Visit Official SkillCertPro Website :-
For a full set of 800+ questions. Go to
https://skillcertpro.tech/product/comp-tia-pentest-pt0-002-practice-tests/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Your company has several small branch offices around the country, but you work as a network administrator at the centralized headquarters building. You need the capability of being able to remotely access any of the remote site’s routers to configure them without having to fly to each location in person. Your company’s CIO is worried that allowing remote access could allow an attacker to gain administrative access to the company’s network devices. Which of the following is the MOST secure way to prevent this from occurring while still allowing you to access the devices remotely?
A. Create an out-of-band management network
B. Install an out-of-band modem
C. Configure the remote router's ACLs to only permit Telnet traffic
D. Configure the remote router's ACLs to only permit HTTP traffic
Answer: A
Explanation:
OBJ-5.3: You should create an out-of-band management network using an SSH (console) connection to the router. Telnet and HTTP are not encrypted channels and should not be used for remote connections. Using a modem is also a bad security practice since these are subject to war dialing and provide slow connectivity speeds.
Question 2:
Riaan’s company runs critical web applications. During a vulnerability scan, Riaan found a serious SQL injection vulnerability in one of their web applications. The system cannot be taken offline to remediate the vulnerability. Which of the following compensating controls should Riaan recommend using until the system can be remediated?
A. IPS
B. WAF
C. Vulnerability scanning
D. Encryption
Answer: B
Explanation:
OBJ-5.3: WAF (web application firewall) is the best option since it can serve as a compensating control and protect against web application vulnerabilities like an SQL injection until the application can be fully remediated. Vulnerability scanning could only be used to detect the issue. Therefore, it is a detective control, not a compensating control. Encryption would not be effective in stopping an SQL injection. An IPS is designed to protected network devices based on ports, protocols, and signatures. It would not be effective against an SQL injection and is not considered a compensating control for this vulnerability.
Question 3:
What SCAP component could be to create a checklist to be used by different security teams within an organization and then report results in a standardized fashion?
A. XCCDF
B. CCE
C. CPE
D. CVE
Answer: A
Explanation:
OBJ-5.1: XCCDF (extensible configuration checklist description format) is a language that is used in creating checklists for reporting results. The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The Common Configuration Enumeration (CCE) provides unique identifiers to system configuration issues to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. Common Platform Enumeration (CPE) is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets.
Question 4:
Susan, a help desk technician at Skillcertpro Training, has received several trouble tickets today related to employees receiving the same email as part of a phishing campaign. She has determined that the email’s malicious link is not being blocked by the company’s security suite when a user clicks the link. Susan asks you what action can be performed to prevent a user from reaching the website associated with the phishing email’s malicious link. What action do you recommend she utilize?
A. Block the IP address of the malicious domain in your firewall's ACL
B. Add the malicious domain name to your content filter and web proxy's blacklist
C. Enable TLS on your organization’s mail server
D. Forward this phishing email to all employees with a warning not to click on the embedded links
Answer: B
Explanation:
OBJ-5.3: To prevent a user from accessing the malicious website when the link is clicked, the malicious domain name should be added to the blacklist of the company’s content filter and web proxy. This will ensure that no devices on the network can reach the malicious domain name. While blocking the IP address associated with the domain name might help for a short period of time, the malicious domain’s owner could quickly redirect the DNS to point to a different IP. Then the users would still be able to access the malicious domain and its contents. Enabling TLS on the mail server will only encrypt the connection between the email server and its clients. Still, it will not prevent the users from clicking on the malicious link and accessing the malicious content. While informing the users that there is an active attempt at phishing being conducted against the organization is a good idea, forwarding the phishing email with the malicious link will generally cause more users to accidentally click on the malicious link, which further exacerbates the issue.
Question 5:
During a penetration test, you identify a critical vulnerability in a client’s production Linux-based Apache webserver. Which of the following should you do NEXT?
A. Exploit the vulnerabliity, escalate privlieges, and patch the vulnerability as root
B. Enter "sudo apache2 stop" to prevent an attacker from exploiting the server
C. Complete the engagement and notify the client in the executive summary of the report
D. Pause the engagement and notify the client using established communication paths
Answer: D
Explanation:
OBJ-5.4: The penetration testing team should have a direct communication path with the system owners or their trusted agents during an engagement. If the team discovers any security breaches, current hacking activity, extremely critical findings on a production server, or a production server becomes unresponsive during exploitation, then the team should stop what they are doing and contract their trusted point of contact within the organization to get further guidance. The trusted agents and communication paths should be determined when planning the engagement.
