PT0-002試験無料問題集（460題）「CompTIA PenTest+ Certification 認定」

出題：1

A penetration tester wants to accomplish ARP poisoning as part of an attack. Which of the following tools will the tester most likely utilize?

A. Netcat

B. Wireshark

C. Nmap

D. Ettercap

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

The following line-numbered Python code snippet is being used in reconnaissance:

Which of the following line numbers from the script MOST likely contributed to the script triggering a "probable port scan" alert in the organization's IDS?

A. Line 02

B. Line 08

C. Line 01

D. Line 07

正解：B 解答を投票する

出題：3

A private investigation firm is requesting a penetration test to determine the likelihood that attackers can gain access to mobile devices and then exfiltrate data from those devices. Which of the following is a social-engineering method that, if successful, would MOST likely enable both objectives?

A. Infest a website that is often used by employees with malware targeted toward x86 architectures.

B. Perform vishing on the IT help desk to gather a list of approved device IMEIs for masquerading.

C. Send an SMS with a spoofed service number including a link to download a malicious application.

D. Exploit a vulnerability in the MDM and create a new account and device profile.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

A penetration tester ran a simple Python-based scanner. The following is a snippet of the code:

Which of the following BEST describes why this script triggered a `probable port scan` alert in the organization's IDS?

A. *range(1, 1025) on line 1 populated the portList list in numerical order.

B. The remoteSvr variable has neither been type-hinted nor initialized.

C. Line 6 uses socket.SOCK_STREAM instead of socket.SOCK_DGRAM

D. sock.settimeout(20) on line 7 caused each next socket to be created every 20 milliseconds.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

SIMULATION
Using the output, identify potential attack vectors that should be further investigated.

正解：

1: Null session enumeration
Weak SMB file permissions
Fragmentation attack
2: nmap
-sV
-p 1-1023
192.168.2.2
3: #!/usr/bin/python
export $PORTS = 21,22
for $PORT in $PORTS:
try:
s.connect((ip, port))
print("%s:%s - OPEN" % (ip, port))
except socket.timeout
print("%:%s - TIMEOUT" % (ip, port))
except socket.error as e:
print("%:%s - CLOSED" % (ip, port))
finally
s.close()
port_scan(sys.argv[1], ports)

出題：6

A penetration tester has been given an assignment to attack a series of targets in the 192.168.1.0/24 range, triggering as few alarms and countermeasures as possible.
Which of the following Nmap scan syntaxes would BEST accomplish this objective?

A. nmap -sT -vvv -O 192.168.1.2/24 -PO

B. nmap -sA -v -O 192.168.1.2/24

C. nmap -sS -O 192.168.1.2/24 -T1

D. nmap -sV 192.168.1.2/24 -PO

正解：C 解答を投票する

出題：7

A penetration tester who is performing a physical assessment of a company's security practices notices the company does not have any shredders inside the office building. Which of the following techniques would be BEST to use to gain confidential information?

A. Tailgating

B. Badge cloning

C. Dumpster diving

D. Shoulder surfing

正解：C 解答を投票する

出題：8

A penetration tester is able to capture the NTLM challenge-response traffic between a client and a server.
Which of the following can be done with the pcap to gain access to the server?

A. Perform vertical privilege escalation.

B. Utilize a pass-the-hash attack.

C. Use John the Ripper to crack the password.

D. Replay the captured traffic to the server to recreate the session.

正解：B 解答を投票する

出題：9

An exploit developer is coding a script that submits a very large number of small requests to a web server until the server is compromised. The script must examine each response received and compare the data to a large number of strings to determine which data to submit next. Which of the following data structures should the exploit developer use to make the string comparison and determination as efficient as possible?

A. A dictionary

B. A list

C. An array

D. A tree

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

A penetration tester has compromised a customer's internal network, gaining access to a file server that hosts email server backups. Which of the following is the best tool to assist with data exfiltration?

A. Netcat

B. Nmap

C. SFTP

D. SCP

正解：D 解答を投票する

出題：11

Which of the following BEST describe the OWASP Top 10? (Choose two.)

A. A checklist of Apache vulnerabilities

B. A list of all the risks of web applications

C. A web-application security standard

D. A risk-governance and compliance framework

E. The most critical risks of web applications

F. The risks defined in order of importance

正解：E,F 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following is the most important aspect to consider when calculating the price of a penetration test service for a client?

A. Client's budget

B. Operating cost

C. Non-disclosure agreement

D. Required scope of work

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

A client claims that a ransomware attack has crippled its corporate network following a penetration test assessment. Which of the following is the most likely root cause of this issue?

A. Incomplete data destruction process

B. Client reluctance to accept findings

C. Failure to remove tester-created credentials

D. Lack of attestation

正解：C 解答を投票する

出題：14

The results of an Nmap scan are as follows:
Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-24 01:10 EST
Nmap scan report for ( 10.2.1.22 )
Host is up (0.0102s latency).
Not shown: 998 filtered ports
Port State Service
80/tcp open http
|_http-title: 80F 22% RH 1009.1MB (text/html)
|_http-slowloris-check:
| VULNERABLE:
| Slowloris DoS Attack
| <..>
Device type: bridge|general purpose
Running (JUST GUESSING) : QEMU (95%)
OS CPE: cpe:/a:qemu:qemu
No exact OS matches found for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 107.45 seconds
Which of the following device types will MOST likely have a similar response? (Choose two.)

A. Exposed RDP

B. Active Directory domain controller

C. Print queue

D. IoT/embedded device

E. Network device

F. Public-facing web server

正解：D,F 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection. The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?

A. ..nmap -sU -sV -T4 -F target.company.com

B. ..nmap -sT -v -T5 target.company.com

C. ..nmap -sX -sC target.company.com

D. ..nmap -sS -sV -F target.company.com

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

A penetration tester is taking screen captures of hashes obtained from a domain controller. Which of the following best explains why the penetration tester should immediately obscure portions of the images before saving?

A. To make the hashes appear shorter and easier to crack

B. To prevent analysis based on the type of hash

C. To avoid disclosure of how the hashes were obtained

D. To maintain confidentiality of data/information

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

PT0-002試験無料問題集「CompTIA PenTest+ Certification 認定」