Free Access CompTIA.PT0-002.v2022-07-29.q85 Practice Test (Page 12)

Question 51

A penetration tester discovered a vulnerability that provides the ability to upload to a path via directory traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

A.Download the smb.conf file and look at configurations

B.Edit the discovered file with one line of code for remote callback

C.Download .pl files and look for usernames and passwords

D.Edit the smb.conf file and upload it to the server

Question 52

A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

A.Find the /root directory on the system

B.Set the SGID on all files in the / directory

C.Find files that were created during exploitation and move them to /dev/null

D.Find files with the SUID bit set

Question 53

You are a penetration tester reviewing a client's website through a web browser.
INSTRUCTIONS
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question 54

A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical? (Choose two.)

A.Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

B.Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

C.Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

D.Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

E.Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

F.Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop

Question 55

A penetration tester conducted a discovery scan that generated the following:

Which of the following commands generated the results above and will transform them into a list of active hosts for further analysis?

A.nmap -oG list.txt 192.168.0.1-254 , sort

B.nmap --open 192.168.0.1-254, uniq

C.nmap -o 192.168.0.1-254, cut -f 2

D.nmap -sn 192.168.0.1-254 , grep "Nmap scan" | awk '{print S5}'

Other Version: 715CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1159CompTIA.PT0-002.v2023-02-20.q55; 1278CompTIA.PT0-002.v2022-04-29.q49; 1523CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 51

Question 52

Question 53

Question 54

Question 55

Download PDF File