PT0-002のPDF問題集で2022年12月10日試験問題 有効なPT0-002問題集 [Q26-Q49]

PT0-002のPDF問題集で2022年12月10日試験問題 有効なPT0-002問題集

究極のPT0-002準備ガイドで無料最新のCompTIA練習テスト問題集

質問 26
A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a "hello" payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

• A. Run nmap -Pn -sV -script vuln <IP address>.
• B. Employ an OpenVAS simple scan against the TCP port of the host.
• C. Create a script in the Lua language and use it with NSE.
• D. Perform a credentialed scan with Nessus.

正解: C

解説:
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language ) to automate a wide variety of networking tasks. https://nmap.org

 

質問 27
Which of the following BEST describes why a client would hold a lessons-learned meeting with the penetration-testing team?

• A. To ensure the penetration-testing team destroys all company data that was gathered during the test
• B. To determine any processes that failed to meet expectations during the assessment
• C. To discuss the findings and dispute any false positives
• D. To provide feedback on the report structure and recommend improvements

正解: B

 

質問 28
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

• A. Implement a patch management plan
• B. Configure access controls on each of the servers
• C. Utilize the secure software development life cycle
• D. Deploy a user training program

正解: A

 

質問 29
You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:

Explanation
Graphical user interface Description automatically generated

 

質問 30
A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?

• A. Aircrack-ng
• B. Shodan
• C. Wardriving
• D. Recon-ng

正解: D

 

質問 31
A consultant is reviewing the following output after reports of intermittent connectivity issues:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]
Which of the following is MOST likely to be reported by the consultant?

• A. An ARP flooding attack is using the broadcast address to perform DDoS.
• B. A multicast session was initiated using the wrong multicast group.
• C. A device on the network has poisoned the ARP cache.
• D. A device on the network has an IP address in the wrong subnet.

正解: C

解説:
The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address. With this on the same network, intermittent connectivity will be inevitable as along as the gateway remains unreachable on the IP known by the others machines on the network, and given that the new machine claiming to be the gateway has not been configured to route traffic.

 

質問 32
A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2012 Std
3389/tcp open ssl/ms-wbt-server
| rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00
8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

• A. nmap --script vuln -sV 192.168.53.23
• B. curl -X TRACE https://192.168.53.23:8443/index.aspx
• C. smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 -U guest
• D. ftp 192.168.53.23
• E. ncrack -u Administrator -P 15worst_passwords.txt -p rdp 192.168.53.23

正解: D

 

質問 33
A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

• A. Whether the cloud applications were developed using a secure SDLC
• B. Whether the client's employees are trained properly to use the platform
• C. Whether sensitive client data is publicly accessible
• D. Whether the connection between the cloud and the client is secure

正解: C

 

質問 34
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

• A. Bill of materials including supplies, subcontracts, and costs incurred during assessment
• B. Quantitative impact assessments given a successful software compromise
• C. Code context for instances of unsafe type-casting operations
• D. Executive summary of the penetration-testing methods used

正解: B

 

質問 35
A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

• A. Set the SGID on all files in the / directory
• B. Find the /root directory on the system
• C. Find files that were created during exploitation and move them to /dev/null
• D. Find files with the SUID bit set

正解: D

解説:
the 2>/dev/null is output redirection, it simply sends all the error messages to infinity and beyond preventing any error messages to appear in the terminal session.

 

質問 36
A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

• A. Set the TTL of ping packets for stealth.
• B. Scan the system on the most used ports.
• C. Determine active hosts on the network.
• D. Fill the ARP table of the networked devices.

正解: C

 

質問 37
A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

• A. Set the TTL of ping packets for stealth.
• B. Scan the system on the most used ports.
• C. Determine active hosts on the network.
• D. Fill the ARP table of the networked devices.

