[23-Sep-2021] New PenTest+ PT0-002 Dumps with VCE and PDF from PassLeader (New Questions)

PassLeader released the NEWEST CompTIA PT0-002 exam dumps recently! Both PT0-002 VCE dumps and PT0-002 PDF dumps are available on PassLeader, either PT0-002 VCE dumps or PT0-002 PDF dumps have the NEWEST PT0-002 exam questions in it, they will help you passing CompTIA PT0-002 exam easily! You can download the valid PT0-002 dumps VCE and PDF from PassLeader here: https://www.passleader.com/pt0-002.html (130 Q&As Dumps)

Also, previewing the NEWEST PassLeader PT0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1V9QhQP1zOYY8Mm8AF7ee2a1OwqSWbWKl

NEW QUESTION 1
A software company has hired a penetration tester to perform a penetration test on a database server. The tester has been given a variety of tools used by the company’s privacy policy. Which of the following would be the BEST to use to find vulnerabilities on this server?

A.    OpenVAS
B.    Nikto
C.    SQLmap
D.    Nessus

Answer: C

NEW QUESTION 2
A large client wants a penetration tester to scan for devices within its network that are Internet facing. The client is specifically looking for Cisco devices with no authentication requirements. Which of the following settings in Shodan would meet the client’s requirements?

A    ”cisco-ios” ”admin+1234”
B    ”cisco-ios” ”no-password”
C    ”cisco-ios” ”default-passwords”
D    ”cisco-ios” ”last-modified”

Answer: A

NEW QUESTION 3
Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A.    Executive summary of the penetration-testing methods used.
B.    Bill of materials including supplies, subcontracts, and costs incurred during assessment.
C.    Quantitative impact assessments given a successful software compromise.
D.    Code context for instances of unsafe type-casting operations.

Answer: C

NEW QUESTION 4
A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

A.    Enforce mandatory employee vacations.
B.    Implement multifactor authentication.
C.    Install video surveillance equipment in the office.
D.    Encrypt passwords for bank account information.

Answer: B

NEW QUESTION 5
A penetration tester who is doing a security assessment discovers that a critical vulnerability is being actively exploited by cybercriminals. Which of the following should the tester do NEXT?

A.    Reach out to the primary point of contact.
B.    Try to take down the attackers.
C.    Call law enforcement officials immediately.
D.    Collect the proper evidence and add to the final report.

Answer: A

NEW QUESTION 6
A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

A.    VRFY and EXPN
B.    VRFY and TURN
C.    EXPN and TURN
D.    RCPT TO and VRFY

Answer: A
Explanation:
https://hackerone.com/reports/193314

NEW QUESTION 7
A red-team tester has been contracted to emulate the threat posed by a malicious insider on a company’s network, with the constrained objective of gaining access to sensitive personnel files. During the assessment, the red-team tester identifies an artifact indicating possible prior compromise within the target environment. Which of the following actions should the tester take?

A.    Perform forensic analysis to isolate the means of compromise and determine attribution.
B.    Incorporate the newly identified method of compromise into the red team’s approach.
C.    Create a detailed document of findings before continuing with the assessment.
D.    Halt the assessment and follow the reporting procedures as outlined in the contract.

Answer: C

NEW QUESTION 8
A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations. Which of the following are considered passive reconnaissance tools? (Choose two.)

A.    Wireshark
B.    Nessus
C.    Retina
D.    Burp Suite
E.    Shodan
F.    Nikto

Answer: A
Explanation:
https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/

NEW QUESTION 9
A penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?

A.    Weekly
B.    Monthly
C.    Quarterly
D.    Annually

Answer: A
Explanation:
https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf (page 24)

NEW QUESTION 10
Which of the following should a penetration tester do NEXT after identifying that an application being tested has already been compromised with malware? (Choose three.)

A.    Analyze the malware to see what it does.
B.    Collect the proper evidence and then remove the malware.
C.    Do a root-cause analysis to find out how the malware got in.
D.    Remove the malware immediately.
E.    Stop the assessment and inform the emergency contact.

