Foren » Discussions » Quiz 2023 CompTIA Authoritative PT0-002: CompTIA PenTest+ Certification Free Vce Dumps

gywudosu
Avatar

DOWNLOAD the newest VCETorrent PT0-002 PDF dumps from Cloud Storage for free: https://drive.google.com/open?id=1RVwRogtyR3V_lWvQ6IukOiH38MJzSFiI The greatest product or service in the world comes from the talents in the organization. Talents have given life to work and have driven companies to move forward. Paying attention to talent development has become the core strategy for today's corporate development. Perhaps you will need our PT0-002 Learning Materials. No matter what your ability to improve, our PT0-002 practice questions can meet your needs. And with our PT0-002 exam questions, you will know you can be better.

CompTIA PT0-002 Exam Syllabus Topics:

Topic Details

Planning and Scoping - 15%

Explain the importance of planning for an engagement. - Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements
  • Confidentiality of findings

  • Known vs. unknown

    • Budget
      - Impact analysis and remediation timelines
      - Disclaimers

  • Point-in-time assessment

  • Comprehensiveness

    • Technical constraints
      - Support resources

  • WSDL/WADL

  • SOAP project file

  • SDK documentation

  • Swagger document

  • XSD

  • Sample application requests

  • Architectural diagrams
Explain key legal concepts. - Contracts
  • SOW
  • MSA

  • NDA

    • Environmental differences

  • Export restrictions

  • Local and national government restrictions

  • Corporate policies

    • Written authorization

  • Obtain signature from proper signing authority

  • ​Third-party provider authorization when necessary
Explain the importance of scoping an engagement properly. - Types of assessment
  • Goals-based/objectives-based
  • Compliance-based

  • Red team

    • Special scoping considerations

  • Premerger

  • Supply chain

    • Target selection

  • Targets
    1. Internal
    - On-site vs. off-site
    2. External
    3. First-party vs. third-party hosted
    4. Physical
    5. Users
    6. SSIDs
    7. Applications

  • Considerations
    1. White-listed vs. black-listed
    2. Security exceptions
    - IPS/WAF whitelist
    - NAC
    - Certificate pinning
    - Company’s policies

    • Strategy

  • Black box vs. white box vs. gray box

    • Risk acceptance
      - Tolerance to impact
      - Scheduling
      - Scope creep
      - Threat actors

  • Adversary tier
    1. APT
    2. Script kiddies
    3. Hacktivist
    4. Insider threat

  • Capabilities

  • Intent

  • Threat models
Explain the key aspects of compliance-based assessments. - Compliance-based assessments, limitations and caveats
  • Rules to complete assessment
  • Password policies
  • Data isolation
  • Key management

  • Limitations
    1. Limited network access
    2. Limited storage access

    • Clearly defined objectives based on regulations
## Information Gathering and Vulnerability Identification - 22%
Given a scenario, conduct information gathering using appropriate techniques. - Scanning
- Enumeration

  • Hosts

  • Networks

  • Domains

  • Users

  • Groups

  • Network shares

  • Web pages

  • Applications

  • Services

  • Tokens

  • Social networking sites

    • Packet crafting
      - Packet inspection
      - Fingerprinting
      - Cryptography

  • Certificate inspection

    • Eavesdropping

  • RF communication monitoring

  • Sniffing
    1. Wired
    2. Wireless

    • Decompilation
      - Debugging
      - Open Source Intelligence Gathering

  • Sources of research
    1. CERT
    2. NIST
    3. JPCERT
    4. CAPEC
    5. Full disclosure
    6. CVE
    7. CWE

    		•
    Given a scenario, perform a vulnerability scan. - Credentialed vs. non-credentialed
    - Types of scans
    • Discovery scan
    • Full scan
    • Stealth scan

    • Compliance scan

      • Container security
        - Application scan

    • Dynamic vs. static analysis

      • Considerations of vulnerability scanning

    • Time to run scans

    • Protocols used

    • Network topology

    • Bandwidth limitations

    • Query throttling

    • Fragile systems/non-traditional assets
    Given a scenario, analyze vulnerability scan results. - Asset categorization
    - Adjudication