正解: C

 

質問 38
A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

• A. Download the smb.conf file and look at configurations
• B. Edit the discovered file with one line of code for remote callback
• C. Edit the smb.conf file and upload it to the server
• D. Download .pl files and look for usernames and passwords

正解: C

 

質問 39
A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

• A. Attempting to tailgate an employee going into the client's workplace
• B. Using a brute-force attack against the external perimeter to gain a foothold
• C. Dropping a malicious USB key with the company's logo in the parking lot
• D. Performing spear phishing against employees by posing as senior management

正解: D

 

質問 40
A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

• A. The web server is using HTTPS instead of HTTP.
• B. The tester did not run sudo before the command.
• C. The HTTP port is not open on the firewall.
• D. This URI returned a server error.

正解: C

 

質問 41
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

• A. Scheduling of follow-up actions and retesting
• B. Review of the lessons learned during the engagement
• C. Attestation of findings and delivery of the report
• D. Acceptance by the client and sign-off on the final report

正解: C

 

質問 42
Which of the following are the MOST important items to include in the final report for a penetration test?
(Choose two.)

• A. The vulnerability identifier
• B. The CVSS score of the finding
• C. The tool used to find the issue
• D. The network location of the vulnerable device
• E. The name of the person who found the flaw
• F. The client acceptance form

正解: A,C

 

質問 43
A penetration tester obtained the following results after scanning a web server using the dirb utility:
...
GENERATED WORDS: 4612
----
Scanning URL: http://10.2.10.13/ ----
+
http://10.2.10.13/about (CODE:200|SIZE:1520)
+
http://10.2.10.13/home.html (CODE:200|SIZE:214)
+
http://10.2.10.13/index.html (CODE:200|SIZE:214)
+
http://10.2.10.13/info (CODE:200|SIZE:214)
...
DOWNLOADED: 4612 - FOUND: 4
Which of the following elements is MOST likely to contain useful information for the penetration tester?

• A. info
• B. index.html
• C. about
• D. home.html

正解: C

 

質問 44
A penetration tester is exploring a client's website. The tester performs a curl command and obtains the following:
* Connected to 10.2.11.144 (::1) port 80 (#0)
> GET /readmine.html HTTP/1.1
> Host: 10.2.11.144
> User-Agent: curl/7.67.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< Date: Tue, 02 Feb 2021 21:46:47 GMT
< Server: Apache/2.4.41 (Debian)
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>WordPress &#8250; ReadMe</title>
<link rel="stylesheet" href="wp-admin/css/install.css?ver=20100228" type="text/css" />
</head>
Which of the following tools would be BEST for the penetration tester to use to explore this site further?

• A. OWASP ZAP
• B. WPScan
• C. Burp Suite
• D. DirBuster

正解: C

 

質問 45
Which of the following describe the GREATEST concerns about using third-party open-source libraries in application code? (Choose two.)

• A. The provenance of code is unknown
• B. The libraries may break the application
• C. The libraries may be vulnerable
• D. The licensing of software is ambiguous
• E. The libraries may be unsupported
• F. The libraries' code bases could be read by anyone

正解: C,F

 

質問 46
A penetration tester conducted a vulnerability scan against a client's critical servers and found the following:

Which of the following would be a recommendation for remediation?

• A. Implement a patch management plan
• B. Configure access controls on each of the servers
• C. Utilize the secure software development life cycle
• D. Deploy a user training program

正解: A

 

質問 47
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

• A. Ping of death
• B. Smurf
• C. Fraggle
• D. Ping flood

正解: B

 

質問 48
A penetration tester was able to gather MD5 hashes from a server and crack the hashes easily with rainbow tables.
Which of the following should be included as a recommendation in the remediation report?

• A. Encryption on the user passwords
• B. Access controls on the server
• C. A patch management program
• D. Stronger algorithmic requirements

正解: A

 

質問 49
......

合格率 取得する秘訣はPT0-002認定試験エンジンPDF：https://www.jpntest.com/shiken/PT0-002-mondaishu