• ホーム
  • ブログ
  • PT0-002認定お試し[2025年04月21日] 最新PT0-002のPDF問題集 [Q10-Q33]

PT0-002認定お試し[2025年04月21日] 最新PT0-002のPDF問題集 [Q10-Q33]

Share

PT0-002認定お試し[2025年04月21日] 最新PT0-002のPDF問題集

ベストCompTIA PT0-002学習ガイドと問題集でof2025年更新

質問 # 10
A penetration tester who is doing a company-requested assessment would like to send traffic to another system using double tagging. Which of the following techniques would BEST accomplish this goal?

  • A. RFID tagging
  • B. RFID cloning
  • C. Meta tagging
  • D. Tag nesting

正解:D

解説:
since vlan hopping requires 2 vlans to be nested in a single packet. Double tagging occurs when an attacker adds and modifies tags on an Ethernet frame to allow the sending of packets through any VLAN. This attack takes advantage of how many switches process tags. Most switches will only remove the outer tag and forward the frame to all native VLAN ports. With that said, this exploit is only successful if the attacker belongs to the native VLAN of the trunk link. https://cybersecurity.att.com/blogs/security-essentials/vlan-hopping-and-mitigation


質問 # 11
A penetration tester is performing reconnaissance for a web application assessment. Upon investigation, the tester reviews the robots.txt file for items of interest.
INSTRUCTIONS
Select the tool the penetration tester should use for further investigation.
Select the two entries in the robots.txt file that the penetration tester should recommend for removal.

正解:

解説:


質問 # 12
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

  • A. The web server is using a WAF.
  • B. The web server is redirecting the requests.
  • C. The web server is behind a load balancer.
  • D. The local antivirus on the web server Is rejecting the connection.

正解:A

解説:
Explanation
A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.


質問 # 13
A penetration tester is looking for a particular type of service and obtains the output below:
I Target is synchronized with 127.127.38.0 (reference clock)
I Alternative Target Interfaces:
I 10.17.4.20
I Private Servers (0)
I Public Servers (0)
I Private Peers (0)
I Public Peers (0)
I Private Clients (2)
I 10.20.8.69 169.254.138.63
I Public Clients (597)
I 4.79.17.248 68.70.72.194 74.247.37.194 99.190.119.152
I 12.10.160.20 68.80.36.133 75.1.39.42 108.7.58.118
I 68.56.205.98
I 2001:1400:0:0:0:0:0:1 2001:16d8:ddOO:38:0:0:0:2
I 2002:db5a:bccd:l:21d:e0ff:feb7:b96f 2002:b6ef:81c4:0:0:1145:59c5:3682
I Other Associations (1)
|_ 127.0.0.1 seen 1949869 times, last tx was unicast v2 mode 7
Which of the following commands was executed by the tester?

  • A. nmap -sU -pU:517 -Pn -n -script=supermicro-ipmi-config <target>
  • B. nmap -sU -pU:123 -Pn -n -script=ntp-monlist <target>
  • C. nmap -sU -pU:161 -Pn -n -script=voldemort-info <target>
  • D. nmap -sU -pU:37 -Pn -n -script=icap-info <target>

正解:B

解説:
The output provided indicates the use of the NTP protocol (Network Time Protocol) for querying a target system. The reference to "Public Clients" and the specific IP addresses listed, along with the mention of "Other Associations" and the use of NTP version 2, points towards the execution of an NTP monlist request. The monlist feature in NTP servers can be used to obtain a list of the last 600 hosts that have interacted with the NTP server. The command nmap -sU -pU:123 -Pn -n -script=ntp-monlist <target> specifically targets NTP servers on UDP port 123 to retrieve this information, making it the correct choice based on the output shown.


質問 # 14
Which of the following assessment methods is the most likely to cause harm to an ICS environment?

  • A. Ping sweep
  • B. Protocol reversing
  • C. Active scanning
  • D. Packet analysis

正解:C

解説:
Active scanning is the process of sending probes or packets to a target system or network and analyzing the responses to gather information or identify vulnerabilities. Active scanning can be intrusive and disruptive, especially in an ICS environment, where availability and reliability are critical. Active scanning can cause unintended consequences, such as triggering alarms, shutting down devices, or affecting physical processes. Therefore, active scanning is the most likely to cause harm to an ICS environment among the given options. Reference:
* The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 72-73.
* The Official CompTIA PenTest+ Student Guide (Exam PT0-002) eBook1, Chapter 2: Conducting Passive Reconnaissance, page 2-20.
* Risk Assessment Standards for ICS Environments2, page 8.


