[2025年03月12日]PT0-002試験問題集PDF正確率保証と更新された問題
合格させるPT0-002試験にはリアルテストエンジンPDFには460問題あります
質問 # 88
A penetration tester is cleaning up and covering tracks at the conclusion of a penetration test. Which of the following should the tester be sure to remove from the system? (Choose two.)
- A. ARP cache
- B. Created user accounts
- C. Server logs
- D. Reboot system
- E. Spawned shells
- F. Administrator accounts
正解:B、E
解説:
Explanation
Removing shells: Remove any shell programs installed when performing
the pentest.
Removing tester-created credentials:
created during the pentest. This includes backdoor accounts.
Removing tools: Remove any software tools that were installed on the
customer's systems that were used to aid in the exploitation of systems.
質問 # 89
The following line-numbered Python code snippet is being used in reconnaissance:
Which of the following line numbers from the script MOST likely contributed to the script triggering a
"probable port scan" alert in the organization's IDS?
- A. Line 02
- B. Line 07
- C. Line 01
- D. Line 08
正解:D
質問 # 90
A penetration tester will be performing a vulnerability scan as part of the penetration test on a client's website. The tester plans to run several Nmap scripts that probe for vulnerabilities while avoiding detection. Which of the following Nmap options will the penetration tester MOST likely utilize?
- A. -sn
- B. -O -A
- C. --script "http*vuln*"
- D. -a8 -T0
正解:C
解説:
Nmap is a tool that can perform network scanning and enumeration by sending packets to hosts and analyzing their responses. The command Nmap -p 445 -n -T4 --open 172.21.0.0/16 would scan for SMB port 445 over a /16 network with the following options:
-p 445 specifies the port number to scan.
-n disables DNS resolution, which can speed up the scan by avoiding unnecessary queries.
-T4 sets the timing template to aggressive, which increases the speed of the scan by sending packets faster and waiting less for responses.
-open only shows hosts that have open ports, which can reduce the output and focus on relevant results. The other commands are not optimal for scanning SMB port 445 over a /16 network when stealth is not a concern and the task is time sensitive.
質問 # 91
After running the enum4linux.pl command, a penetration tester received the following output:
Which of the following commands should the penetration tester run NEXT?
- A. smbget //192.168.100.56/web -U ''
- B. smbspool //192.160.100.56/print$
- C. smbclient //192.168.100.56/web -U '' -N
- D. net rpc share -S 192.168.100.56 -U ''
正解:C
解説:
A vulnerability scan is a type of assessment that helps to identify vulnerabilities in a network or system. It scans systems for potential vulnerabilities, misconfigurations, and outdated software. Based on the output from a vulnerability scan, a penetration tester can identify vulnerabilities that may be exploited to gain access to a system. In this scenario, the output from the penetration testing tool shows that 100 hosts contained findings due to improper patch management. This indicates that the vulnerability scan detected vulnerabilities that could have been prevented through proper patch management. Therefore, the most likely test performed by the penetration tester is a vulnerability scan.
質問 # 92
A penetration tester gains access to a system and is able to migrate to a user process:
Given the output above, which of the following actions is the penetration tester performing? (Choose two.)
- A. Setting up a reverse shell from a remote system
- B. Building a scheduled task for execution
- C. Creating a new process on all domain systems
- D. Executing a file on the remote system
- E. Mapping a share to a remote system
- F. Redirecting output from a file to a remote system
- G. Adding an additional IP address on the compromised system
正解:D、E
解説:
WMIC.exe is a built-in Microsoft program that allows command-line access to the Windows Management Instrumentation. Using this tool, administrators can query the operating system for detailed information about installed hardware and Windows settings, run management tasks, and even execute other programs or commands.
質問 # 93
ion tester is attempting to get more people from a target company to download and run an executable. Which of the following would be the.. :tive way for the tester to achieve this objective?
- A. Saving the file in a common folder with a name that encourages people to click it
- B. Sending a pretext email from the IT department before sending the download instructions later
- C. Attaching the file in a phishing SMS that warns users to execute the file or they will be locked out of their accounts
- D. Dropping USB flash drives around the company campus with the file on it
正解:B
解説:
The most effective way for the tester to achieve this objective is to send a pretext email from the IT department before sending the download instructions later. A pretext email is an email that uses deception or impersonation to trick users into believing that it is from a legitimate source or authority, such as the IT department. A pretext email can be used to establish trust or rapport with the users, and then persuade them to perform an action or provide information that benefits the attacker. In this case, the tester can send a pretext email from the IT department that informs users about an important update or maintenance task that requires them to download and run an executable file later. The tester can then send another email with the download instructions and attach or link to the malicious executable file. The users may be more likely to follow these instructions if they have received a prior email from the IT department that prepared them for this action. The other options are not as effective ways for the tester to achieve this objective. Dropping USB flash drives around the company campus with the file on it may not reach many users, as they may not find or pick up the USB flash drives, or they may be suspicious of their origin or content.
質問 # 94
A penetration tester is conducting an assessment of an organization that has both a web and mobile application. While testing the user profile page, the penetration tester notices that additional data is returned in the API response, which is not displayed in the web user interface. Which of the following is the most effective technique to extract sensitive user data?
- A. Compare the API response fields to GUI fields looking for PH.
- B. Compare PI I from data leaks to publicly exposed user profiles.
- C. Target the user profile page with a reflected XSS attack.
- D. Target the user profile page with a denial-of-service attack.
