無料でゲット！2024に更新されたCompTIA PT0-002試験問題と解答 [Q105-Q122]

無料でゲット！2024年最新のに更新されたCompTIA PT0-002試験問題と解答

PT0-002問題集PDFとテストエンジン試験問題

CompTIA PT0-002：CompTIA PenTest認定試験は、CompTIAが提供する最新の認定試験です。サイバーセキュリティプロフェッショナルがペネトレーションテストの概念や手法の理解を深めたい場合に設計されています。試験は、計画と範囲設定、情報収集と脆弱性の特定、攻撃、攻撃後技術、報告とコミュニケーションなど、ペネトレーションテストのすべての重要な側面をカバーしています。

CompTIA PT0-002またはCompTIA PenTest認定試験は、ペネトレーションテストの様々な側面に熟練することを目的としたプロフェッショナル認定試験です。ペネトレーションテストとは、企業の電子インフラストラクチャに存在する脆弱性を発見するために実施されるシミュレーションされたサイバー攻撃のことです。組織は、ハッカーに悪用される可能性があるコンピュータシステムの弱点を特定し、セキュリティを向上させるためにペネトレーションテスターを雇います。CompTIA PenTest認定試験は、候補者の倫理的ハッキングとペネトレーションテストの方法論、ツール、テクニックに熟達しているかどうかをテストするよう設計されています。

 

質問 # 105
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：

Explanation:
Graphical user interface Description automatically generated

質問 # 106
You are a penetration tester running port scans on a server.
INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：
Part 1 - 192.168.2.2 -O -sV --top-ports=100 and SMB vulns
Part 2 - Weak SMB file permissions
https://subscription.packtpub.com/book/networking-and-servers/9781786467454/1/ch01lvl1sec13/fingerprinting-os-and-services-running-on-a-target-host

質問 # 107
A security firm is discussing the results of a penetration test with the client. Based on the findings, the client wants to focus the remaining time on a critical network segment. Which of the following BEST describes the action taking place?

• A. Reprioritizing the goals/objectives
• B. Reducing the risk to the client environment
• C. Maximizing the likelihood of finding vulnerabilities
• D. Eliminating the potential for false positives

正解：A

解説：
Goal Reprioritization ▪ Have the goals of the assessment changed? ▪ Has any new information been found that might affect the goal or desired end state? I would also agree with A, because by goal reprioritization you are more likely to find vulnerabilities in this specific segment of critical network, but it is a side effect of goal reprioritization.

質問 # 108
A penetration tester performs the following command:
curl -I -http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

• A. Option B
• B. Option A
• C. Option D
• D. Option C

正解：B

質問 # 109
Which of the following tools provides Python classes for interacting with network protocols?

• A. Impacket
• B. PowerSploit
• C. Empire
• D. Responder

正解：A

解説：
Impacket is a tool that provides Python classes for interacting with network protocols, such as SMB, DCE/RPC, LDAP, Kerberos, etc. Impacket can be used for network analysis, packet manipulation, authentication spoofing, credential dumping, lateral movement, and remote execution.

質問 # 110
A penetration tester wants to test a list of common passwords against the SSH daemon on a network device.
Which of the following tools would be BEST to use for this purpose?

• A. Hashcat
• B. John the Ripper
• C. Mimikatz
• D. Patator

正解：D

解説：
https://www.kali.org/tools/patator/

質問 # 111
A penetration tester recently completed a review of the security of a core network device within a corporate environment. The key findings are as follows:
* The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept-Language: en-US,en;q=0.5 Connection: keep-alive Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
* Network management interfaces are available on the production network.
* An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

• A. Disable or upgrade SSH daemon.
• B. Enforce enhanced password complexity requirements.
• C. Eliminate network management and control interfaces.
• D. Disable HTTP/301 redirect configuration.
• E. Create an out-of-band network for management.
• F. Implement a better method for authentication.

正解：E、F

解説：
The key findings indicate that the network device is vulnerable to several attacks, such as sniffing, brute-forcing, or exploiting the SSH daemon. To prevent these attacks, the best recommendations are to create an out-of-band network for management, which means a separate network that is not accessible from the production network, and to implement a better method for authentication, such as SSH keys or certificates.
The other options are not as effective or relevant.