    • False positives

      • Prioritization of vulnerabilities
        - Common themes

    • Vulnerabilities

    • Observations

    • Lack of best practices
    Explain the process of leveraging information to prepare for exploitation. - Map vulnerabilities to potential exploits
    - Prioritize activities in preparation for penetration test
    - Describe common techniques to complete attack
    • Cross-compiling code
    • Exploit modification
    • Exploit chaining
    • Proof-of-concept development (exploit development)
    • Social engineering
    • Credential brute forcing
    • Dictionary attacks
    • Rainbow tables
    • Deception
    Explain weaknesses related to specialized systems. - ICS
    - SCADA
    - Mobile
    - IoT
    - Embedded
    - Point-of-sale system
    - Biometrics
    - Application containers
    - RTOS

    Attacks and Exploits - 30%

    Compare and contrast social engineering attacks. - Phishing
    • Spear phishing
    • SMS phishing
    • Voice phishing

    • Whaling

      • Elicitation

    • Business email compromise

      • Interrogation
        - Impersonation
        - Shoulder surfing
        - USB key drop
        - Motivation techniques

    • Authority

    • Scarcity

    • Social proof

    • Urgency

    • Likeness

    • Fear
    Given a scenario, exploit network-based vulnerabilities. - Name resolution exploits
    • NETBIOS name service

    • LLMNR

      • SMB exploits
        - SNMP exploits
        - SMTP exploits
        - FTP exploits
        - DNS cache poisoning
        - Pass the hash
        - Man-in-the-middle

    • ARP spoofing

    • Replay

    • Relay

    • SSL stripping

    • Downgrade

      • DoS/stress test
        - NAC bypass
        - VLAN hopping
    Given a scenario, exploit wireless and RF-based vulnerabilities. - Evil twin

  • Karma attack

  • Downgrade attack

    • Deauthentication attacks
      - Fragmentation attacks
      - Credential harvesting
      - WPS implementation weakness
      - Bluejacking
      - Bluesnarfing
      - RFID cloning
      - Jamming
      - Repeating
    		•
    Given a scenario, exploit application-based vulnerabilities. - Injections

  • SQL

  • HTML

  • Command

  • Code

    • Authentication

  • Credential brute forcing

  • Session hijacking

  • Redirect

  • Default credentials

  • Weak credentials

  • Kerberos exploits

    • Authorization

  • Parameter pollution

  • Insecure direct object reference

    • Cross-site scripting (XSS)

  • Stored/persistent

  • Reflected

  • DOM

    • Cross-site request forgery (CSRF/XSRF)
      - Clickjacking
      - Security misconfiguration

  • Directory traversal

  • Cookie manipulation

    • File inclusion

  • Local

  • Remote

    • Unsecure code practices

  • Comments in source code

  • Lack of error handling

  • Overly verbose error handling

  • Hard-coded credentials

  • Race conditions

  • Unauthorized use of functions/unprotected APIs

  • Hidden elements
    1. Sensitive information in the DOM

  • Lack of code signing

    		•
    Given a scenario, exploit local host vulnerabilities. - OS vulnerabilities
    • Windows
    • Mac OS
    • Linux
    • Android

    • iOS

      • Unsecure service and protocol configurations
        - Privilege escalation

    • Linux-specific
      1. SUID/SGID programs
      2. Unsecure SUDO
      3. Ret2libc
      4. Sticky bits

    • Windows-specific
      1. Cpassword
      2. Clear text credentials in LDAP
      3. Kerberoasting
      4. Credentials in LSASS
      5. Unattended installation
      6. SAM database
      7. DLL hijacking

    • Exploitable services
      1. Unquoted service paths
      2. Writable services

    • Unsecure file/folder permissions

    • Keylogger

    • Scheduled tasks

    • Kernel exploits

      • Default account settings
        - Sandbox escape

    • Shell upgrade

    • VM

    • Container

      • Physical device security

    • Cold boot attack

    • JTAG debug

    • Serial console
    Summarize physical security attacks related to facilities. - Piggybacking/tailgating
    - Fence jumping
    - Dumpster diving
    - Lock picking
    - Lock bypass
    - Egress sensor
    - Badge cloning
    Given a scenario, perform post-exploitation techniques. - Lateral movement
    • RPC/DCOM
      1. PsExec
      2. WMI
      3. Scheduled tasks
    • PS remoting/WinRM
    • SMB
    • RDP
    • Apple Remote Desktop
    • VNC
    • X-server forwarding
    • Telnet
    • SSH

