2025年最新の有効なPT0-002リアル試験問題(更新された)100%問題集と練習試験合格させます [Q91-Q114]

Share

2025年最新の有効なPT0-002リアル試験問題(更新された)100%問題集と練習試験合格させます

[更新されたのは2025年]CompTIA PT0-002問題準備には無料サンプルのPDF


Comptia PT0-002(Comptia Pentest+認定)試験は、浸透テストを専門としたい専門家向けの国際的に認められた認定試験です。この試験は、脆弱性を特定し、コンピューターシステム、ネットワーク、アプリケーションの浸透テストを実施する際の個人の知識とスキルをテストするように設計されています。 PT0-002認定試験には、専門家が複雑な浸透テストタスクを実施する能力を実証する必要がある実践的なシナリオが含まれます。

 

質問 # 91
A customer adds a requirement to the scope of a penetration test that states activities can only occur during normal business hours. Which of the following BEST describes why this would be necessary?

  • A. To ensure someone is available if something goes wrong
  • B. Because of concerns regarding bandwidth limitations
  • C. For testing of the customer's SLA with the ISP
  • D. To meet PCI DSS testing requirements

正解:A


質問 # 92
A penetration tester has been hired to examine a website for flaws. During one of the time windows for testing, a network engineer notices a flood of GET requests to the web server, reducing the website's response time by 80%. The network engineer contacts the penetration tester to determine if these GET requests are part of the test. Which of the following BEST describes the purpose of checking with the penetration tester?

  • A. Deconfliction
  • B. DDoS defense
  • C. Situational awareness
  • D. Rescheduling

正解:A

解説:
Explanation
https://redteam.guide/docs/definitions/
Deconfliction is the process of coordinating activities and communicating information to avoid interference, confusion, or conflict among different parties involved in an operation. The network engineer contacted the penetration tester to check if the GET requests were part of the test, and to avoid any potential misunderstanding or disruption of the test or the website. The other options are not related to the purpose of checking with the penetration tester.


質問 # 93
A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner."
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

  • A. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team
  • B. Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop
  • C. Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements
  • D. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the
    engagement
  • E. Seeking help with the engagement in underground hacker forums by sharing the client's public IP address
  • F. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

正解:A、E


質問 # 94
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

  • A. Check for an open relay configuration.
  • B. Perform a reverse DNS query and match to the service banner.
  • C. Test for RFC-defined protocol conformance.
  • D. Attempt to brute force authentication to the service.

正解:A

解説:
SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.


質問 # 95
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.






正解:

解説:

Explanation:
Graphical user interface Description automatically generated


質問 # 96
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:
IP Address: 192.168.1.63
Physical Address: 60-36-dd-a6-c5-33
Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

  • A. tcpdump -i eth01 arp and arp[6:2] == 2
  • B. ipconfig /all findstr /v 00-00-00 | findstr Physical
  • C. arp -s 192.168.1.63 60-36-DD-A6-C5-33
  • D. route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1

正解:C


質問 # 97
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

  • A. Using a brute-force attack against the external perimeter to gain a foothold
  • B. Performing spear phishing against employees by posing as senior management
  • C. Attempting to tailgate an employee going into the client's workplace
  • D. Dropping a malicious USB key with the company's logo in the parking lot

正解:A


質問 # 98
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.
INSTRUCTIONS
Select the tool the penetration tester should use for further investigation.
Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

正解:

解説:

Explanation:
The tool that the penetration tester should use for further investigation is WPScan. This is because WPScan is a WordPress vulnerability scanner that can detect common WordPress security issues, such as weak passwords, outdated plugins, and misconfigured settings. WPScan can also enumerate WordPress users, themes, and plugins from the robots.txt file.
The two entries in the robots.txt file that the penetration tester should recommend for removal are:
* Allow: /admin
* Allow: /wp-admin
These entries expose the WordPress admin panel, which can be a target for brute-force attacks, SQL injection, and other exploits. Removing these entries can help prevent unauthorized access to the web application's backend. Alternatively, the penetration tester can suggest renaming the admin panel to a less obvious name, or adding authentication methods such as two-factor authentication or IP whitelisting.


質問 # 99
A penetration tester receives the following results from an Nmap scan:

Which of the following OSs is the target MOST likely running?

