Your success in CompTIA PT0-002 is our sole target and we develop all our PT0-002 braindumps in a way that facilitates the attainment of this target. Not only is our PT0-002 study material the best you can find, it is also the most detailed and the most updated. PT0-002 Practice Exams for CompTIA PT0-002 are written to the highest standards of technical accuracy.

Also have PT0-002 free dumps questions for you:

Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware?

  • A. Analyze the malware to see what it does.
  • B. Collect the proper evidence and then remove the malware.
  • C. Do a root-cause analysis to find out how the malware got in.
  • D. Remove the malware immediately.
  • E. Stop the assessment and inform the emergency contact.

Answer: E

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be sent back to a target host. Which of the following utilities would BEST support this objective?

  • A. Socat
  • B. tcpdump
  • C. Scapy
  • D. dig

Answer: A

A penetration tester received a .pcap file to look for credentials to use in an engagement. Which of the following tools should the tester utilize to open and read the .pcap file?

  • A. Nmap
  • B. Wireshark
  • C. Metasploit
  • D. Netcat

Answer: B

A penetration tester exploited a unique flaw on a recent penetration test of a bank. After the test was completed, the tester posted information about the exploit online along with the IP addresses of the exploited machines. Which of the following documents could hold the penetration tester accountable for this action?

  • A. ROE
  • B. SLA
  • C. MSA
  • D. NDA

Answer: D

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  • A. Executive summary of the penetration-testing methods used
  • B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  • C. Quantitative impact assessments given a successful software compromise
  • D. Code context for instances of unsafe type-casting operations

Answer: C

A penetration tester performs the following command: curl –I –http2
Which of the following snippets of output will the tester MOST likely receive?
PT0-002 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D

Answer: A

A security engineer identified a new server on the network and wants to scan the host to determine if it is running an approved version of Linux and a patched version of Apache. Which of the following commands will accomplish this task?

  • A. nmap –f –sV –p80
  • B. nmap –sS –sL –p80
  • C. nmap –A –T4 –p80
  • D. nmap –O –v –p80

Answer: C

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

  • A. Whether sensitive client data is publicly accessible
  • B. Whether the connection between the cloud and the client is secure
  • C. Whether the client's employees are trained properly to use the platform
  • D. Whether the cloud applications were developed using a secure SDLC

Answer: A

User credentials were captured from a database during an assessment and cracked using rainbow tables. Based on the ease of compromise, which of the following algorithms was MOST likely used to store the passwords in the database?

  • A. MD5
  • B. bcrypt
  • C. SHA-1
  • D. PBKDF2

Answer: A

A penetration tester is testing a web application that is hosted by a public cloud provider. The tester is able to query the provider’s metadata and get the credentials used by the instance to authenticate itself. Which of the following vulnerabilities has the tester exploited?

  • A. Cross-site request forgery
  • B. Server-side request forgery
  • C. Remote file inclusion
  • D. Local file inclusion

Answer: B

A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

  • A. Reach out to the primary point of contact
  • B. Try to take down the attackers
  • C. Call law enforcement officials immediately
  • D. Collect the proper evidence and add to the final report

Answer: A

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees’ numbers?

  • A. Web archive
  • B. GitHub
  • C. File metadata
  • D. Underground forums

Answer: A

A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee’s birthday, the tester gave the employee an external hard drive as a gift. Which of the following social-engineering attacks was the tester utilizing?

  • A. Phishing
  • B. Tailgating
  • C. Baiting
  • D. Shoulder surfing

Answer: C

Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?

  • A. HTTPS communication
  • B. Public and private keys
  • C. Password encryption
  • D. Sessions and cookies

Answer: D

A company is concerned that its cloud service provider is not adequately protecting the VMs housing its software development. The VMs are housed in a datacenter with other companies sharing physical resources. Which of the following attack types is MOST concerning to the company?

  • A. Data flooding
  • B. Session riding
  • C. Cybersquatting
  • D. Side channel

Answer: B


Recommend!! Get the Full PT0-002 dumps in VCE and PDF From, Welcome to Download: (New 110 Q&As Version)