the following Nmap commands should the analyst use to achieve this objective?

Anmap -F 192.168.5.5

Bnmap -datalength 2 192.168.5.5

Cnmap -D 10.5.2.2 192.168.5.5

Dnmap -scanflags SYNFIN 192.168.5.5

Answer : C

Question 2

A company recruited a penetration tester to configure wireless IDS over the network. Which of the following tools would BEST test the effectiveness of the wireless IDS solutions?

AAircrack-ng

BWireshark

CWifite

DKismet

Answer : A

Aircrack-ng is a suite of tools that allows the penetration tester to test the effectiveness of the wireless IDS solutions by performing various attacks on wireless networks, such as cracking WEP and WPA keys, capturing and injecting packets, deauthenticating clients, or creating fake access points. Aircrack-ng can also generate different types of traffic and signatures that can trigger the wireless IDS alerts or responses, such as ARP requests, EAPOL frames, or beacon frames.

Question 3

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

Asock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

B*range(1, 1025) on line 1 populated the portList list in numerical order.

CLine 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

DThe remoteSvr variable has neither been type-hinted nor initialized.

Answer : B

Port randomization is widely used in port scanners. By default, Nmap randomizes the scanned port order (except that certain commonly accessible ports are moved near the beginning for efficiency reasons) https://nmap.org/book/man-port-specification.html

Question 4

During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise. While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

ASpawn a local shell.

BDisable NIC.

CList processes.

DChange the MAC address

Answer : A

The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is ''/bin/bash'', which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.

Question 5

A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

AWeekly

BMonthly

CQuarterly

DAnnually

Answer : C

Quarterly is the minimum frequency to complete the scan of the system that is PCI DSS v3.2.1 compliant, according to Requirement 11.2.2 of the standard1. PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards that applies to any organization that processes, stores, or transmits credit card information. Requirement 11.2.2 states that organizations must perform internal vulnerability scans at least quarterly and after any significant change in the network.

https://www.pcicomplianceguide.org/faq/#25

PCI DSS requires quarterly vulnerability/penetration tests, not weekly.

Question 6

A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

AFamiliarity and likeness

BAuthority and urgency

CScarcity and fear

DSocial proof and greed

Answer : B

Question 7

A security analyst needs to perform a scan for SMB port 445 over a/16 network. Which of the following commands would be the BEST option when stealth is not a concern and the task is time sensitive?

ANmap -s 445 -Pn -T5 172.21.0.0/16

BNmap -p 445 -n -T4 -open 172.21.0.0/16

CNmap -sV --script=smb* 172.21.0.0/16

DNmap -p 445 -max -sT 172. 21.0.0/16

Answer : B

Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n -T4 -open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with the following options:

-p 445 specifies the port number to scan.

-n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.

-T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses.

--open only shows hosts that have open ports, which can reduce the output and focus on relevant results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.

CompTIA PT0-002 CompTIA PenTest+ Certification Exam Practice Test