2023年10月20日合格確定ガイド準備PT0-002試験知能問題集 [Q163-Q180]

2023年10月20日合格確定ガイド準備PT0-002試験知能問題集

無料最新CompTIA PenTest+ PT0-002リアル試験問題と回答2023年更新

サイバー攻撃の発生率が高まっているため、世界中の組織は、ハッキング、フィッシング、ランサムウェア攻撃など、さまざまな脅威からシステムを保護するのに役立つサイバーセキュリティの専門家を雇うことを目指しています。 Comptia Pentest+認定を追求することにより、効果的な浸透テストを実行するために必要な知識と専門知識があることを証明し、組織が潜在的なセキュリティの抜け穴を認識し続けることができます。

 

質問 # 163
A penetration tester joins the assessment team in the middle of the assessment. The client has asked the team, both verbally and in the scoping document, not to test the production networks. However, the new tester is not aware of this request and proceeds to perform exploits in the production environment. Which of the following would have MOST effectively prevented this misunderstanding?

• A. Requiring all testers to review the scoping document carefully
• B. Never assessing the production networks
• C. Prohibiting exploitation in the production environment
• D. Prohibiting testers from joining the team during the assessment

正解：A

質問 # 164
During an assessment, a penetration tester manages to exploit an LFI vulnerability and browse the web log for a target Apache server. Which of the following steps would the penetration tester most likely try NEXT to further exploit the web server? (Choose two.)

• A. Log poisoning
• B. Cross-site scripting
• C. Cross-site request forgery
• D. Command injection
• E. SQL injection
• F. Server-side request forgery

正解：A、D

解説：
Explanation
Local File Inclusion (LFI) is a web vulnerability that allows an attacker to include files on a server through the web browser. This can expose sensitive information or lead to remote code execution.
Some possible next steps that a penetration tester can try after exploiting an LFI vulnerability are:
* Log poisoning: This involves injecting malicious code into the web server's log files and then including them via LFI to execute the code
* PHP wrappers: These are special streams that can be used to manipulate files or data via LFI. For example, php://input can be used to pass arbitrary data to an LFI script, or php://filter can be used to encode or decode files5.

質問 # 165
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen.
A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement?

• A. Direct-to-origin
• B. Cross-site scripting
• C. Malware injection
• D. Credential harvesting

正解：C

解説：
Explanation
Malware injection is the most likely cloud attack that the penetration tester implemented, as it involves adding a fake VM instance to the IaaS component of the client's VM. Malware injection is a type of attack that exploits vulnerabilities in cloud services or applications to inject malicious code or data into them. The injected malware can then compromise or control the cloud resources or data.

質問 # 166
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform
phishing in a later stage of the assessment?

• A. Test for RFC-defined protocol conformance.
• B. Check for an open relay configuration.
• C. Attempt to brute force authentication to the service.
• D. Perform a reverse DNS query and match to the service banner.

正解：B

解説：
SMTP is a protocol associated with mail servers. Therefore, for a penetration tester, an open relay configuration can be exploited to launch phishing attacks.

質問 # 167
During a penetration test, you gain access to a system with a limited user interface. This machine appears to have access to an isolated network that you would like to port scan.
INSTRUCTIONS
Analyze the code segments to determine which sections are needed to complete a port scanning script.
Drag the appropriate elements into the correct locations to complete the script.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

正解：

解説：

質問 # 168
During an assessment, a penetration tester gathered OSINT for one of the IT systems administrators from the target company and managed to obtain valuable information, including corporate email addresses. Which of the following techniques should the penetration tester perform NEXT?

• A. Badge cloning
• B. Impersonation
• C. Watering-hole attack
• D. Spear phishing

正解：D

解説：
Explanation
Spear phishing is a type of targeted attack where the attacker sends emails that appear to come from a legitimate source, often a company or someone familiar to the target, with the goal of tricking the target into clicking on a malicious link or providing sensitive information. In this case, the penetration tester has already gathered OSINT on the IT system administrator, so they can use this information to craft a highly targeted spear phishing attack to try and gain access to the target system.

質問 # 169
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a MINIMAL chance of detection? (Choose two.)