質問 # 15
During an engagement, a penetration tester found the following list of strings inside a file:

Which of the following is the BEST technique to determine the known plaintext of the strings?

  • A. Brute-force attack
  • B. Credential-stuffing attack
  • C. Dictionary attack
  • D. Rainbow table attack

正解:D


質問 # 16
During an assessment, a penetration tester found a suspicious script that could indicate a prior compromise.
While reading the script, the penetration tester noticed the following lines of code:

Which of the following was the script author trying to do?

  • A. List processes.
  • B. Disable NIC.
  • C. Change the MAC address
  • D. Spawn a local shell.

正解:D

解説:
The script author was trying to spawn a local shell by using the os.system() function, which executes a command in a subshell. The command being executed is "/bin/bash", which is the path to the bash shell, a common shell program on Linux systems. The script author may have wanted to spawn a local shell to gain more control or access over the compromised system, or to execute other commands that are not possible in the original shell. The other options are not plausible explanations for what the script author was trying to do.


質問 # 17
During an assessment, a penetration tester was able to access the organization's wireless network from outside of the building using a laptop running Aircrack-ng. Which of the following should be recommended to the client to remediate this issue?

  • A. Using WEP encryption
  • B. Using directional antennae
  • C. Changing to Wi-Fi equipment that supports strong encryption
  • D. Disabling Wi-Fi

正解:C

解説:
If a penetration tester was able to access the organization's wireless network from outside of the building using Aircrack-ng, then it means that the wireless network was not secured with strong encryption or authentication methods. Aircrack-ng is a tool that can crack weak wireless encryption schemes such as WEP or WPA-PSK using various techniques such as packet capture, injection, replay, and brute force. To remediate this issue, the client should change to Wi-Fi equipment that supports strong encryption such as WPA2 or WPA3, which are more resistant to cracking attacks. Using directional antennae may reduce the signal range of the wireless network, but it would not prevent an attacker who is within range from cracking the encryption. Using WEP encryption is not a good recommendation, as WEP is known to be insecure and vulnerable to Aircrack-ng attacks. Disabling Wi-Fi may eliminate the risk of wireless attacks, but it would also eliminate the benefits of wireless connectivity for the organization.


質問 # 18
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. PowerShell requires administrative privilege.
  • B. The command requires the -port 135 option.
  • C. The tester input the incorrect IP address.
  • D. An account for RDP does not exist on the server.

正解:D


質問 # 19
A penetration tester finds a PHP script used by a web application in an unprotected internal source code repository. After reviewing the code, the tester identifies the following:

Which of the following combinations of tools would the penetration tester use to exploit this script?

  • A. Hydra and crunch
  • B. Burp Suite and DIRB
  • C. Netcat and cURL
  • D. Nmap and OWASP ZAP

正解:C


質問 # 20
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

Which of the following should the penetration tester do NEXT?

  • A. Contact the client immediately.
  • B. Close the reverse shell the tester is using.
  • C. Investigate the high numbered port connections.
  • D. Note this finding for inclusion in the final report.

正解:C

解説:
The image shows the output of the netstat -antu command, which displays active internet connections for the TCP and UDP protocols. The output shows that there are four established TCP connections and two listening UDP connections on the host. The established TCP connections have high numbered ports as their local addresses, such as 49152, 49153, 49154, and 49155. These ports are in the range of ephemeral ports, which are dynamically assigned by the operating system for temporary use by applications or processes. The foreign addresses of these connections are also high numbered ports, such as 4433, 4434, 4435, and 4436. These ports are not well-known or registered ports for any common service or protocol. The combination of high numbered ports for both local and foreign addresses suggests that these connections are suspicious and may indicate a backdoor or a covert channel on the host. Therefore, the penetration tester should investigate these connections next to determine their nature and purpose. The other options are not appropriate actions for the penetration tester at this stage.


質問 # 21
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

  • A. w3af
  • B. OWASP ZAP
  • C. SQLmap
  • D. DirBuster

正解:B


質問 # 22
A penetration tester fuzzes an internal server looking for hidden services and applications and obtains the following output:

Which of the following is the most likely explanation for the output?

  • A. The tester does not have credentials to access the server-status page.
  • B. The robots.txt file has six entries in it.
  • C. The admin, test, and db directories redirect to the log-in page.
  • D. The admin directory cannot be fuzzed because it is forbidden.

