Free Access CompTIA.PT0-002.v2023-02-20.q55 Practice Test (Page 10)

Question 41

A penetration tester who is conducting a web-application test discovers a clickjacking vulnerability associated with a login page to financial dat a. Which of the following should the tester do with this information to make this a successful exploit?

A.Conduct a watering-hole attack.

B.Use BeEF.

C.Perform XSS.

D.Use browser autopwn.

Question 42

The results of an Nmap scan are as follows:

Which of the following would be the BEST conclusion about this device?

A.This device may be vulnerable to the Heartbleed bug due to the way transactions over TCP/22 handle heartbeat extension packets, allowing attackers to obtain sensitive information from process memory.

B.This device is most likely a gateway with in-band management services.

C.This device is most likely a proxy server forwarding requests over TCP/443.

D.This device may be vulnerable to remote code execution because of a butter overflow vulnerability in the method used to extract DNS names from packets prior to DNSSEC validation.

Question 43

A penetration tester has been given eight business hours to gain access to a client's financial system. Which of the following techniques will have the highest likelihood of success?

A.Using a brute-force attack against the external perimeter to gain a foothold

B.Attempting to tailgate an employee going into the client's workplace

C.Dropping a malicious USB key with the company's logo in the parking lot

D.Performing spear phishing against employees by posing as senior management

Question 44

A mail service company has hired a penetration tester to conduct an enumeration of all user accounts on an SMTP server to identify whether previous staff member accounts are still active. Which of the following commands should be used to accomplish the goal?

A.EXPN and TURN

B.RCPT TO and VRFY

C.VRFY and TURN

D.VRFY and EXPN

Question 45

A penetration tester runs the following command on a system:
find / -user root -perm -4000 -print 2>/dev/null
Which of the following is the tester trying to accomplish?

A.Set the SGID on all files in the / directory

B.Find the /root directory on the system

C.Find files with the SUID bit set

D.Find files that were created during exploitation and move them to /dev/null

Other Version: 713CompTIA.PT0-002.v2025-07-15.q245; 1398CompTIA.PT0-002.v2024-06-12.q330; 1742CompTIA.PT0-002.v2022-07-29.q85; 1267CompTIA.PT0-002.v2022-04-29.q49; 1513CompTIA.PT0-002.v2022-04-23.q65; 95CompTIA.Trainingdump.PT0-002.v2021-12-19.by.barlow.38q.pdf

Latest Upload: 101OCEG.GRCP.v2025-09-11.q211; 101HP.HPE0-V27.v2025-09-11.q78; 117Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 222CFAInstitute.ESG-Investing.v2025-09-08.q173; 156PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 146Salesforce.Data-Architect.v2025-09-05.q216; 139Adobe.AD0-E605.v2025-09-05.q50

Question 41

Question 42

Question 43

Question 44

Question 45

Download PDF File