    • RSH/Rlogin

      • Persistence

    • Scheduled jobs

    • Scheduled tasks

    • Daemons

    • Back doors

    • Trojan

    • New user creation

      • Covering your tracks
    ## Penetration Testing Tools - 17%
    Given a scenario, use Nmap to conduct information gathering exercises. - SYN scan (-sS) vs. full connect scan (-sT)
    - Port selection (-p)
    - Service identification (-sV)
    - OS fingerprinting (-O)
    - Disabling ping (-Pn)
    - Target input file (-iL)
    - Timing (-T)
    - Output parameters

  • oA

  • oN

  • oG

  • oX

    		•
    Compare and contrast various use cases of tools. - Use cases
    • Reconnaissance
    • Enumeration
    • Vulnerability scanning
    • Credential attacks
      1. Offline password cracking
      2. Brute-forcing services
    • Persistence
    • Configuration compliance
    • Evasion
    • Decompilation
    • Forensics
    • Debugging

    • Software assurance
      1. Fuzzing
      2. SAST
      3. DAST

      • Tools

    • Scanners
      1. Nikto
      2. OpenVAS
      3. SQLmap
      4. Nessus

    • Credential testing tools
      1. Hashcat
      2. Medusa
      3. Hydra
      4. Cewl
      5. John the Ripper
      6. Cain and Abel
      7. Mimikatz
      8. Patator
      9. Dirbuster
      10. W3AF

    • Debuggers
      1. OLLYDBG
      2. Immunity debugger
      3. GDB
      4. WinDBG
      5. IDA

    • Software assurance
      1. Findbugs/findsecbugs
      2. Peach
      3. AFL
      4. SonarQube
      5. YASCA

    • OSINT
      1. Whois
      2. Nslookup
      3. Foca
      4. Theharvester
      5. Shodan
      6. Maltego
      7. Recon-NG
      8. Censys

    • Wireless
      1. Aircrack-NG
      2. Kismet
      3. WiFite

    • Web proxies
      1. OWASP ZAP
      2. Burp Suite

    • Social engineering tools
      1. SET
      2. BeEF

    • Remote access tools
      1. SSH
      2. NCAT
      3. NETCAT
      4. Proxychains

    • Networking tools
      1. Wireshark
      2. Hping

    • Mobile tools
      1. Drozer
      2. APKX
      3. APK studio

    • MISC
      1. Searchsploit
      2. Powersploit
      3. Responder
      4. Impacket
      5. Empire
      6. Metasploit framework
    Given a scenario, analyze tool output or data related to a penetration test. - Password cracking
    - Pass the hash
    - Setting up a bind shell
    - Getting a reverse shell
    - Proxying a connection
    - Uploading a web shell
    - Injections
    Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell). - Logic
    • Looping

    • Flow control

      • I/O

    • File vs. terminal vs. network

      • Substitutions
        - Variables
        - Common operations

    • String operations

    • Comparisons

      • Error handling
        - Arrays
        - Encoding/decoding
    ## Reporting and Communication - 16%
    Given a scenario, use report writing and handling best practices. - Normalization of data
    - Written report of findings and remediation

  • Executive summary

  • Methodology

  • Findings and remediation

  • Metrics and measures
    1. Risk rating

  • Conclusion

    • Risk appetite
      - Storage time for report
      - Secure handling and disposition of reports
    		•
    Explain post-report delivery activities. - Post-engagement cleanup

  • Removing shells

  • Removing tester-created credentials

  • Removing tools

    • Client acceptance
      - Lessons learned
      - Follow-up actions/retest
      - Attestation of findings
    		•
    Given a scenario, recommend mitigation strategies for discovered vulnerabilities. - Solutions

  • People

  • Process

  • Technology

    • Findings

  • Shared local administrator credentials

  • Weak password complexity

  • Plain text passwords

  • No multifactor authentication

  • SQL injection

  • Unnecessary open services

    • Remediation

  • Randomize credentials/LAPS

  • Minimum password requirements/password filters

  • Encrypt the passwords

  • Implement multifactor authentication

  • Sanitize user input/parameterize queries

  • System hardening

    		•

    Why do I need to take the CompTIA PT0-002 Certification Exam?