  • A. CentOS
  • B. Ubuntu
  • C. Arch Linux
  • D. Windows Server

正解:D


質問 # 100
A penetration tester is configuring a vulnerability management solution to perform a scan of Linux servers on an enterprise network. The client wants to reduce potential disruptions as much as possible. Which of the following types of accounts should the tester use?

  • A. Read-only user
  • B. SSH LDAP user
  • C. Domain administrator
  • D. Unprivileged user

正解:D


質問 # 101
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?

  • A. Run the nc -e /bin/sh <...> command.
  • B. Move laterally to create a user account on LDAP
  • C. Create a one-shot system service to establish a reverse shell.
  • D. Obtain /etc/shadow and brute force the root password.

正解:C

解説:
Explanation
https://hosakacorp.net/p/systemd-user.html


質問 # 102
Which of the following is the most secure way to protect a final report file when delivering the report to the client/customer?

  • A. Asking for a PGP public key to encrypt the file
  • B. Requiring FTPS security to download the file
  • C. Creating a link on a cloud service and delivering it by email
  • D. Copying the file on a USB drive and delivering it by postal mail

正解:A

解説:
Using PGP (Pretty Good Privacy) encryption ensures that the report file is securely encrypted with the client's public key. Only the client can decrypt the file using their private key, ensuring confidentiality during transit.
Details:
* Option Analysis:
* A. Creating a link on a cloud service and delivering it by email: This method is susceptible to interception or unauthorized access.
* B. Asking for a PGP public key to encrypt the file: Provides end-to-end encryption ensuring that only the intended recipient can access the file.
* C. Requiring FTPS security to download the file: While secure, it does not provide the same level of end-to-end encryption as PGP.
* D. Copying the file on a USB drive and delivering it by postal mail: While physically secure, it is not practical and poses a risk of loss or theft.
References: PGP encryption is a widely accepted method for securing sensitive data. It is recommended by many cybersecurity standards and best practice guides.


質問 # 103
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  • A. Injection flaws
  • B. Race-condition attacks
  • C. Ransomware attacks
  • D. Zero-day attacks
  • E. Cross-site scripting
  • F. Buffer overflows

正解:A、E

解説:
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring


質問 # 104
A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

  • A. Run nmap with the -sA option set against the target
  • B. Run nmap with the -sV and -p22 options set against the target
  • C. Run nmap with the --script vulners option set against the target
  • D. Run nmap with the -o, -p22, and -sC options set against the target

正解:C

解説:
Running nmap with the --script vulners option set against the target would best support the task of identifying CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running, as it will use an NSE script that checks for vulnerabilities based on version information from various sources, such as CVE databases2. The --script option allows users to specify which NSE scripts to run during an Nmap scan.


質問 # 105
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

  • A. VRFY and TURN
  • B. RCPT TO and VRFY
  • C. VRFY and EXPN
  • D. EXPN and TURN

正解:C

解説:
The VRFY and EXPN commands can be used to enumerate user accounts on an SMTP server, as they are used to verify the existence of users or mailing lists. VRFY (verify) asks the server to confirm that a given user name or address is valid. EXPN (expand) asks the server to expand a mailing list into its individual members.
These commands can be used by a penetration tester to identify valid user names or e-mail addresses on the target SMTP server.


質問 # 106
A security analyst is conducting a penetration test for an online store with a database server. Which of the following tools would best assist the tester in detecting vulnerabilities on that server?

  • A. Burp Suite
  • B. Nessus
  • C. SQLmap
  • D. Nikto

正解:C

解説:
SQLmap is specifically designed for detecting and exploiting SQL injection vulnerabilities. For a database server penetration test, it automates the process of identifying vulnerabilities in SQL queries and helps in database enumeration. This corresponds to the CompTIA Pentest+ objective on identifying vulnerabilities in application security.


質問 # 107
Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?

  • A. Required scope of work
  • B. Operating cost
  • C. Client's budget
  • D. Non-disclosure agreement

正解:A

解説:
When calculating the price of a penetration test service for a client, the most important aspect to consider is the required scope of work 1. The scope of work defines the objectives of the penetration test and the systems that will be tested. It is important to understand the scope of work to determine the resources required to complete the test and the time it will take to complete the test 2.


質問 # 108
Appending string values onto another string is called:

  • A. conjunction
  • B. concatenation
  • C. compilation
  • D. connection

正解:B

解説:
Concatenation is the term used to describe the process of appending string values onto another string. In Python, concatenation can be done using the + operator, such as "Hello" + "World" = "HelloWorld"4.


