CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT0-002

Free PT0-002 Exam Braindumps (page: 12)

Page 12 of 131
PDF with 520 Questions

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.
Which of the following Nmap scan syntaxes would BEST accomplish this objective?

  1. nmap -sT -vvv -O 192.168.1.2/24 -PO
  2. nmap -sV 192.168.1.2/24 -PO
  3. nmap -sA -v -O 192.168.1.2/24
  4. nmap -sS -O 192.168.1.2/24 -T1

Answer(s): D


Reference:

https://nmap.org/book/man-port-scanning-techniques.html



A penetration tester has gained access to a network device that has a previously unknown IP range on an interface. Further research determines this is an always-on VPN tunnel to a third-party supplier.
Which of the following is the BEST action for the penetration tester to take?

  1. Utilize the tunnel as a means of pivoting to other internal devices.
  2. Disregard the IP range, as it is out of scope.
  3. Stop the assessment and inform the emergency contact.
  4. Scan the IP range for additional systems to exploit.

Answer(s): C



A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?

  1. Phishing
  2. Tailgating
  3. Baiting
  4. Shoulder surfing

Answer(s): C


Reference:

https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats



A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary data. The penetration testers have been given an internal network starting position.
Which of the following actions, if performed, would be ethical within the scope of the assessment?

  1. Exploiting a configuration weakness in the SQL database
  2. Intercepting outbound TLS traffic
  3. Gaining access to hosts by injecting malware into the enterprise-wide update server
  4. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
  5. Establishing and maintaining persistence on the domain controller

Answer(s): A






Post your Comments and Discuss CompTIA PT0-002 exam with other Community members:

PT0-002 Exam Discussions & Posts