正解:A
解説:
When additional data is returned in the API response that is not displayed in the web user interface, it indicates that there might be sensitive data being transmitted that is not intended for user display. By comparing the fields returned in the API response to those that are visible in the GUI, a penetration tester can identify any Personally Identifiable Information (PII) or other sensitive data that might be exposed unintentionally. This method is direct and does not involve attacking the system but rather analyzing the data being transmitted. The other options do not directly address the identification of sensitive data in API responses.
質問 # 95
A penetration tester has obtained root access to a Linux-based file server and would like to maintain persistence after reboot. Which of the following techniques would BEST support this objective?
- A. Obtain /etc/shadow and brute force the root password.
- B. Create a one-shot system service to establish a reverse shell.
- C. Run the nc -e /bin/sh <...> command.
- D. Move laterally to create a user account on LDAP
正解:B
解説:
Explanation
https://hosakacorp.net/p/systemd-user.html
質問 # 96
A penetration tester is evaluating a company's network perimeter. The tester has received limited information about defensive controls or countermeasures, and limited internal knowledge of the testing exists. Which of the following should be the FIRST step to plan the reconnaissance activities?
- A. Check WHOIS and netblock records for the company.
- B. Launch an external scan of netblocks.
- C. Conduct a ping sweep of the company's netblocks.
- D. Use DNS lookups and dig to determine the external hosts.
正解:D
質問 # 97
A penetration tester is conducting an authorized, physical penetration test to attempt to enter a client's building during non-business hours. Which of the following are MOST important for the penetration tester to have during the test? (Choose two.)
- A. The paperwork documenting the engagement
- B. A dedicated point of contact at the client
- C. A mask and personal protective equipment
- D. Knowledge of the building's normal business hours
- E. Caution tape for marking off insecure areas
- F. A handheld RF spectrum analyzer
正解:A、B
解説:
Always carry the contact information and any documents stating that you are approved to do this.
質問 # 98
After gaining access to a Linux system with a non-privileged account, a penetration tester identifies the following file:
Which of the following actions should the tester perform FIRST?
- A. Cover tracks.
- B. Change the file permissions.
- C. Start a reverse shell.
- D. Use privilege escalation.
正解:D
解説:
Explanation
The file .scripts/daily_log_backup.sh has permissions set to 777, meaning that anyone can read, write, or execute the file. Since it's owned by the root user and the penetration tester has access to the system with a non-privileged account, this could be a potential avenue for privilege escalation. In a penetration test, after finding such a file, the tester would likely want to explore it and see if it can be leveraged to gain higher privileges. This is often done by inserting malicious code or commands into the script if it's being executed with higher privileges, such as root in this case.
質問 # 99
A penetration tester managed to exploit a vulnerability using the following payload:
IF (1=1) WAIT FOR DELAY '0:0:15'
Which of the following actions would best mitigate this type ol attack?
- A. Parameterizing queries
- B. Encoding output
- C. Encrypting passwords
- D. Sanitizing HTML
正解:A
解説:
The payload used by the penetration tester is a type of blind SQL injection attack that delays the response of the database by 15 seconds if the condition is true. This can be used to extract information from the database by asking a series of true or false questions. To prevent this type of attack, the best practice is to use parameterized queries, which separate the user input from the SQL statement and prevent the injection of malicious code. Encrypting passwords, encoding output, and sanitizing HTML are also good security measures, but they do not directly address the SQL injection vulnerability. References:
* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 5: Attacks and Exploits, Section 5.2: Perform Network Attacks, Subsection: SQL Injection, p. 235-237
* Blind SQL Injection | OWASP Foundation, Description and Examples sections
* Time-Based Blind SQL Injection Attacks, Introduction and Microsoft SQL Server sections
質問 # 100
A
penetration tester found the following valid URL while doing a manual assessment of a web application:
http://www.example.com/product.php?id=123987.
Which of the following automated tools would be best to use NEXT to try to identify a vulnerability in this URL?
- A. SQLmap
- B. Nikto
- C. Nessus
- D. DirBuster
正解:C
質問 # 101
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)
- A. SQL injection
- B. Log poisoning
- C. Cross-site scripting
- D. Command injection
- E. Server-side request forgery
- F. Cross-site request forgery
正解:B、D
解説:
Local File Inclusion (LFI) is a web vulnerability that allows an attacker to include files on a server through the web browser. This can expose sensitive information or lead to remote code execution.
Some possible next steps that a penetration tester can try after exploiting an LFI vulnerability are:
* Log poisoning: This involves injecting malicious code into the web server's log files and then including them via LFI to execute the code34.
* PHP wrappers: These are special streams that can be used to manipulate files or data via LFI. For example, php://input can be used to pass arbitrary data to an LFI script, or php://filter can be used to encode or decode files5.
質問 # 102
In a standard engagement, a post-report document is provided outside of the report. This document:
* Does not contain specific findings
* Exposes vulnerabilities
* Can be shared publicly with outside parties that do not have an in-depth understanding about the client's network
Which of the following documents is described?
- A. Findings report
- B. Executive summary
- C. Attestation letter
- D. Non-disclosure agreement
正解:C
質問 # 103
......
CompTIA PT0-002 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
CompTIA PT0-002 試験には、最大85の問題が含まれており、複数選択肢と実践的な問題が組み合わされています。候補者は、最低900点中750点以上のスコアを獲得する必要があります。試験時間は165分で、登録料は359ドルです。試験は、世界中のPearson VUEテストセンターで受験することができ、英語、日本語、ポルトガル語で利用可能です。
最新をゲットせよ!PT0-002認定練習テスト問題試験問題集:https://www.passtest.jp/CompTIA/PT0-002-shiken.html
リアルPT0-002試験問題集解答で有効なPT0-002問題集PDF:https://drive.google.com/open?id=1RoL39IrhXp_OQ2bwbXppU4tWAF1FBxQk