CompTIA PT0-002 시험

Question No : 1

A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself .
Which of the following vulnerabilities has the tester exploited?

• A.Cross-site request forgery
• B.Server-side request forgery
• C.Remote file inclusion
• D.Local file inclusion

답을 확인하기

정답:
Explanation:
Reference: https://owasp.org/www-community/attacks/Server_Side_Request_Forgery

Question No : 2

A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address .
Which of the following BEST describes what happened?

• A.The penetration tester was testing the wrong assets
• B.The planning process failed to ensure all teams were notified
• C.The client was not ready for the assessment to start
• D.The penetration tester had incorrect contact information

답을 확인하기

정답:

Question No : 3

A penetration tester runs a scan against a server and obtains the following output:
21/tcp open ftp Microsoft ftpd
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| 03-12-20 09:23AM 331 index.aspx
| ftp-syst:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Microsoft Windows Server 2012 Std 3389/tcp open ssl/ms-wbt-server | rdp-ntlm-info:
| Target Name: WEB3
| NetBIOS_Computer_Name: WEB3
| Product_Version: 6.3.9600
|_ System_Time: 2021-01-15T11:32:06+00:00 8443/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: IIS Windows Server
Which of the following command sequences should the penetration tester try NEXT?

• A.ftp 192.168.53.23
• B.smbclient \\\\WEB3\\IPC$ -I 192.168.53.23 CU guest
• C.ncrack Cu Administrator CP 15worst_passwords.txt Cp rdp 192.168.53.23
• D.curl CX TRACE https://192.168.53.23:8443/index.aspx
• E.nmap C-script vuln CsV 192.168.53.23

답을 확인하기

정답:

Question No : 4

A compliance-based penetration test is primarily concerned with:

• A.obtaining Pll from the protected network.
• B.bypassing protection on edge devices.
• C.determining the efficacy of a specific set of security standards.
• D.obtaining specific information from the protected network.

답을 확인하기

정답:

Question No : 5

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache .
Which of the following commands will accomplish this task?

• A.nmap Cf CsV Cp80 192.168.1.20
• B.nmap CsS CsL Cp80 192.168.1.20
• C.nmap CA CT4 Cp80 192.168.1.20
• D.nmap CO Cv Cp80 192.168.1.20

답을 확인하기

정답:
Explanation:
Reference: https://nmap.org/book/man-version-detection.html

Question No : 6

A penetration tester ran a ping CA command during an unknown environment test, and it returned a 128 TTL packet .
Which of the following OSs would MOST likely return a packet of this type?

• A.Windows
• B.Apple
• C.Linux
• D.Android

답을 확인하기

정답:
Explanation:
Reference: https://www.freecodecamp.org/news/how-to-identify-basic-internet-problems-with-ping/

Question No : 7

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift .
Which of the following social-engineering attacks was the tester utilizing?

• A.Phishing
• B.Tailgating
• C.Baiting
• D.Shoulder surfing

답을 확인하기

정답:
Explanation:
Reference: https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats

Question No : 8

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:



However, when the penetration tester tried to browse the URL
http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

• A.The HTTP port is not open on the firewall.
• B.The tester did not run sudo before the command.
• C.The web server is using HTTPS instead of HTT
• D.This URI returned a server error.

답을 확인하기

정답:

Question No : 9

A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations .
Which of the following are considered passive reconnaissance tools? (Choose two.)

• A.Wireshark
• B.Nessus
• C.Retina
• D.Burp Suite
• E.Shodan
• F.Nikto

답을 확인하기

정답:
Explanation:
Reference: https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

Question No : 10

A penetration tester received a .pcap file to look for credentials to use in an engagement.
Which of the following tools should the tester utilize to open and read the .pcap file?

• A.Nmap
• B.Wireshark
• C.Metasploit
• D.Netcat

답을 확인하기

정답:

Question No : 11

A penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP .
Which of the following steps should the tester take NEXT?

• A.Send deauthentication frames to the stations.
• B.Perform jamming on all 2.4GHz and 5GHz channels.
• C.Set the malicious AP to broadcast within dynamic frequency selection channels.
• D.Modify the malicious AP configuration to not use a pre-shared key.

답을 확인하기

정답:

Question No : 12

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources .
Which of the following attack types is MOST concerning to the company?

• A.Data flooding
• B.Session riding
• C.Cybersquatting
• D.Side channel

답을 확인하기

정답:
Explanation:
Reference: https://www.iotcentral.io/blog/the-top-cloud-computing-vulnerabilities-and-threats

Question No : 13

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host .
Which of the following utilities would BEST support this objective?

• A.Socat
• B.tcpdump
• C.Scapy
• D.dig

답을 확인하기

정답:
Explanation:
Reference: https://unix.stackexchange.com/QUESTION NO:s/520348/using-socat-how-to-send-to-and-receive-from-a- public-dns-server

Question No : 14

A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines .
Which of the following documents could hold the penetration tester accountable for this action?

• A.ROE
• B.SLA
• C.MSA
• D.NDA

답을 확인하기

정답:

Question No : 15

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data .
Which of the following should the tester do with this information to make this a successful exploit?

• A.Perform XS
• B.Conduct a watering-hole attack.
• C.Use BeE
• D.Use browser autopwn.

답을 확인하기

정답: