Free Access CompTIA.PT0-002.v2022-07-29.q85 Practice Test (Page 13)

Question 56

A penetration tester is looking for a vulnerability that enables attackers to open doors via a specialized TCP service that is used for a physical access control system. The service exists on more than 100 different hosts, so the tester would like to automate the assessment. Identification requires the penetration tester to:
Have a full TCP connection
Send a "hello" payload
Walt for a response
Send a string of characters longer than 16 bytes
Which of the following approaches would BEST support the objective?

A.Run nmap -Pn -sV -script vuln <IP address>.

B.Employ an OpenVAS simple scan against the TCP port of the host.

C.Create a script in the Lua language and use it with NSE.

D.Perform a credentialed scan with Nessus.

Question 57

A penetration tester is reviewing the following SOW prior to engaging with a client:
"Network diagrams, logical and physical asset inventory, and employees' names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client's Chief Information Security Officer (CISO) via encrypted protocols and subsequently dispose of all findings by erasing them in a secure manner." Based on the information in the SOW, which of the following behaviors would be considered unethical?
(Choose two.)

A.Seeking help with the engagement in underground hacker forums by sharing the client's public IP address

B.Utilizing public-key cryptography to ensure findings are delivered to the CISO upon completion of the engagement

C.Using a software-based erase tool to wipe the client's findings from the penetration tester's laptop

D.Utilizing proprietary penetration-testing tools that are not available to the public or to the client for auditing and inspection

E.Retaining the SOW within the penetration tester's company for future use so the sales team can plan future engagements

F.Failing to share with the client critical vulnerabilities that exist within the client architecture to appease the client's senior leadership team

Question 58

A penetration tester discovers that a web server within the scope of the engagement has already been compromised with a backdoor. Which of the following should the penetration tester do NEXT?

A.Continue the engagement and include the backdoor finding in the final report

B.Forensically acquire the backdoor Trojan and perform attribution

C.Inform the customer immediately about the backdoor

D.Utilize the backdoor in support of the engagement

Question 59

Performing a penetration test against an environment with SCADA devices brings additional safety risk because the:

A.devices produce more heat and consume more power.

B.devices are obsolete and are no longer available for replacement.

C.protocols are more difficult to understand.

D.devices may cause physical world effects.

Question 60

A penetration tester discovers during a recent test that an employee in the accounting department has been making changes to a payment system and redirecting money into a personal bank account. The penetration test was immediately stopped. Which of the following would be the BEST recommendation to prevent this type of activity in the future?

A.Enforce mandatory employee vacations

B.Encrypt passwords for bank account information

C.Install video surveillance equipment in the office

D.Implement multifactor authentication

Other Version: 715CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1159CompTIA.PT0-002.v2023-02-20.q55; 1278CompTIA.PT0-002.v2022-04-29.q49; 1524CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File