For a full set of 800+ questions. Go to
https://skillcertpro.tech/product/comp-tia-pentest-pt0-002-practice-tests
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
What document typically contains high-level statements of management intent?
A. Procedure
B. Guideline
C. Standard
D. Policy
Answer: D
Explanation:
OBJ-1.2: Policies are high-level statements of management intent. Compliance with policies by employees should be mandatory. An information security policy will generally contain broad statements around the various cybersecurity objectives. Procedures describe exactly how to use the standards and guidelines to implement the countermeasures that support the policy. Standards and baselines describe specific products, configurations, or other mechanisms to secure the systems. A guideline is a recommendation that can specify the methodology that is to be used.
Question 7:
You are reviewing a rule within your organization’s IDS. You see the following output:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
msg: “BROWSER-IE Microsoft Internet Explorer
CacheSize exploit attempt”;
flow: to_client,established;
file_data;
content:”recordset”; offset:14; depth:9;
content:”.CacheSize”; distance:0; within:100;
pcre:”/CacheSize\s*=\s*/”;
byte_test:10,>,0x3ffffffe,0,relative,string;
max-detect-ips drop, service http;
reference:cve,2016-8077;
classtype: attempted-user;
sid:65535;rev:1;
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Based on this rule, which of the following malicious packets would this IDS alert on?
A. An malicious inbound TCP packet
B. Any malicious outbound packets
C. An malicious outbound TCP packet
D. Any malicious inbound packets
Answer: A
Explanation:
OBJ-3.2: The rule header is set to alert only on TCP packets based on this IDS rule’s first line. The flow condition is set as “to_client,established,” which means that only inbound traffic will be analyzed against this rule and only inbound traffic for connections that are already established. Therefore, this rule will alert on an inbound malicious TCP packet only when the packet matches all the conditions listed in this rule. This rule is an example of a Snort IDS rule. For the exam, you do not need to create your own IDS rules, but you should be able to read them and pick out generic content like the type of protocol covered by the signature, the port be analyzed, and the direction of flow.
Question 8:
You are working as part of a penetration testing team during an engagement. A coworker just entered “sudo systemctl start SkillcertproTrainingApp” in the shell of a Linux server the team exploited. What action is your coworker performing with this command?
A. To enable persistance on the server
B. To enumerate the running services on the server
C. To remove persistance on the server
D. To shutdown the running service on the server
Answer: A
Explanation:
OBJ-3.7: This scenario uses the systemctl command to remove persistence from a Linux server within its shell. The systemd tool is an init system and system manager that has widely become the new standard for Linux distributions. The systemctl is part of systemd. The systemctl is used to manage services, check their status, change their status, and work with the configuration files. By entering “sudo systemctrl start SkillcertproTrainingApp” in the shell, the system will start the service known as SkillcertproTrainingApp. This will create persistence by running the SkillcertproTrainingApp service, which is just a fictional service name used in this example to hide the penetration tester’s persistence tools. This service could be named anything the penetration tester deems appropriate during the service’s installation.
Question 9:
What is the term for exploiting a weakness in a user’s wireless headset to compromise their smartphone?
A. Multiplexing
B. Zero-day attack
C. Smurfing
D. Bluejacking
Answer: D
Explanation:
OBJ-3.3: Bluejacking sends unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers.
Question 10:
You are conducting a physical penetration test against an organization. You followed an employee to the coffee shop next door, and while they were ordering, you got within 1 foot of them to electronically capture their proximity badge. Which of the following exploits are you planning to use?
A. Session hijacking
B. Bluesnarfing
C. RFID cloning
D. Credential harvesting
Answer: C
Explanation:
OBJ-3.3: Radio-frequency identification (RFID) is a standard for identifying and keeping track of an object’s physical location through the use of radio waves. RFID cloning is the act of copying authentication data from an RFID badge’s microchip to another badge. In an attack scenario, badge cloning is useful because it enables the attacker to obtain authorization credentials without actually stealing a physical badge from the organization. Badge cloning can be done through handheld RFID writers, which are inexpensive and easy to use. You simply hold the badge up to the RFID writer device, press a button to copy its tag’s data, then hold a blank badge up to the device and write the copied data. RFID cloning tools can read the data like any normal RFID reader would and be located up to several feet away or inside a bag.
For a full set of 800+ questions. Go to
https://skillcertpro.tech/product/comp-tia-pentest-pt0-002-practice-tests/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.