Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. PT0-002

Free CompTIA PT0-002 Exam Braindumps (page: 69)

Page 19 of 131
PDF with 520 Questions

A penetration tester downloaded a Java application file from a compromised web server and identifies how to invoke it by looking at the following log:
Which of the following is the order of steps the penetration tester needs to follow to validate whether the Java application uses encryption over sockets?

  1. Run an application vulnerability scan and then identify the TCP ports used by the application.
  2. Run the application attached to a debugger and then review the application's log.
  3. Disassemble the binary code and then identify the break points.
  4. Start a packet capture with Wireshark and then run the application.

Answer(s): D



When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

  1. security compliance regulations or laws may be violated.
  2. testing can make detecting actual APT more challenging.
  3. testing adds to the workload of defensive cyber- and threat-hunting teams.
  4. business and network operations may be impacted.

Answer(s): D



A company uses a cloud provider with shared network bandwidth to host a web application on dedicated servers. The company's contact with the cloud provider prevents any activities that would interfere with the cloud provider's other customers. When engaging with a penetration-testing company to test the application, which of the following should the company avoid?

  1. Crawling the web application's URLs looking for vulnerabilities
  2. Fingerprinting all the IP addresses of the application's servers
  3. Brute forcing the application's passwords
  4. Sending many web requests per second to test DDoS protection

Answer(s): D



A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)

  1. Spawned shells
  2. Created user accounts
  3. Server logs
  4. Administrator accounts
  5. Reboot system
  6. ARP cache

Answer(s): A,B






Post your Comments and Discuss CompTIA PT0-002 exam prep with other Community members:

PT0-002 Exam Discussions & Posts