質問 # 109
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

  • A. Implement a patch management plan
  • B. Utilize the secure software development life cycle
  • C. Deploy a user training program
  • D. Configure access controls on each of the servers

正解:A


質問 # 110
When accessing the URL http://192.168.0-1/validate/user.php, a penetration tester obtained the following output:
..d index: eid in /apache/www/validate/user.php line 12
..d index: uid in /apache/www/validate/user.php line 13
..d index: pw in /apache/www/validate/user.php line 14
..d index: acl in /apache/www/validate/user.php line 15

  • A. Incorrect command syntax
  • B. Insecure data transmission
  • C. Insufficient error handling
  • D. Lack of code signing

正解:C

解説:
The most probable cause for this output is insufficient error handling, which is a coding flaw that occurs when a program does not handle errors or exceptions properly or gracefully. Insufficient error handling can result in unwanted or unexpected behavior, such as crashes, hangs, or leaks. In this case, the output shows that the program is displaying warning messages that indicate undefined indexes in the user.php file. These messages reveal the names of the variables and the file path that are used by the program, which can expose sensitive information or clues to an attacker. The program should have implemented error handling mechanisms, such as try-catch blocks, error logging, or sanitizing output, to prevent these messages from being displayed or to handle them appropriately. The other options are not plausible causes for this output. Lack of code signing is a security flaw that occurs when a program does not have a digital signature that verifies its authenticity and integrity. Incorrect command syntax is a user error that occurs when a command is entered with wrong or missing parameters or options. Insecure data transmission is a security flaw that occurs when data is sent over a network without encryption or protection.


質問 # 111
A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps should the tester take NEXT?

  • A. Modify the malicious AP configuration to not use a pre-shared key.
  • B. Set the malicious AP to broadcast within dynamic frequency selection channels.
  • C. Perform jamming on all 2.4GHz and 5GHz channels.
  • D. Send deauthentication frames to the stations.

正解:B


質問 # 112
Which of the following is a rules engine for managing public cloud accounts and resources?

  • A. Pacu
  • B. Scout Suite
  • C. Cloud Brute
  • D. Cloud Custodian

正解:D

解説:
Explanation
Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting.
Cloud Custodian is a tool that can be used to manage public cloud accounts and resources. Cloud Custodian can define policies and rules for cloud resources based on various criteria, such as tags, filters, actions, modes, or schedules. Cloud Custodian can enforce compliance, governance, security, cost optimization, and operational efficiency for cloud resources. Cloud Custodian supports multiple public cloud providers, such as AWS, Azure, GCP, and Kubernetes. Cloud Brute is a tool that can be used to enumerate cloud platforms and discover hidden files and buckets. Pacu is a tool that can be used to exploit AWS environments and perform post-exploitation actions. Scout Suite is a tool that can be used to audit cloud environments and identify security issues.


質問 # 113
A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62 Which of the following commands can be used to further attack the website?

  • A. 1 UNION SELECT 1, DATABASE(),3--
  • B. /var/www/html/index.php;whoami
  • C. ../../../../../../../../../../etc/passwd
  • D. <script>var adr= '../evil.php?test=' + escape(document.cookie);</script>

正解:A


質問 # 114
......


CompTIA PenTest認定試験(PT0-002)は、ペネトレーションテスト分野のサイバーセキュリティプロフェッショナルのスキルと知識を検証する業界で認められた認定試験です。試験は、候補者のペネトレーションテストプロジェクトの計画、実施、報告能力を評価します。試験は、脆弱性スキャン、列挙、攻撃、および攻略後の技術に関する候補者の専門知識を評価することを目的としています。CompTIA PT0-002認定試験は、ペネトレーションテスト、ネットワークおよびアプリケーションセキュリティのスキルをアピールし、倫理的ハッキングの専門知識を示したいサイバーセキュリティプロフェッショナル向けに設計されています。

 

PT0-002豪華セット学習ガイドにはオンライン試験エンジン:https://www.jpntest.com/shiken/PT0-002-mondaishu

2025年最新の認定サンプル問題PT0-002問題集と練習試験:https://drive.google.com/open?id=1HzjtRKzei_Xf9Tkj6eE3A1v4irLQuaFc

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