正解:C

解説:
The output of the fuzzing tool shows that the admin, test, and db directories have the same size, words, and lines as the login page, which indicates that they are redirecting to the login page. This means that the tester cannot access these directories without valid credentials. The server-status page returns a 403 Forbidden status code, which means that the tester does not have permission to access it. The robots.txt file returns a 404 Not Found status code, which means that the file does not exist on the server. References:
*The Official CompTIA PenTest+ Study Guide (Exam PT0-002), Chapter 2: Conducting Passive Reconnaissance, page 77-78.
*101 Labs - CompTIA PenTest+: Hands-on Labs for the PT0-002 Exam, Lab 2.3: Fuzzing Web Applications, page 69-70.


質問 # 23
Which of the following documents would be the most helpful in determining who is at fault for a temporary outage that occurred during a penetration test?

  • A. Executive summary
  • B. Non-disclosure agreement
  • C. Assessment scope and methodologies
  • D. Business associate agreement

正解:C

解説:
The assessment scope and methodologies document defines the objectives, boundaries, rules of engagement, and expected outcomes of a penetration testing engagement. It also specifies the roles and responsibilities of the testers and the clients, as well as the communication channels and escalation procedures. This document can help determine who is at fault for a temporary outage that occurred during a penetration test, as it can clarify whether the outage was within the agreed scope and methodologies, or whether it was caused by a violation of the rules of engagement or a lack of coordination. References:
*CompTIA PenTest+ Certification Exam Objectives, Domain 1.0 Planning and Scoping, Objective 1.1: Given a scenario, explain the importance of scoping an engagement properly.
*The Official CompTIA PenTest+ Instructor and Student Guides (PT0-002), Lesson 1: Planning and Scoping Penetration Tests, Topic 1.1: Introduction to Penetration Testing Concepts, Topic 1.2: The Penetration Testing Process, Topic 1.3: Planning and Scoping Penetration Tests.


質問 # 24
A penetration tester has found indicators that a privileged user's password might be the same on 30 different Linux systems. Which of the following tools can help the tester identify the number of systems on which the password can be used?

  • A. John the Ripper
  • B. Hydra
  • C. Cain and Abel
  • D. Medusa

正解:D

解説:
Explanation
Both Hydra and Medusa can be used for that same purpose:
THC Hydra is a brute-force cracking tool for remote authentication services. It supports many protocols, including telnet, FTP, LDAP, SSH, SNMP, and others.
Medusa is a Parallel, Modular and Speedy method for brute-force which issued for remote authentication. Following are the applications and protocols like modular design, Thread based parallel testing and flexible user input and protocols are AFP, CVS, FTP, HTTP, IMAP etc.


質問 # 25
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)

  • A. Injection flaws
  • B. Ransomware attacks
  • C. Cross-site scripting
  • D. Zero-day attacks
  • E. Race-condition attacks
  • F. Buffer overflows

正解:A、C

解説:
A01-Injection
A02-Broken Authentication
A03-Sensitive Data Exposure
A04-XXE
A05-Broken Access Control
A06-Security Misconfiguration
A07-XSS
A08-Insecure Deserialization
A09-Using Components with Known Vulnerabilities
A10-Insufficient Logging & Monitoring
Reference: https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf Cross-site scripting (XSS) and injection flaws are two of the web-application security risks that are part of the OWASP Top 10 v2017 list. XSS is a type of attack that injects malicious scripts into web pages or applications that are viewed by other users, resulting in compromised sessions, stolen cookies, or redirected browsers. Injection flaws are a type of attack that exploits a vulnerability in an application's data input or output, such as SQL injection, command injection, or LDAP injection, resulting in unauthorized access, data loss, or remote code execution. The other options are not part of the OWASP Top 10 v2017 list.


質問 # 26
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. MP4 steganography
  • B. PsExec
  • C. Alternate data streams
  • D. PowerShell modules

正解:D

解説:
Explanation
"Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools."


質問 # 27
An Nmap scan of a network switch reveals the following:

Which of the following technical controls will most likely be the FIRST recommendation for this device?

  • A. Multifactor authentication
  • B. System-hardening techniques
  • C. Network segmentation
  • D. Encrypted passwords

正解:B


質問 # 28
An external consulting firm is hired to perform a penetration test and must keep the confidentiality of the security vulnerabilities and the private data found in a customer's systems. Which of the following documents addresses this requirement?

  • A. NDA
  • B. SLA
  • C. ROE
  • D. MOU

正解:A


質問 # 29
During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:
nmap -sX -T4 -p 21-25, 67, 80, 139, 8080 192.168.11.191
The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

  • A. All of the ports in the target range are closed.
  • B. All of the ports in the target range are open
  • C. Nmap needs more time to scan the ports in the target range.
  • D. The ports in the target range cannot be scanned because they are common UDP ports.