Answer: ADE
Explanation:
https://www.redteamsecure.com/blog/my-company-was-hacked-now-what

NEW QUESTION 11
Which of the following tools provides Python classes for interacting with network protocols? (Choose three.)

A.    Responder
B.    Impacket
C.    Empire
D.    PowerSploit

Answer: ABC
Explanation:
https://github.com/SecureAuthCorp/impacket

NEW QUESTION 12
A penetration tester who is conducting a vulnerability assessment discovers that ICMP is disabled on a network segment. Which of the following could be used for a denial-of-service attack on the network segment?

A.    Smurf.
B.    Ping flood.
C.    Fraggle.
D.    Ping of death.

Answer: A
Explanation:
https://resources.infosecinstitute.com/topic/icmp-attacks/

NEW QUESTION 13
A software development team is concerned that a new product’s 64-bit Windows binaries can be deconstructed to the underlying code. Which of the following tools can a penetration tester utilize to help the team gauge what an attacker might see in the binaries? (Choose three.)

A.    Immunity Debugger
B.    OllyDbg
C.    GDB
D.    Drozer

Answer: ABD
Explanation:
https://en.wikipedia.org/wiki/OllyDbg

NEW QUESTION 14
An Nmap network scan has found five open ports with identified services. Which of the following tools should a penetration tester use NEXT to determine if any vulnerabilities with associated exploits exist on the open ports?

A.    OpenVAS
B.    Drozer
C.    Burp Suite
D.    OWASP ZAP

Answer: A
Explanation:
https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online-openvas

NEW QUESTION 15
When developing a shell script intended for interpretation in Bash, the interpreter /bin/bash should be explicitly specified. Which of the following character combinations should be used on the first line of the script to accomplish this goal?

A.    <#
B.    <$
C.    ##
D.    #$
E.    #!

Answer: ADE
Explanation:
https://linuxconfig.org/bash-scripting-tutorial-for-beginners

NEW QUESTION 16
In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company’s servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A.    Test for RFC-defined protocol conformance.
B.    Attempt to brute force authentication to the service.
C.    Perform a reverse DNS query and match to the service banner.
D.    Check for an open relay configuration.

Answer: C

NEW QUESTION 17
Penetration-testing activities have concluded, and the initial findings have been reviewed with the client. Which of the following best describes the NEXT step in the engagement?

A.    Acceptance by the client and sign-off on the final report.
B.    Scheduling of follow-up actions and retesting.
C.    Attestation of findings and delivery of the report.
D.    Review of the lessons learned during the engagement.

Answer: A

NEW QUESTION 18
During a penetration-testing engagement, a consultant performs reconnaissance of a client to identify potential targets for a phishing campaign. Which of the following would allow the consultant to retrieve email addresses for technical and billing contacts quickly, without triggering any of the client’s cybersecurity tools? (Choose two.)

A.    Scraping social media sites.
B.    Using the WHOIS lookup tool.
C.    Crawling the client’s website.
D.    Phishing company employees.
E.    Utilizing DNS lookup tools.
F.    Conducting wardriving near the client facility.

Answer: BC

NEW QUESTION 19
A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial data. Which of the following should the tester do with this information to make this a successful exploit?

A.    Perform XS.
B.    Conduct a watering-hole attack.
C.    Use BeE.
D.    Use browser autopwn.

Answer: A

NEW QUESTION 20
A red team gained access to the internal network of a client during an engagement and used the Responder tool to capture important data. Which of the following was captured by the testing team?

A.    Multiple handshakes.
B.    IP addresses.
C.    Encrypted file transfers.
D.    User hashes sent over SMB.

Answer: D

NEW QUESTION 21
……


Welcome to choose PassLeader PT0-002 dumps for 100% passing CompTIA PT0-002 exam: https://www.passleader.com/pt0-002.html (130 Q&As VCE Dumps and PDF Dumps)

Also, previewing the NEWEST PassLeader PT0-002 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1V9QhQP1zOYY8Mm8AF7ee2a1OwqSWbWKl