[18-Oct-2023] New PenTest+ PT0-002 Dumps with VCE and PDF from PassLeader (New Questions)

PassLeader released the NEWEST CompTIA PT0-002 exam dumps recently! Both PT0-002 VCE dumps and PT0-002 PDF dumps are available on PassLeader, either PT0-002 VCE dumps or PT0-002 PDF dumps have the NEWEST PT0-002 exam questions in it, they will help you passing CompTIA PT0-002 exam easily! You can download the valid PT0-002 dumps VCE and PDF from PassLeader here: https://www.passleader.com/pt0-002.html (346 Q&As Dumps)

Also, previewing the NEWEST PassLeader PT0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1V9QhQP1zOYY8Mm8AF7ee2a1OwqSWbWKl

A penetration tester uncovered a flaw in an online banking web application that allows arbitrary requests to other internal network assets through a server-side request forgery. Which of the following would BEST reduce the risk of attack?

A.    Implement multifactor authentication on the web application to prevent unauthorized access of the application.
B.    Configure a secret management solution to ensure attackers are not able to gain access to confidential information.
C.    Ensure a patch management system is in place to ensure the web server system is hardened.
D.    Sanitize and validate all input within the web application to prevent internal resources from being accessed.
E.    Ensure that enhanced logging is enabled on the web application to detect the attack.

Answer: D
Server-side request forgery occurs when an attacker can manipulate a web application to send a request on behalf of the application to an internal network asset. By sanitizing and validating all input within the web application, the application can prevent an attacker from injecting malicious code or requests that could result in unauthorized access to internal resources.

Which of the following actions would BEST explain why a testing team would need to reach out to a customer’s emergency contact during an assessment?

A.    To confirm assessment dates.
B.    To escalate the detection of a prior compromise.
C.    To submit the weekly status report.
D.    To announce that testing will begin.

Answer: B
If the testing team detects a significant security breach or vulnerability during their assessment, they may need to quickly escalate the issue to the customer’s emergency contact in order to ensure that appropriate action is taken to mitigate the risk. This would be a critical action that could help protect the customer’s sensitive data and prevent further damage to their systems.

An executive needs to use Wi-Fi to connect to the company’s server while traveling. Looking for available Wi-Fi connections, the executive notices an available access point to a hotel chain that is not available where the executive is staying. Which of the following attacks is the executive MOST likely experiencing?

A.    Data modification.
B.    Amplification.
C.    Captive portal.
D.    Evil twin.

Answer: D
The attacker creates an access point with the same name and network settings as a legitimate access point, but with a stronger signal to attract users. Once a victim connects to the rogue access point, the attacker can intercept and steal any data transmitted over the connection, including login credentials, credit card information, and other sensitive data.

A penetration tester calls an IT employee and pretends to be the financial director of the company. The penetration tester asks the IT employee to reset the financial director’s email password. The penetration tester claims to be at an ongoing, off-site meeting with some investors and needs a presentation file quickly downloaded from the director’s mailbox. Which of following techniques is the penetration tester trying to utilize? (Choose two.)

A.    Scarcity
B.    Intimidation
C.    Authority
D.    Consensus
E.    Urgency
F.    Familiarity

Answer: CE
Option C: Authority – The penetration tester is pretending to be the financial director of the company, and is using the authority associated with that role to convince the IT employee to reset the email password.
Option E: Urgency – The penetration tester is claiming to be in an ongoing, off-site meeting with investors, and needs the presentation file downloaded quickly. This creates a sense of urgency and pressure on the IT employee to act quickly, without taking the necessary precautions.

A penetration tester runs the following command:
“dig @ dns01.comptia.local axfr comptia.local”
If successful, which of the following types of information would be provided?

A.    The DNSSEC certificate and CA.
B.    The DHCP scopes and ranges used on the network.
C.    The hostnames and IP addresses of internal systems.
D.    The OS and version of the DNS server.

Answer: C

A company recruited a penetration tester to configure intrusion detection over the wireless network. Which of the following tools would BEST resolve this issue?

A.    Aircrack-ng
B.    Wireshark
C.    Cowpatty
D.    Kismet

Answer: D

While performing an assessment on a web application, a penetration tester notices the web browser creates the following request when clicking on the stock status for an item:

POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 118

Which of the following types of attacks would the penetration tester most likely try NEXT?

A.    Cross-site scripting.
B.    Command injection.
C.    Local file inclusion.
D.    Server-side request forgery.

Answer: D

When accessing the URL, a penetration tester obtained the following output:

Notice: Undefined index: eid in /apache/www/validate/user.php line 12
Notice: Undefined index: uid in /apache/www/validate/user.php line 13
Notice: Undefined index: pw in /apache/www/validate/user.php line 14
Notice: Undefined index: acl in /apache/www/validate/user.php line 15

Which of the following is the MOST probable cause for this output?

A.    Lack of code signing.
B.    Incorrect command syntax.
C.    Insufficient error handling.
D.    Insecure data transmission.

Answer: C

Which of the following is the MOST secure method for sending the penetration test report to the client?

A.    Host it on an online storage system.
B.    Put it inside a password-protected ZIP file.
C.    Transfer it via webmail using an HTTPS connection.
D.    Use the client’s public key.

Answer: D

During a vulnerability scanning phase, a penetration tester wants to execute an Nmap scan using custom NSE scripts stored in the following folder:


Which of the following commands should the penetration tester use to perform this scan?

A.    nmap –resume “not intrusive”
B.    nmap –script default,safe
C.    nmap –script /home/user/scripts
D.    nmap –load /home/user/scripts

Answer: C

Within a Python script, a line that states print (var) outputs the following:

[{‘1’ : ‘CentOS’, ‘2’ : ‘Ubuntu’}, {‘1’ : ‘Windows 10’, ‘2’ : ‘Windows Server 2016’}]

Which of the following objects or data structures is var?

A.    An array.
B.    A class.
C.    A dictionary.
D.    A list.

Answer: D

A penetration tester wrote the following comment in the final report:

Eighty-five percent of the systems tested were found to be prone to unauthorized access from the internet.

Which of the following audiences was this message intended?

A.    Systems administrators.
B.    C-suite executives.
C.    Data privacy ombudsman.
D.    Regulatory officials.

Answer: B


Welcome to choose PassLeader PT0-002 dumps for 100% passing CompTIA PT0-002 exam: https://www.passleader.com/pt0-002.html (346 Q&As VCE Dumps and PDF Dumps)

Also, previewing the NEWEST PassLeader PT0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1V9QhQP1zOYY8Mm8AF7ee2a1OwqSWbWKl