正解:A

解説:
The Nmap command uses the Xmas scan technique, which sends packets with the FIN, PSH, and URG flags set. This is an attempt to bypass firewall rules and elicit a response from open ports. However, if the target responds with an RST packet, it means that the port is closed. Open ports will either ignore the Xmas scan packets or send back an ACK packet. Therefore, the information most likely indicates that all of the ports in the target range are closed. References: [Nmap Scan Types], [Nmap Port Scanning Techniques], [CompTIA PenTest+ Study Guide: Exam PT0-002, Chapter 4: Conducting Passive Reconnaissance, page 127]


質問 # 30
A penetration tester uses Hashcat to crack hashes discovered during a penetration test and obtains the following output:
ad09cd16529b5f5a40a3e15344e57649f4a43a267a97f008af01af803603c4c8 : Summer2023 !!
7945bb2bb08731fc8d57680ffa4aefec91c784d231de029c610b778eda5ef48b:p@ssWord123
ea88ceab69cb2fb8bdcf9ef4df884af219fffbffab473ec13f20326dc6f84d13: Love-You999
Which of the following is the best way to remediate the penetration tester's discovery?

  • A. Setting the minimum password length to ten characters
  • B. Implementing a blocklist of known bad passwords
  • C. Encrypting the passwords with a stronger algorithm
  • D. Requiring passwords to follow complexity rules

正解:B

解説:
The penetration tester's discovery of passwords vulnerable to hash cracking suggests a lack of robust password policies within the organization. Among the options provided, implementing a blocklist of known bad passwords is the most effective immediate remediation. This measure would prevent users from setting passwords that are easily guessable or commonly used, which are susceptible to hash cracking tools like Hashcat.
Requiring passwords to follow complexity rules (Option A) can be helpful, but attackers can still crack complex passwords if they are common or have been exposed in previous breaches. Setting a minimum password length (Option C) is a good practice, but length alone does not ensure a password's strength against hash cracking techniques. Encrypting passwords with a stronger algorithm (Option D) is a valid long-term strategy but would not prevent users from choosing weak passwords that could be easily guessed before hash cracking is even necessary.
Therefore, a blocklist addresses the specific vulnerability exposed by the penetration tester-users setting weak passwords that can be easily cracked. It's also worth noting that the best practice is a combination of strong, enforced password policies, user education, and the use of multi-factor authentication to enhance security further.


質問 # 31
A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

  • A. Scan the system on the most used ports.
  • B. Determine active hosts on the network.
  • C. Fill the ARP table of the networked devices.
  • D. Set the TTL of ping packets for stealth.

正解:B

解説:
The tester is attempting to determine active hosts on the network by writing a script that pings a range of IP addresses. Ping is a network utility that sends ICMP echo request packets to a host and waits for ICMP echo reply packets. Ping can be used to test whether a host is reachable or not by measuring its response time. The script uses a for loop to iterate over a range of IP addresses from 192.168.1.1 to 192.168.1.254 and pings each one using the ping command with -c 1 option, which specifies one packet per address.


質問 # 32
Given the following code:

Which of the following data structures is systems?

  • A. A dictionary
  • B. An array
  • C. A tree
  • D. A tuple

正解:A

解説:
Explanation
A dictionary is a data structure in Python that stores key-value pairs, where each key is associated with a value. A dictionary is created by enclosing the key-value pairs in curly braces and separating them by commas.
A dictionary can be accessed by using the keys as indexes or by using methods such as keys(), values(), or items(). In the code, systems is a dictionary that has four key-value pairs, each representing an IP address and its corresponding operating system. A tuple is a data structure in Python that stores an ordered sequence of immutable values, enclosed in parentheses and separated by commas. A tree is a data structure that consists of nodes connected by edges, forming a hierarchical structure with a root node and leaf nodes. An array is a data structure that stores a collection of elements of the same type in a contiguous memory location.


質問 # 33
......

有効なPT0-002試験 最新問題で2025年最新の学習ガイド:https://www.passtest.jp/CompTIA/PT0-002-shiken.html

トップクラスCompTIA PT0-002試験最先端学習ガイド!練習問題バージョン:https://drive.google.com/open?id=1dq-ULAWpubqS9zd5zAkXegUyyJDszbro

関するブログ

もっと
PT0-002 無料問題集