質問 # 112
During an internal penetration test against a company, a penetration tester was able to navigate to another part of the network and locate a folder containing customer information such as addresses, phone numbers, and credit card numbers. To be PCI compliant, which of the following should the company have implemented to BEST protect this data?

• A. Intrusion detection
• B. System hardening
• C. Network segmentation
• D. Vulnerability scanning

正解：C

質問 # 113
Which of the following tools would be MOST useful in collecting vendor and other security-relevant information for IoT devices to support passive reconnaissance?

• A. Nessus
• B. WebScarab-NG
• C. Nmap
• D. Shodan

正解：C

質問 # 114
A penetration tester has identified several newly released CVEs on a VoIP call manager. The scanning tool the tester used determined the possible presence of the CVEs based off the version number of the service. Which of the following methods would BEST support validation of the possible findings?

• A. Test with proof-of-concept code from an exploit database
• B. Utilize an nmap -sV scan against the service
• C. Review SIP traffic from an on-path position to look for indicators of compromise
• D. Manually check the version number of the VoIP service against the CVE release

正解：A

解説：
Testing with proof-of-concept code from an exploit database is the best method to support validation of the possible findings, as it will demonstrate whether the CVEs are actually exploitable on the target VoIP call manager. Proof-of-concept code is a piece of software or script that shows how an attacker can exploit a vulnerability in a system or application. An exploit database is a repository of publicly available exploits, such as Exploit Database or Metasploit.

質問 # 115
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
----
Scanning URL: http://10.2.10.13/ ----
+
http://10.2.10.13/about (CODE:200|SIZE:1520)
+
http://10.2.10.13/home.html (CODE:200|SIZE:214)
+
http://10.2.10.13/index.html (CODE:200|SIZE:214)
+
http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 - FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?

• A. index.html
• B. about
• C. info
• D. home.html

正解：B

質問 # 116
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

• A. Set the SGID on all files in the / directory
• B. Find the /root directory on the system
• C. Find files with the SUID bit set
• D. Find files that were created during exploitation and move them to /dev/null

正解：C

質問 # 117
A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)

• A. Knowledge of the building's normal business hours
• B. Caution tape for marking off insecure areas
• C. A dedicated point of contact at the client
• D. The paperwork documenting the engagement
• E. A handheld RF spectrum analyzer
• F. A mask and personal protective equipment

正解：C、D

解説：
Explanation
Always carry the contact information and any documents stating that you are approved to do this.

質問 # 118
Which of the following should a penetration tester consider FIRST when engaging in a penetration test in a cloud environment?

• A. The geographical location where the cloud services are running
• B. Whether the country where the cloud service is based has any impeding laws
• C. Whether the cloud service provider allows the penetration tester to test the environment
• D. Whether the specific cloud services are being used by the application

正解：A

解説：
Section: (none)
Explanation

質問 # 119
A penetration tester downloaded the following Perl script that can be used to identify vulnerabilities in network switches. However, the script is not working properly.
Which of the following changes should the tester apply to make the script work as intended?

• A. Move all the lines below line 7 to the top of the script.
• B. Remove line 6.
• C. Change line 2 to $ip= 10.192.168.253;
• D. Remove lines 3, 5, and 6.

正解：D

解説：
https://www.asc.ohio-state.edu/lewis.239/Class/Perl/perl.html
Example script:
#!/usr/bin/perl
$ip=$argv[1];
attack($ip);
sub attack {
print("x");
}

質問 # 120
A security firm has been hired to perform an external penetration test against a company. The only information the firm received was the company name. Which of the following passive reconnaissance approaches would be MOST likely to yield positive initial results?

• A. Runtime the company's vendor/supply chain.
• B. Scrape web presences and social-networking sites.
• C. Run a vulnerability scan against the company's external website.
• D. Specially craft and deploy phishing emails to key company leaders.

正解：B

質問 # 121
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

• A. Race-condition attacks
• B. Buffer overflows
• C. Ransomware attacks
• D. Zero-day attacks
• E. Cross-site scripting
• F. Injection flaws

正解：B、E

質問 # 122
......

検証済みのPT0-002テスト問題集と解答で正確な360問題と解答あります：https://www.jpntest.com/shiken/PT0-002-mondaishu