Free Access CompTIA.PT0-002.v2022-04-23.q65 Practice Test (Page 12)

Question 51

A penetration tester runs the unshadow command on a machine. Which of the following tools will the tester most likely use NEXT?

A.John the Ripper

B.Cain and Abel

C.Hydra

D.Mimikatz

Question 52

In an unprotected network file repository, a penetration tester discovers a text file containing usernames and passwords in cleartext and a spreadsheet containing data for 50 employees, including full names, roles, and serial numbers. The tester realizes some of the passwords in the text file follow the format: <name- serial_number>. Which of the following would be the best action for the tester to take NEXT with this information?

A.Create a custom password dictionary as preparation for password spray testing.

B.Document the unprotected file repository as a finding in the penetration-testing report.

C.Recommend configuring password complexity rules in all the systems and applications.

D.Recommend using a password manage/vault instead of text files to store passwords securely.

Question 53

A penetration tester logs in as a user in the cloud environment of a company. Which of the following Pacu modules will enable the tester to determine the level of access of the existing user?

A.iam_enum_permissions

B.iam_privesc_scan

C.iam_backdoor_assume_role

D.iam_bruteforce_permissions

Question 54

A penetration tester conducts an Nmap scan against a target and receives the following results:

Which of the following should the tester use to redirect the scanning tools using TCP port 1080 on the target?

A.Empire

B.ProxyChains

C.Nessus

D.OWASPZAP

Question 55

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

A.This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

B.This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

C.This device is most likely a gateway with in-band management services.

D.This device is most likely a proxy server forwarding requests over TCP/443.

Other Version: 715CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1159CompTIA.PT0-002.v2023-02-20.q55; 1756CompTIA.PT0-002.v2022-07-29.q85; 1278CompTIA.PT0-002.v2022-04-29.q49; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 51

Question 52

Question 53

Question 54

Question 55

Download PDF File