    Nowadays, many companies are using the CompTIA PT0-002 Certification Exam to evaluate the skills of the candidates. They are also looking for qualified candidates to work for them. The CompTIA PT0-002 Certification Exam is very useful for candidates who want to work for companies. It will help them to get a good job. CompTIA PT0-002 Certification Exam is a must for candidates who are working in the IT industry. PT0-002 Dumps will help you to pass the exam easily. CompTIA PT0-002 Certification Exam is designed by the CompTIA. The CompTIA is a renowned organization in the IT industry. They are providing training and certification to the candidates who are working in the IT industry. The CompTIA PT0-002 Certification Exam is very helpful for candidates who want to work in the IT industry. >> PT0-002 Free Vce Dumps <<

    CompTIA PT0-002 Exam | PT0-002 Free Vce Dumps - Help you Prepare for PT0-002 Exam Efficiently

    Passing the PT0-002 exam has never been so efficient or easy when getting help from our PT0-002 training materials. This way is not only financially accessible, but time-saving and comprehensive to deal with the important questions emerging in the real exam. All exams from different suppliers will be easy to handle. Actually, this PT0-002 Exam is not only practical for working or studying conditions, but a manifest and prestigious show of your personal ability.

    Get to know about the requirements of taking the CompTIA PT0-002 Certification Exam

    Those who want to take the CompTIA PT0-002 Certification Exam should have the following knowledge and expertise.

    • The candidate should have a minimum of 3-4 years of hands-on information security or related experience.
    • The candidate should have Network+, Security+ or equivalent knowledge.

    CompTIA PenTest+ Certification Sample Questions (Q246-Q251):

    NEW QUESTION # 246
    A penetration tester wants to identify CVEs that can be leveraged to gain execution on a Linux server that has an SSHD running. Which of the following would BEST support this task?

    • A. Run nmap with the -o, -p22, and -sC options set against the target
    • B. Run nmap with the --script vulners option set against the target
    • C. Run nmap with the -sA option set against the target
    • D. Run nmap with the -sV and -p22 options set against the target

    Answer: A
    NEW QUESTION # 247
    A penetration tester obtained the following results after scanning a web server using the dirb utility:
    ...
    GENERATED WORDS: 4612
    ----
    Scanning URL: http://10.2.10.13/ ----
    +
    http://10.2.10.13/about (CODE:200|SIZE:1520)
    +
    http://10.2.10.13/home.html (CODE:200|SIZE:214)
    +
    http://10.2.10.13/index.html (CODE:200|SIZE:214)
    +
    http://10.2.10.13/info (CODE:200|SIZE:214)
    ...
    DOWNLOADED: 4612 - FOUND: 4
    Which of the following elements is MOST likely to contain useful information for the penetration tester?

    • A. about
    • B. home.html
    • C. index.html
    • D. info

    Answer: A
    NEW QUESTION # 248
    Which of the following is the MOST effective person to validate results from a penetration test?

    • A. Chief Information Officer
    • B. Client
    • C. Third party
    • D. Team leader

    Answer: D
    NEW QUESTION # 249
    A company has hired a penetration tester to deploy and set up a rogue access point on the network.
    Which of the following is the BEST tool to use to accomplish this goal?

    • A. Kismet
    • B. Wireshark
    • C. Aircrack-ng
    • D. Wifite

    Answer: C Explanation:
    Reference:
    https://thecybersecurityman.com/2018/08/11/creating-an-evil-twin-or-fake-access-point-using-aircrack-ng-and-dnsmasq-part-2-the-attack/
    NEW QUESTION # 250
    A security company has been contracted to perform a scoped insider-threat assessment to try to gain access to the human resources server that houses PII and salary dat
    a. The penetration testers have been given an internal network starting position.
    Which of the following actions, if performed, would be ethical within the scope of the assessment?

    • A. Exploiting a configuration weakness in the SQL database
    • B. Establishing and maintaining persistence on the domain controller
    • C. Leveraging a vulnerability on the internal CA to issue fraudulent client certificates
    • D. Gaining access to hosts by injecting malware into the enterprise-wide update server
    • E. Intercepting outbound TLS traffic

    Answer: E
    NEW QUESTION # 251
    ...... Exam PT0-002 Questions Fee: https://www.vcetorrent.com/PT0-002-valid-vce-torrent.html 2023 Latest VCETorrent PT0-002 PDF Dumps and PT0-002 Exam Engine Free Share: https://drive.google.com/open?id=1RVwRogtyR3V_lWvQ6IukOiH38MJzSFiI