PenTest+

Here you have the best CompTIA PT0-002 practice exam questions

You have 326 total questions to study from
Each page has 5 questions, making a total of 66 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 13, 2024

Question 1 of 326

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

chmod u+x script.sh

chmod u+e script.sh

chmod o+e script.sh

chmod o+x script.sh

Correct Answer: A

Reference:

https://newbedev.com/chmod-u-x-versus-chmod-x

Question 2 of 326

A penetration tester gains access to a system and establishes persistence, and then run the following commands:

Which of the following actions is the tester MOST likely performing?

Redirecting Bash history to /dev/null

Making a copy of the user's Bash history to further enumeration

Covering tracks by clearing the Bash history

Making decoy files on the system to confuse incident responders

Correct Answer: C

The commands executed by the penetration tester are intended to clear the Bash history file while preserving its timestamp. The sequence starts by creating an empty file named 'temp'. The 'touch -r .bash_history temp' command then ensures that the 'temp' file has the same timestamp as the original '.bash_history' file. Finally, the 'mv temp .bash_history' command replaces the existing '.bash_history' file with the empty 'temp' file, effectively clearing the Bash history while keeping its original modification time unchanged. This action is most likely performed to cover tracks and make it harder for incident responders to detect the tester's activities on the system.

Question 3 of 326

A compliance-based penetration test is primarily concerned with:

obtaining PII from the protected network.

bypassing protection on edge devices.

determining the efficacy of a specific set of security standards.

obtaining specific information from the protected network.

Correct Answer: C

A compliance-based penetration test is primarily concerned with determining the efficacy of a specific set of security standards. The purpose of this test is to ensure that the organization adheres to certain security standards and regulatory requirements, such as HIPAA, PCI-DSS, and SOX. This involves assessing whether the security controls and processes in place meet the necessary criteria to protect sensitive data and maintain compliance with the relevant regulations.

Question 4 of 326

A penetration tester is explaining the MITRE ATT&CK framework to a company's chief legal counsel.

Which of the following would the tester MOST likely describe as a benefit of the framework?

Understanding the tactics of a security intrusion can help disrupt them.

Scripts that are part of the framework can be imported directly into SIEM tools.

The methodology can be used to estimate the cost of an incident better.

The framework is static and ensures stability of a security program over time.

Correct Answer: A

Reference:

https://attack.mitre.org/

Question 5 of 326

Which of the following BEST describe the OWASP Top 10? (Choose two.)

The most critical risks of web applications

A list of all the risks of web applications

The risks defined in order of importance

A web-application security standard

A risk-governance and compliance framework

A checklist of Apache vulnerabilities

Correct Answer: A, C

Reference:

https://www.synopsys.com/glossary/what-is-owasp-top-10.html