• A. Port knocking
• B. A vulnerability scan
• C. Traffic sniffing
• D. An Nmap scan
• E. Open-source research
• F. A ping sweep

正解：C、E

質問 # 170
The output from a penetration testing tool shows 100 hosts contained findings due to improper patch management. Which of the following did the penetration tester perform?

• A. A packet capture
• B. A WHOIS lookup
• C. An Nmap scan
• D. A vulnerability scan

正解：D

解説：
Explanation
A vulnerability scan is a type of penetration testing tool that is used to scan a network for vulnerabilities. A vulnerability scan can detect misconfigurations, missing patches, and other security issues that could be exploited by attackers. In this case, the output shows that 100 hosts had findings due to improper patch management, which means that the tester performed a vulnerability scan.

質問 # 171
A penetration tester is looking for vulnerabilities within a company's web application that are in scope. The penetration tester discovers a login page and enters the following string in a field:
1;SELECT Username, Password FROM Users;
Which of the following injection attacks is the penetration tester using?

• A. Blind SQL
• B. Error-based
• C. Boolean SQL
• D. Stacked queries

正解：D

解説：
Explanation
The penetration tester is using a type of injection attack called stacked queries, which means appending multiple SQL statements separated by semicolons in a single input field. This can allow the penetration tester to execute arbitrary SQL commands on the database server, such as selecting username and password from users table.

質問 # 172
A tester who is performing a penetration test on a website receives the following output:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/search.php on line 62
Which of the following commands can be used to further attack the website?

• A. ../../../../../../../../../../etc/passwd
• B. <script>var adr= '../evil.php?test=' + escape(document.cookie);</script>
• C. 1 UNION SELECT 1, DATABASE(),3--
• D. /var/www/html/index.php;whoami

正解：D

質問 # 173
Which of the following types of information should be included when writing the remediation section of a penetration test report to be viewed by the systems administrator and technical staff?

• A. The executive summary and information regarding the testing company
• B. The rules of engagement from the assessment
• C. Information regarding the business impact if compromised
• D. A quick description of the vulnerability and a high-level control to fix it

正解：C

質問 # 174
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

• A. The penetration tester used unsupported flags.
• B. The scan returned ICMP echo replies.
• C. The edge network device was disconnected.
• D. A firewall or IPS blocked the scan.

正解：D

質問 # 175
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

• A. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
• B. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan
• C. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
• D. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan

正解：B

質問 # 176
A penetration tester is conducting a penetration test and discovers a vulnerability on a web server that is owned by the client. Exploiting the vulnerability allows the tester to open a reverse shell. Enumerating the server for privilege escalation, the tester discovers the following:

Which of the following should the penetration tester do NEXT?

• A. Note this finding for inclusion in the final report.
• B. Investigate the high numbered port connections.
• C. Contact the client immediately.
• D. Close the reverse shell the tester is using.

正解：C

質問 # 177
A client has requested that the penetration test scan include the following UDP services: SNMP, NetBIOS, and DNS. Which of the following Nmap commands will perform the scan?

• A. nmap -vv sUV -p 53,123,161-162 10.10.1.20/24 -oA udpscan
• B. nmap -vv sUV -p 53, 122-123, 160-161 10.10.1.20/24 -oA udpscan
• C. nmap -vv sUV -p 53, 123-159 10.10.1.20/24 -oA udpscan
• D. nmap -vv sUV -p 53,137-139,161-162 10.10.1.20/24 -oA udpscan

正解：A

質問 # 178
A penetration tester has obtained shell access to a Windows host and wants to run a specially crafted binary for later execution using the wmic.exe process call create function. Which of the following OS or filesystem mechanisms is MOST likely to support this objective?

• A. PowerShell modules
• B. MP4 steganography
• C. PsExec
• D. Alternate data streams

正解：A

解説：
"Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools."

質問 # 179
A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen.
A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM. Which of the following cloud attacks did the penetration tester MOST likely implement?

• A. Direct-to-origin
• B. Cross-site scripting
• C. Malware injection
• D. Credential harvesting

正解：D

質問 # 180
......

究極な準備用ガイドPT0-002認定試験CompTIA PenTest+：https://www.goshiken.com/CompTIA/PT0-002-mondaishu.html

PT0-002究極な学習ガイド：https://drive.google.com/open?id=1DPaJ7JtaMgcHIQq0772pDt7PLCtzojWy