comptia pt1-002 online test

Question 1

A penetration tester is reviewing the following SOW prior to engaging with a client:
Network diagrams, logical and physical asset inventory, and employees names are to be treated as client confidential.
Upon completion of the engagement, the penetration tester will submit findings to the clients Chief Information Security
Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner.
Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

• A. Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection
• B. Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement
• C. Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the clients senior leadership team
• D. Seeking help with the engagement in underground hacker forums by sharing the client’s public IP address
• E. Using a software-based erase tool to wipe the client’s findings from the penetration tester’s laptop
• F. Retaining the SOW within the penetration tester’s company for future use so the sales team can plan future engagements

Answer:

C E

Question 2

A penetration tester recently completed a review of the security of a core network device within a corporate environment.
The key findings are as follows:
The following request was intercepted going to the network device:
GET /login HTTP/1.1
Host: 10.50.100.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Authorization: Basic WU9VUilOQU1FOnNlY3JldHBhc3N3b3jk
Network management interfaces are available on the production network.
An Nmap scan returned the following:

Which of the following would be BEST to add to the recommendations section of the final report? (Choose two.)

• A. Enforce enhanced password complexity requirements.
• B. Disable or upgrade SSH daemon.
• C. Disable HTTP/301 redirect configuration.
• D. Create an out-of-band network for management.
• E. Implement a better method for authentication.
• F. Eliminate network management and control interfaces.

Answer:

C E

Question 3

A penetration tester has established an on-path attack position and must now specially craft a DNS query response to be
sent back to a target host. Which of the following utilities would BEST support this objective?

• A. Socat
• B. tcpdump
• C. Scapy
• D. dig

Answer:

A

Explanation:
Reference: https://unix.stackexchange.com/questions/520348/using-socat-how-to-send-to-and-receive-from-a-public-dns-
server

Question 4

A penetration tester performs the following command:
curl I http2 https://www.comptia.org
Which of the following snippets of output will the tester MOST likely receive?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer:

A

Explanation:
Reference: https://research.securitum.com/http-2-protocol-it-is-faster-but-is-it-also-safer/

Question 5

A company becomes concerned when the security alarms are triggered during a penetration test. Which of the following
should the company do NEXT?

• A. Halt the penetration test.
• B. Conduct an incident response.
• C. Deconflict with the penetration tester.
• D. Assume the alert is from the penetration test.

Answer:

B

Question 6

A penetration tester writes the following script:

Which of the following objectives is the tester attempting to achieve?

• A. Determine active hosts on the network.
• B. Set the TTL of ping packets for stealth.
• C. Fill the ARP table of the networked devices.
• D. Scan the system on the most used ports.

Answer:

A

Question 7

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant. The team
immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the
following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

• A. PLCs will not act upon commands injected over the network.
• B. Supervisors and controllers are on a separate virtual network by default.
• C. Controllers will not validate the origin of commands.
• D. Supervisory systems will detect a malicious injection of code/commands.

Answer:

C

Question 8

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap
commands will return vulnerable ports that might be interesting to a potential attacker?

• A. nmap 192.168.1.1-5 –PU22-25,80
• B. nmap 192.168.1.1-5 –PA22-25,80
• C. nmap 192.168.1.1-5 –PS22-25,80
• D. nmap 192.168.1.1-5 –Ss22-25,80

Answer:

C

Question 9

A penetration tester conducted a vulnerability scan against a clients critical servers and found the following:

Which of the following would be a recommendation for remediation?

• A. Deploy a user training program
• B. Implement a patch management plan
• C. Utilize the secure software development life cycle
• D. Configure access controls on each of the servers

Answer:

B

Question 10

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in
cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester
realizes some of the passwords in the text file follow the format: . Which of the following would be the best action for the
tester to take NEXT with this information?

• A. Create a custom password dictionary as preparation for password spray testing.
• B. Recommend using a password manage/vault instead of text files to store passwords securely.
• C. Recommend configuring password complexity rules in all the systems and applications.
• D. Document the unprotected file repository as a finding in the penetration-testing report.

Answer:

D